By Mike McCarthy
I recently received an email from a close client of mine. In the email body she raved about a website she found and included a link. The link seemed legitimate so I clicked on it to see what it was all about. This took me to a web site selling products of this-and-that which I quickly closed. I forwarded the email to my client asking if this email was from her and was legit. Of course, it wasn’t. My client quickly contacted everyone in her email address book and gave them the warning about possible infections although I’m not sure if it was too late. I thought nothing more of it. (Note: Propagating an infection through ones address book is the behavior of an infectious Worm.)
My troubles began the next day when I updated my windows files and rebooted my computer. It was clear something was wrong as my desktop icons would appear upon login and then disappear. Appear and then disappear, over and over again. I went into Windows Task Manager and saw that explorer.exe (basically, the program that runs your Windows Desktop) kept trying to start and was being closed. I restarted my computer, went into Safe Mode and performed a System Restore back to a week prior to the email incident.
When the restore finished unsuccessfully, I got a sinking feeling I was infected (yes, it even happens to me once in a while). So, I performed a second attempt at the System Restore back to May 1, 2011. This restore was successful and, after rebooting, I found everything pretty much back to normal.
However, everything is not always what it appears to be…
Today I started up the software tool I use for managing my website. When I went to open my web documents however, nothing was there. I use a second server to synchronize my files each afternoon between the servers, so I wasn’t too concerned about getting these documents back. But being that I am born Curious George, I ran a search for these documents and it didn’t take long to find them. They were sitting in my Recycle Bin! In fact after opening the Recycle Bin I found over 7,000 of my documents and files were in there! I carefully sorted these out and found the ones I needed being careful of what I restored to ensure I didn’t bring any infections back with me. I left over 500 behind that I didn’t need and then emptied the bin.
The odd behavior of my Desktop icons disappearing warned me something was terribly wrong. It appears now what was actually happening is the infection was clearing out all of my documents and files, moving these to my Recycle Bin. I suspect when it was done a command was to be issued by the infection to empty the bin thereby losing everything.
Now, I have been known to occasionally empty my Recycle Bin without checking the contents first, but seeing this made me realize I will check from now on!
Lesson Learned: Don’t ignore odd behavior of you computer or if something appears strange. Shut your computer down and call a professional to look into the matter. Doing so could save you a lot of time and anguish over lost files.
No comments:
Post a Comment