Takeaway: Chip Camden describes halting work on a client project to fix his daughter's PC, which was infected by a Trojan. Let us know how you handle priority zero projects.
We consultants often have to juggle priorities to keep all of our clients happy. Usually it's easy enough for a client to define their own priorities, but it can be hard to know which client's #1 needs doing first. And then once you've sorted that out, along comes the priority that pre-empts them all.
I sat down to my workstation on Sunday with a plan to devote the entire afternoon to an important project for a client of mine. I had almost worked myself into the zone, when the phone rang. I wouldn't have answered it, except that it was from my wife. Our daughter's PC kept popping up a "My Security Shield" warning about infected files. When she clicked the button that offered to take care of the problem, it asked her to buy the full version. She couldn't dismiss it, and it stayed on top of other windows.
This sounded suspicious to me. A quick Google search revealed this to be a known Trojan — the only infection is "My Security Shield" itself. At this point, I felt a mixture of relief and regret. Relief that I don't let my family members use administrator accounts, in spite of the inconvenience that causes for them. Regret that I never forced them off Microsoft Windows.
Naturally, my daughter's unfinished homework project (which was due the next day) existed only on that computer, so I had to abandon everything else I had planned to do in order to fix this.
As I've pointed out before, I'm a software development consultant, not a PC repair guy or even a network administrator. Being a techie, though, I often take on those roles for my own systems, even when it might be more efficient to let someone else handle it. Those of you who do specialize in this area have my permission to snicker at this account of my proceedings, and please offer suggestions on what I could have done better.
I walked my wife through the steps I found online to remove the Trojan, but we couldn't find any of the supposed registry entries or files. I then had her update her anti-virus database and run a full scan, still no dice. I found another package that claimed to take care of this specific compromise, but it didn't do the job either.
"You've worked well with me over the phone," I said to my wife. "As well as anyone. But this has become a hunting expedition, and I need my own eyes to hunt. I'll come over."
After I arrived, it didn't take me long to find it: a cryptically-named .exe in my daughter's AppData directory with a creation date of that same day. After I deleted it, the problem went away. Then I spent a couple of hours trying to figure out how it got there. My daughter claimed she hadn't downloaded anything, and her Downloads directory confirmed her innocence. She said she hadn't opened any email attachments or clicked on any ads or offers online. I looked for any other files with recent dates that might be the delivery mechanism, but I came up empty. The fact that two different anti-malware programs failed to find it, and that we couldn't find any of the known files and registry entries, tells me that this was a new variant of the "My Security Shield" Trojan — updated to get past the known checks. It hasn't returned since, but I keep waiting to get the call.
I'm telling you this story, though, to ponder my other problem: my entire afternoon of working for my client got pre-empted by free work for my family. I've written before about keeping support favors from taking too much of your time, but in this case I could hardly say "sorry, I can't help you." Family comes first, even in the technical realm.
Of course I have to wonder what non-techie parents do in a case like this. I suppose they drop everything and rush the computer in question to their local PC repair expert. Considering how many billable hours I lost dealing with this myself, I probably should have done that as well, but that would have probably seemed cold-hearted on my part.
No comments:
Post a Comment