Frenemies: Malware at the Door

So I'm surfing through some rather interesting web pages, following up on some leisure research (i.e. freesearch - meaning you don't get paid to do it), when suddenly my screen is overwhelmed by a large window imploring me to protect myself from viruses and spyware RIGHT NOW! Great. Just what I need, driveby malware.


I carefully contain my gratitude at having an unknown entity offer to trample and romp all over my hard drive in search of itself. Instead, I play the game of carefully killing the suspect running processes and checking my workstation for any more sludge and damage.


Note: Don't actually try and close these things down using the window controls. That usually leads to a trap where no matter what you click on, you 'authorize' the super duper anti-whatever scanner to take over your system and perform its virtually useless, in some cases outright damaging, but always annoying 'cleaning' function.


I finish this pleasant little diversion in about five minutes and go back to my freesearch activities. A couple hours later I shut down the computer for the night and all is well. Or so I foolishly think.


The next evening, I fire up my trusty desktop and notice almost right away that something is wrong. It's taking nearly three minutes for the Windows desktop to appear and I'm getting strange 'no network connection' messages. I groan, thinking perhaps my cable connection is down again (I love my monopoly cable provider, honest), but no, my wife is happily surfing away via the wireless connection and a quick perusal of the modem and router reveals lots of happily blinking lights in all the right places.


After poking through the network connections and various other fun places in the control panel (note: Microsoft has posted some very helpful instructions on this process), I discover that winsock is misbehaving. Using msinfo32, I can see all sorts of oddball protocols with long, friendly numeric names like -001e495-tlm-58ghj. Um, not exactly what I was hoping to see. Seems that this is a common side effect of this type of malware attack - it just sort of muscles in and takes over the street corner. The result is ugly.


So I try Microsoft's recommendation of using the 'netsh winsock reset' command, perform the obligatory reboot, and still no joy. Take 2. I next fire up the registry editor and begin poking around, locate the obviously sick Winsock entries (there are two), delete them, reboot and the computer now boots up to the desktop quickly (or at least a lot less slowly). Still no network connection, but all I have left to do is reinstall tcp/ip, which takes all of a minute. One reboot later and all is well and working again. Not exactly how I intended to spend an hour, but all's well that ends well. Now back to those interesting web sites...