This post originated from an RSS feed registered with .NET Buzz by Peter van Ooijen. Original Post: Adventures with MS-anti spyware. (Please schedule by default.) Feed Title: Peter's Gekko Feed URL: /error.htm?aspxerrorpath=/blogs/peter.van.ooijen/rss.aspx Feed Description: My weblog cotains tips tricks and opinions on ASP.NET, tablet PC's and tech in general. Latest .NET Buzz Posts Latest .NET Buzz Posts by Peter van Ooijen Latest Posts From Peter's Gekko

The new year had a troublesome start. Something which I believed could not happen has happened. I've been hacked. Over the last days my machine was displaying some very worrying signals. It kept me waiting for far too long, the task manager was disabled and I could not install anything new. Up till yesterday I thought using a private IP address (in the 192.168.x.x range, being handled by my router/dhcp server) and Windows firewall/anti spyware was enough. But it's not quite enough.

Firing up anti spyware and some googling soon made clear what had happened. Windows firewall does protect your machine against incoming mal but anything is allowed to go out. Like data generated by spyware. MS anti-spyware automatically does a very good job in protecting your machine against unintended scripts or installations (it regularly pops up a message telling what it does, asking permission when in doubt) but sometimes something can slip through. Even with your signatures up to date. To keep your machine clean MS anti-spyware can perform a scan. Starting that by hand soon revealed and destroyed the culprit.

MS anti spyware should schedule scans and I had that switched on. What went wrong was the scheduled time. By default this is set to sometime late at night. When I (and my machine) are sound asleep. The bad thing is that the scheduler never makes up for a scan lost. As I found out my last scan was a couple of weeks old. I should have checked; you can't trust anything these days. Blush.. Software may be perfect but it has to run to do its job.

Killing the spyware itself was no problem. Cleaning up the mess was worse. As I wasn't in charge of my own machine any longer some drastic measures were required. What I did was reinstall Windows as an upgrade to the present installation. Doing that I bumped into a quirk in Windows setup. The drivers of some of my devices (to be precise a standard nVidia display adapter) are not signed and therefore pop up an approval dialog. When you don't reply fast enough setup will crash (completely, blue screen and all) and start over. An extra hurdle is that these dialogs pop up in an early phase of the installation, before the USB ports (to which the keyboard is connected) are activated. I had to dig up an old kbd with a classical PS/2 connector to successfully reinstall.

And now everything is working again as it should. All my settings are back, none of the spy-ware's are. And I'm a little less naive.