Home Uncategorized How Did That Happen?

How Did That Happen?

Posted on Posted in Uncategorized Tagged with , , ,

One of the most common questions I am asked as I finish a repair is ‘How Did That Happen?’  It makes sense that this question is on the mind of the person who is asking; sometimes they are the office manager, who has to write me a check.  Sometimes it is the user, who needs to have the ability to exclaim to their manager that ‘they didn’t do it!’

And sometimes, it is just curiosity.

However, fixing the ‘what’ is one thing – knowing the ‘how or why’ is another… and the latter, while almost always wanted, requires a greater time investment.  While I know the customer wants a good value for the work I did, they don’t want to pay for a forensic-level analysis.

frustrationLet’s just take one recent call I had.  The company computer (which was their only computer) wasn’t working right.  The customer was convinced that they had the Conflicker virus (which had recently gained mass media attention – virus du jour) and was afraid to do anything.  The computer had all their accounting, email lists, work orders and their 2008 personal taxes in a near state of complete upon it.

“Do you have a current backup of your irreplaceable files?” I asked.

“No.  We tried, but the computer is running so slow now, it just gets stuck.”

Side note #1.  Do not wait until you have problems to backup.

Normally at this point, I ask for the computer to be brought in (or I go onsite) and do a full backup from another computer of the data.  In this case, however, this wasn’t possible because they weren’t local.  Remote access wasn’t an option either.  Ultimately, they chose to just go forward with the diagnoses and hope they didn’t lose too much.

I knew that one of the behaviors of Conflicker is to block access to some antivirus websites, so I had them go to what is known as an ‘eyechart‘: a website which shows the logos from these blocked sites.  The logic is that if you don’t see the logo, something – perhaps Conflicker – is blocking it.

They could see some, but not all.

“Do you have anti virus installed?” I asked.

“Yes.”  They had a popular brand which is notorious for making everything slower.

Side note #2: Big name anti virus programs that are the most expensive are not always better.

“Is it updated with the latest definitions?”

“Ummm… how do I tell?”

I walked them through how to open the control panel and check.  The answer? Nope! There was a bit of red text that reminded them to subscribe to the service.  “Oh, that message kept popping up, and we did something to make it stop,”  I was told.  I sighed.

Side note #3a: Anti virus programs need to be updated with the definitions of new viruses in order for them to be detected.  If your software is not current, it is not going to work.

Side note #3b: If the year is part of the software name (like 2005), it is probably out of date no matter what and you need new antivirus software.

So, I had them remove the now just-good-for-slowing-down-the-computer antivirus and install a new one.  The old program did not go easily, arguing all the way, employing all the principles of FUD (fear, uncertainty and doubt) to get them to keep it.

Installing the new antivirus program was a bit of a trick, as we couldn’t use the author’s site as the source (remember? Conflicker blocks access so you can’t remove it).  So, I put the installation program on my company website, and they downloaded it from there.   Updated it, ran it… and about 15 minutes later, the multiple infections had been detected, disabled and removed.  Interestingly enough, it wasn’t Conflicker after all, but another malware program which was consuming all their computing power.

Then the question hits: HOW DID THAT HAPPEN?

Wellll…

1) You went to a website and clicked on something you shouldn’t have or opened an email that you shouldn’t have.  This is a hard one for customers to hear.  “Which site?  Which email?”  Sometimes I can tell by looking at the browser or email history.

You have to realize that the folks putting out these things to infect and control your computer for their own nefarious purposes are using every trick in the book to mislead you into clicking or opening.  They’ll use names of friends you know.  They’ll use false information to make you think you have money in some account due to you.  It is a scam, a con.  That you fell victim is embarrasing, yes, but it happens.

“Shouldn’t the antivirus program stopped it?”

Wellll…

2) The old antivirus program was not updated to detect and block it.  Viri, malware and trojans appear at a rate of 40-50 a day (in varying degrees of threat).  If you don’t update the program to know what to look for, it can’t work.

“Why doesn’t (in this case, Microsoft) fix their software so that this can’t happen?”

Wellll…

3) In fact, they do. For this customer, however, the computer was not running the program to update their operating system software (called WindowsUpdate).  Had they been, Conflicker would not have even been possible to infect them.  However, even current software can not prevent the user from clicking something that installs a program that they approved.

“So what was the site or email or whatever? I really need to know.”

Mail history was clean, so I looked at cookies.  Mostly work/company related, except a few that looked suspicious.  A bit of Googling and tada!  A visit to a website with a NCAA Final Four bracket team picking software program which contained a trojan program.

She wasn’t thrilled.  I’m glad I’m not her husband and co-owner.

Side Note #4: Don’t do your NCAA brackets with ‘free’ software from the internet on your company computer.

The message I want to communicate to you (in addition to the italicized ones) is simply this: take the time to protect your computer adequately, and you won’t need to ask me “How did that happen.”  If you’re not comfortable with that, hire a professional like yours truly to get your system(s) up to date and running smoothly.

I promise I won’t ask how you did in the NCAA pool.