The new year had a troublesome start. Something which I believed
could not happen has happened. I've been hacked. Over the last days my
machine was displaying some very worrying signals. It kept me waiting
for far too long, the task manager was disabled and I could not install
anything new. Up till yesterday I thought using a private IP address
(in the 192.168.x.x range, being handled by my router/dhcp server) and
Windows firewall/anti spyware was enough. But it's not quite enough.
Firing up anti spyware and some googling soon made clear what had
happened. Windows firewall does protect your machine against incoming
mal but anything is allowed to go out. Like data generated by
spyware. MS anti-spyware automatically does a very good job in
protecting your machine against unintended scripts or installations (it
regularly pops up a message telling what it does, asking permission
when in doubt) but sometimes something can slip through. Even with your
signatures up to date. To keep your machine clean MS anti-spyware can
perform a scan. Starting that by hand soon revealed and destroyed the
culprit.
MS anti spyware should schedule scans and I had that switched on.
What went wrong was the scheduled time. By default this is set to
sometime late at night. When I (and my machine) are sound asleep. The
bad thing is that the scheduler never makes up for a scan lost. As I
found out my last scan was a couple of weeks old. I should have
checked; you can't trust anything these days. Blush.. Software may be
perfect but it has to run to do its job.
Killing the spyware itself was no problem. Cleaning up the mess was
worse. As I wasn't in charge of my own machine any longer some drastic
measures were required. What I did was reinstall Windows as an upgrade
to the present installation. Doing that I bumped into a quirk in
Windows setup. The drivers of some of my devices (to be precise a
standard nVidia display adapter) are not signed and therefore pop up an
approval dialog. When you don't reply fast enough setup will crash
(completely, blue screen and all) and start over. An extra hurdle is
that these dialogs pop up in an early phase of the installation, before
the USB ports (to which the keyboard is connected) are activated. I had
to dig up an old kbd with a classical PS/2 connector to successfully
reinstall.
And now everything is working again as it should. All my settings
are back, none of the spy-ware's are. And I'm a little less naive.