On Computers

The Virus Blues

Jack Imsdahl, jack@oncomputers.info

01 February 2004

The Virus Blues

It was my heart-felt intent to talk about encryption in this segment. Unfortunately, a real problem here on our home network intervened. I thought I should tell you about it and let you know about the resources available, should something similar happen to you.

Every Windows machine on the Ottershouse LAN at this point apparently has a virus. (At this point, everyone who knows me is expecting me to crack jokes about the need to go to the free clinic for shots; a holdover from my free-swinging trip through the 1960's. I will refrain from doing it, just because it's unusual for me to do so. Don't you dare attribute good taste to me because of this.) I'm just going to start at the beginning of the story:

Approximately 6 weeks ago, I needed to make an adjustment to user permissions on my personal Windows 2000 Professional machine. When I had logged in as administrator, I found the user management console inoperative. User permissions were blank and when I attempted to start the utility, I got a message saying “mmc.exe has generated errors and will be closed by Windows”.

I'm used to this sort of thing. I install and uninstall so much software that occasionally my Windows installation gets damaged and I have to reinstall. This is simply a hazard of the way I treat the machine. It's abusive to keep adding to and subtracting from the Windows registry at the rate I do. I take maintenance steps to prevent damage, but sometimes it is simply necessary to restore the registry from a backup or even to start over.

My first reaction was to scan system files and replace any that were damaged, using the command prompt and running the “sfc /scannow” command with the Windows 2000 Pro cd in the drive. This failed; returning an unremarkable error message. Even at this point; I had no real reason to suspect I had a virus infection. Remember; I'm used to my activities occasionally hosing the machine and figured that was what had happened.

Booting to the cd and running the fast repair option didn't make any progress toward fixing things. As the machine was stable and basically functional, I put restoring full function on the back burner and took care of some other things I had on my plate. My wife's Windows 2000 Pro machine continued to function normally, showing none of the signs of trouble my machine did. As they are connected on a LAN and the antivirus programs on both gave no warnings, despite regular scans, I took that as confirmation there was no infection.

Five days ago, my wife's machine began displaying exactly the same symptoms. I spoke with Deepak about it and, after a bit of research, he decided that my symptoms were those of a variant of the “Nimda” virus. I did some reading and concurred. It was at that point I began scanning for real. (I had already run several scans with AVG, as part of my regular maintenance.)

I have scanned over 50 times in the last two weeks, using installed software and two online scanning engines. Every time a new virus definition comes out, I scan again. So far; nothing has detected an infection. I'm getting no outgoing connection alerts on my firewall (Kerio) which would signal an unauthorized keystroke monitor or smtp program at work. Neither am I getting any incoming alerts, indicating someone contacting a trojan. Outgoing mail turns up clean, even when sent through a special service for checking that more closely than an AV program can.

I have also scanned the Linux machines, eventually using this problem as an excuse to take both off line and rid myself of Red Hat Linux, installing Debian on one and a Debian variant on the other. Apparently; they are not the source of the infection, either. Even so; I have kept them out of the LAN since reinstalling their operating systems.

This is going to be an ongoing quest to find the source of the problem. I'll keep you all informed. In the mean time, I thought I'd let you know how to find the tools I have used, to date. Gail and I recommend you keep these urls handy. They follow in no particular order. Though antivirus companies share information and sometimes offer each other's infection removal/repair tools, you are still better off consulting as many as you can for every question you have. They are not all alike.

Bear in mind that even if an online scan works with an alternative browser (some do and some don't) you will get the best results if you use Internet Explorer.

Symantec Security Response (Norton Antivirus)

Current and archived virus information, threat-level assessments and infection removal/repair tools. This one is usually my first stop because it's just a bit easier to navigate than the others. There's a fair number of ads, which is a pain, but the site is very usable and has a good search engine for the more obscure things you might need to know.

Panda Software

The original unheralded antivirus company. I've had some corporate experience with these products and found them satisfactory and priced fairly. They have an online scan engine that is slow on dialup because of the download size, but which seems to work very well. Almost all of their products are available in downloadable demo versions.


Online scan at;


Kaspersky Labs

A Russian firm, not well known here in the U.S. Good enterprise products, but I've had no experience with their home and small business user stuff. Among some IT professionals I know, Kaspersky has a sterling reputation.

Online scan at;


Kaspersky's online scan is less useful than others as it checks only single files you upload and with a 1 MB file size limit. Still, it can be just what you need and I recommend you keep the url handy. Sometimes; checking one file is the whole job, after all.


We had these people on the show a couple weeks ago. I found the product intriqueing and wished I'd had a copy to try during my problem. It's my fault I didn't; demos were available to us. It is my intention to set this product up on one machine here and give it a trial. With the number of virii we have been detecting lately, it shouldn't be too hard to evaluate.


Trend Micro

Home of PC-cillan antivirus. This is the page for home users. There are different ones for small business and enterprise users. You can navigate between them easily from this link.


Pretty much the gold standard in online AV scanning. Certainly the most popular.


Though I'm pretty critical of McAfee products, for various reasons, they offer what seems to be a comprehensive and effective online scan. I've had no problems with it and it has once or twice found infections other scans missed.



This is the antivirus we use here in our home. We use the free version, too. Perhaps it's not the best (as I have been told) but it runs efficiently, without problems and catches lots of virii. In the past year and a half, AVG has taken to offering much more frequent updates, fixing a long-standing complaint with them. They offer a fully functional, free antivirus and several other versions for home, small business and enterprise use. I fully intend to give their antivirus for Linux email servers a whirl in the near future. There is no online scan, however.


© 2004 Jack Imsdahl

Back • Home • Up • Next

© 2002 - 2004 by On Computers and the Videotex Services Coalition.VSC -- Videotex Services Coaliton