Friday, June 24, 2005

the virus thing

this is an exaggerated rendering of what happened today.


The impossible virus.
Coming home from classes one afternoon, everything was pretty normal in my small housing colony. A few overanxious mothers were trying to ruin the summer afternoons of a few children by telling them it was too sunny to play outside, the gardener was sleeping soundly underneath the shade of the mango tree, and the watchman was happily flirting with the four or five kamwali bais. So I thought I would go home, sit on my comp and start playing ‘need for speed underground 2’ before my parents came home and told me off, ruining my summer evenings, and asking me to spend time in a more “fruitful” manner by studying. Heather Brooke was about as “fruitful” as I wanted anything to be.
But the computer and God (some believe it to be the same enigmatic thing) had other things planned for me. I sat down, and promised myself to finally win at least one drag race, though I had already bluffed my way into the advanced drifts with my friends. There is no way I would lose this time. Especially since I had looked up the cheats. Heather Brooke warned me to drive safely on the real road, and I was on my way around the town looking for a nice place to race. Just as I found a nice place to cheat in, God’s and/or the computer’s plans kicked into action. The game suddenly closed down. Nothing I could do. It just disappeared from the screen and I was left facing the desktop. Then winamp, which was running in the background suddenly died. Now I knew that THAT was a VERY bad sign. I have known powerpoint slideshows to hang, webshots to stop cycling its wallpapers, the web browsers to crash, and all the windows to freeze, and the comp crashing so hard that the start button does not even allow you to boot BUT winamp blares on resolutely from wherever it goes into hiding when you minimize this. In fact, you can’t even ctrl+alt+delete winamp away, pretty emberassing when it resolutely plays banned Nirvana songs like “moist vagina.”
So when winamp did stop, that too, apparently on its own accord, I knew for sure that something was terrible wrong with my comp. I was right. The desktop froze, couldn’t do anything. Refreshed it a couple of times, tried clicking on the start menu, then stopped doing anything and stared at the comp wondering whether I should risk hard booting. Now I knew that XP was a pretty messed up OS, and that hard booting is one of the last things you want to do with such a fragile OS. But there seemed little other choice. My hand reached out for the power switch, but just in time, the start menu popped up a couple of hundred times, and the desktop refreshed itself over and over again. So it was just a time lag in the commands. Happened before, nothing much to worry about, I opened up notepad just to type some nonsense and see what happened.
The winamp closing thing should have stayed with me longer. The virus, or worm, or whatever kicked into full force then. This is a cut+copy+paste job of what the virus typed in notepad:
nb//- nb/-- nb/-- nb//- nb/-- nb//--
Now, this could be a cryptic message from God, or a encrypted way of a Microsoft employee saying that he hated his mother-in-law, but the whole winamp crashing thing pretty much convinced me that I had a huge virus on my hands. Now, I had taken all the precautions that a person who wants to safeguard his comp from viruses usually takes. I had not opened various forwards despite extremely appealing titles like “nude paparazzi shots of Heather Brooke.” I had installed a proper firewall, and around four anti-virus programs. The best of the lot. I had no idea where this virus crept in from. I did the most sensible thing possible. I ran a virus scan on all the four anti-virus programs.
Around six hours later (I have seven drives due to a recent but mostly dysfunctional system upgrade) I found that all the four programs had detected and removed a mother lode of viruses, worms and Trojans I never knew I had. Nimda, Sassar, Polybot, Sober, Zindos and Doomjuice. I was infected with all of these. There was a prompt on screen “for the healing process to be complete, the computer should be restarted now” I clicked on yes. And waited. Eventually the login screen came on, after the computer found it fit to scandisk each and every one of those seven hard drive partitions. I logged in, and a load of things started happening at once. The start menu clicked on itself, selected notepad by itself, suddenly all the dings and beeps stopped, and one line of text began to appear in notepad.
nb//- nb/-- nb/-- nb//- nb/-- nb//--
As you most probably can’t see, this is the exact line of text that I previously attributed to God’s message to mankind. Not that the virus did not type it out, but this time, I could not even save the text file. All sorts of programs kept starting by themselves, and I knew my computer was on a logic defying rampage. I somehow managed to start up one anti virus software, and since all kinds of buttons were getting pressed randomly, the settings window came up. I noticed a fatal error in my previous virus scan. I hadn’t scanned the boot section of the comp. I clicked on it, started another scan, and tried to turn on winamp again. I managed it, but I could not get the songs I wanted to play, and had to do with the previous play list. Suddenly, Enrique whining about some lost love began to have jarring interruptions. The music faded out, faded back in then began to break in the middle. It was then I noticed that winamp had, after all, not been defeated even by this avg and nortron (amongst others) defying virus. I thought winamp had died merely because the virus had managed to turn off the volume. Now the virus was doing something really weird, but nonetheless managing to improve the forgettable Enrique song. It was turning the mute thing on-off at a very rapid break, producing the momentary breaks in the song. I turned the speaker off, and waited in silence, as the hi-fi system had problems of its own. I don’t suppose that God and anything remotely electronic are good fellows. That’s why He keeps messing up stuff.
Now my life has a LOT of electronic stuff, so I don’t exactly like God all that much. I waited patiently for the scan, while I went and watched television. I came back to check on the comp when Enrique managed to appear there too. The scan was complete, and though something called Lirva was detected, the virus was still alive and kicking when I opened up notepad to check. I wont cut+copy+past the nb//-- line again, but that was more or less what came up in Notepad. In sheer frustration, I hard booted the comp, fragile OS and all. Then I looked up chip. Damn, I still refer to Planet Digit as chip. Now the virus kicked in just as I booted the comp, which means that the virus had to be in the boot section. I called the computer engineer from a nearby comp repair shop who is seen at my home more often than most of my other “friends.” As I waited for the computer repair guy to show up, and as I waited for the computer to scandisk through the seen hard drive partitions for the second time in the same day, I sat and read Planet Digit looking for a good solution.
I found out a load of things, like the official update from the Microsoft site opens up security holes in Windows XP that allows even more viruses to get in. I also found out the find distinctions between viruses, worms and Trojans. I can’t help it if this dumb office XP automatically capitalizes the T in Trojans. Anyway, about half way through the stack of Planet Digits (doesn’t have the same ring as chips) the computer guy rang the bell. I let him in and explained all about the virus. He was as perplexed as I was, and ran his own scan with his own anti virus. After this didn’t work, he got up a boot disk, and said the solution was to format my hard drive. Re-installing all the software would cost five hundred bucks. This didn’t seem like a good idea. I asked him if he had the good old win98. Or even the bad old win NT. Nothing, he just had XP and that was the only thing he could re-install after formatting the drive.
This seemed like a really bad idea. I called up my father, explained the problem, and he told me to let the computer repair guy to do whatever it takes. he restarted the comp, and found out that he couldn’t format the drive because the keyboard wasn’t working. He told me that there was a problem in the keyboard, because it simply had to work in dosprompt. He told me that no virus can kick in this early in the startup process. Being the half-wise smartass that I am, I told him that a boot section virus could be programmed to make the computer believe that a keyboard wasn’t plugged in. It just didn’t make sense, whoever heard of a virus residing in a keyboard? That’s about as absurd as a… actually its more absurd than anything you can think of. Next time you get something that is really absurd, you can safely use the simile, ‘as absurd as a keyboard virus’.
But the computer guy ran to his shop, got a new keyboard, came back, and attached it to the computer. Believe it or not, it worked. The dumb thing worked. The virus or whatever was actually in the dumb keyboard. Since the computer repair wasn’t forthcoming with a plausible explanation, I am forced to come up with my own. There was a berserk circuitry in the keyboard, which pretty much kept pressing keys in a random manner. Then again, I may be being my old half-wise smartass self.
The other explanation being, there is a very smart virus writer out there who has programmed the virus to temporarily stop when the keyboard has been switched, only to make the virus kick in at some other innocuous time.
nb//- nb/-- nb/-- nb//- nb/-- nb//--
Nah just kidding. The problem seems to really be in the keyboard, which is something pretty weird. But all virus activities have thankfully subsided, I have taken extra care now, installed two more anti-virus programs, continued not to open mails with nude pictures of anyone, and I still regularly scan (all seven) of my drives, and harmless little viruses (that do absolutely nothing keep) showing up – viruses like Mimail, Korgo, Fizzer, Zindos, FunLuv…

No comments: