Princess Fix IT

Tuesday was yet another banner day in the ways of Malware\Virus vs. IT Battle. However you label it, it is always a pain and I have decided that in this age of spyware, I have been reduced to a Techno Maid.

Today?s culprit was the Peper Trojan. For those of you unfamiliar with this particular bitch, here is a reference for your perusal. For those of you too lazy to click on that hefty link, here?s the rundown of some of its impressive qualities?

The infected file can update itself by using the PC?s internet connection, thus leaving the machine vulnerable to constant and future attacks. Our user noticed a considerable difference in browsing speed, so I suspect the repeated requests to the author?s site was the cause of the decrease in his porn perusing power. If the file?s process is actively running, editing the HKLM\SW\MS\Windows\CV\Run registry key is pointless, as it will immediately roll itself back to the infected path. Right before my eyes, I can see the registry change without touching it. That?s a bit unnerving to say the least.

The path, the System32 directory, shows no signs of any of these files. Hmmmm?hidden files are visible, but I can?t see any of the lil fuckers that are taking over this user?s digital world. I decide to view protected OS files, I mean why not, right? Sure enough, the infected file is now out in the open and ready for me to pounce on. I'm not quite sure how the file was able to classify itself as an OS file, but that is pretty smart. Naturally, I need to kill the process first. Not an easy task, dear reader. Once the file?s process is ended in the Task Manager, a duplicate file replaces it as the dominant task and gives birth to yet another, typically of a different name, so at all times, two infected files are running. The opportunity to defeat this beast in the TM is pretty slim, but hey, I?m a tough broad, I can manage this. I was fortunate to see the same file name running twice, so I killed them both quickly and that was that. Once it was deactivated, there was no chance of survival. I was able to edit the registry and finish doing the rest of my Techno Maid duties.

I gotta say, I was quite impressed with this particular strain of pain. Watching it unfold was an amazing process and finally resolving it, well that was a pretty nice high I needed after weeks of tedious cases. This user?s PC was riddled with spyware and had been the victim of a multitude of viruses over the last few weeks. Fortunately, the virus scanner caught and quarantined the rest, just not this one. I?m still trying to figure that out?