Dealing with a stubborn virus

I have talked before about Sophos and how wonderful it has been to use. It ran into a virus yesterday and it took some time to resolve it.

The problem was a class of virus called Command & Control. These are more sophisticated viruses that send information back to an internet connected server. It might be the screen captures, or specific data. The problem is that this is a custom virus that can’t be immediately fixed. Here is how I went about fixing it.

Dealing with a stubborn virusFirst I googled to find the most information I could about the error message. I found a couple of Sophos library references that were not helpful. I also read about a similar virus since often you can use the steps for one for another. The similar virus wasn’t acting like this. I think it might be helpful if I wrote it out in number form.

Dealing with an unknown Virus

  1. Google to find as much information you can about it. If no information exists search for the generic class of virus.
  2. Try additional free utilities. In my case I tried 3 utilities that a website said would fix an earlier generic form of the virus. Two of them didn’t help, but MalwareBytes found things and deleted them.
  3. Download utilities from Sysinternals such as Autorun and RegDelNull. These help you see if there are any processes that don’t look normal. If you don’t understand everything in this tool that is ok, you are looking for a lack of information in the place where other things show information. Autorun also helpfully highlights in yellow and red issues that demand your attention. After running these tools it showed that there weren’t any issues.
  4. Do additional full scans after trying each fix. If the problem exists it might coexist with other problems. In this case, it found a similar problem and was able to fix it automatically. Run a deep scan at least 3 times to make sure it is ok.
  5. Delete the generic warning error in Sophos when Sophos tech has confirmed there is no virus. If Sophos finds it, it will alert you as the administrator with an email.
  6. Explain to the client what happened and how to prevent the error in the future. Often the error couldn’t be avoided by using a Windows system so you can still suggest using a Mac if they want to avoid these problems in the future.
  7. Sit back and enjoy being able to figure out complex things quickly, and be happy you thwarted an illegal attempt.

Stories from my past: Vote of confidence

I have worked in companies where I am the only IT person, and also as part of teams. As a team member, you find that certain people are more comfortable with you than others. You don’t take it personally, it just personality.

So when someone doesn’t like me, its life. If someone does like me, well that can change, so you don’t take that personally either. What happens though is that eventually with time, people start coming to you even if they don’t like you because you get the job done.

I was sick once and the next day I returned I had a coworker tell me that she was relieved I was here. She said that she didn’t have faith in the rest of the IT Team. The other members of the team had been at the company far longer than me, so she had plenty of experiences with them. She said that I was always able to fix her problems and she appreciated that.

So that makes you feel good of course, but it is also a sad comment on the perception of the department. In many places I have worked the perception of IT has been negative. When I have worked at companies with this perception, people expect to have an unpleasant interaction so they treat you as though you are going to give one. It is not my intention to brag, but simply to share that the biggest difficulty anyone faces is the past experiences of those they serve.

The image of Kermit and Chip serves to illustrate this point. I watched The Muppets and though I wanted to like it, I could not. I don’t like stereotypes, and having Chip being stereotyped didn’t set well with me. Part of the original intention of the muppets was to have fun, and that was a cheap shot at smart people. Yes of course IT people sometimes act that way, maybe even look like Chip, but it does a disservice to people who are critical to our nations future and competitiveness.

Chip may be a nerd, but he is also human. Treat him as human and you help him become a better one.

Related Post