Time Travel

I gotta tell ya’, time travel is a thing of beauty.

A week or ten days ago, I clicked on a link and got a
Microsoft Security Essentials warning about an attack from that web site. I
closed the window, and ran a full check. It found something, appeared to clean
it off, and things looked cool. Then, a few days later, I started to get some
weird behavior, such as doing a search that had OK looking results, and then ANY result I clicked on sent
me so some overseas site selling various things. “Ah, shit!” I said, and closed
the browser and everything else, then ran another full cleaning. A couple more
things found and removed. The OhShit!Ometer seemed to fade back from yellow into

Then, a couple days ago, I decided I should to do a manual
“check for updates on Windows and MSE”, and I got an odd error. Crud. OhShit!Ometer
was up into the yellow. Dig, dig, dig. Update not working at all. And now I
can’t scan for problems because it says I don’t have security services running.
I check. It’s not even listed as a service. “Ah, shiiiiit!” Just pegged the
OhShit!Ometer hard over in the red.

Dig, dig, dig. Several
are not listed as services that Update needs. Uninstall MSE,
download and install it again which also puts in the latest updates, run it,
clean out a bunch of un-cool stuff. Too much stuff. NOT GOOD. Can’t get
updates, MSE can’t update any more, not sure everything is off the system, so
there’s a bunch of stuff I can’t do, or at least can’t be sure of.

Try using the Win7 built-in System Restore to go back to an
earlier restore point. No dice, they are all bad.

Download the free SuperAntiSpyWare sweeper, and the free
ESET virus checker. Clean out some MORE stuff. Enough evil bits to gag TRON.
Well, I think it’s all gone, now, but
security and updates are still shot. Save my recent work off to the server,
then… Well, time to pull out the big guns.

Time Travel. Go back and Don’t
click that link

I get out the Windows Home Server “Recovery” disk, pop it
in, planning on having my problems solved. It can’t find the server… “Ah,
@#$)(*&%$***!@!#$%!!” OhShit!Ometer just broke the peg.

Dig, dig, dig. I have Win7, my old WHS is based on an old
version of Win NT, it needs an older 32bit NIC driver. Dig, dig, dig,
eventually I find the right one, boot on the Recovery disk, with the 32-bit NIC
drivers on a USB flash drive, FINALLY find my Home server from the recovery
program, and tell it “pave the C: drive FLAT, turn back the clock and make it like it was two Saturdays

The platters on the drive go ‘round and ‘round, ‘round and
‘round, ‘round and ‘round… Grind, grind, grind. Go to dinner. When I come back,
my C: drive is like it was two Saturdays ago. Run Virus scans. Get updates.
Uninstall Java. Get more updates. Scan more. Clean a couple of things out that
apparently were there before Update broke. Restore recent work files, get
better malware protection installed. Scan again. Scan with something else,
again. The meter appears to be edging cautiously back in the green again.

And I will NOT be clicking on that interesting looking link
again, because it took me too long to go back in time and straighten it all out

But that fact is, that is more or less what happened,
because I have a WHS backing up my stuff every night, for every machine in the
house. An old HP EX470, the first official WHS model. And yet MSFT is doing
everything they can (product management-wise) to kill Windows Home Server for
some reason…. And yet, it’s the only product they have that is GOOD at home computer
time travel. It is something that I think EVERY home should have, if they have
more than one computer and any data of any value. It’s the second time it’s
saved my butt. Worth every penny I’ve spent on it. MSFT has really blown the marketing campaign for
their home server product.

And… virus writers who make stuff like what I just ran into need
to spend some serious time in jail.


9 thoughts on “Time Travel

  1. Tango – I’ve worked on commodores, unix boxes, Amigas, DOS machiens, Macs, and Windows machines. Having worked at MS doing windows and windows app support, it’s simply what I know best at this point, and what I’m most likely to see in my work environment. Linux is a fine system, but I don’t really want to learn a new system right now unless I have to.

    T – I’ve also had it save my butt from a TU hard-drive (pull old drive, pop in new one, boot from recovery CD and make it like it was yesterday, and two hours later I was up and running again). It also has made multiple HD upgrades totally painless (same operation). And, your comment comes across as an anti-gun person who says “well, *I’ve* never needed one, so you must not need one either unless you are inferior in some obvious way.” Not sure if that’s what you meant, but that’s the tone I’ve heard from Mac owners often enough that that’s the first impression that flashed through my mind. I’ve been doing computers for more than 30 years, and only been hit by viruses twice. It’s not a problem for you… until it is.

  2. Well, I think it’s all gone, now, but security and updates are still shot. Save my recent work off to the server

    You saved files from a contaminated system to your server? You’re a braver man than I am.

    If you’ve got a box to spare, it might be worth learning a little bit of linux to use it as a dedicated machine for backups. That way any virus that buggers your Windows machines won’t effect your backup server, and vice-versa (I assume a Windows server would be vulnerable to a virus that can hose a regular Windows machine, but I don’t know enough about the Win home server stuff to know for sure).

  3. Danny- thanks for the chuckle 🙂

    Jake- good point; my paranoia missed mostly that one. It was basically text files that were copied up to and back from a server that has its own security running (WHS is based on WinNT server, and mine almost never touches the internet directly except for regular automatic windows and security software updates). I should have just sent them to a flash-drive until I was 100% sure things were cleaned up. (I was at about 99.5% sure at that point, having runs scans from a half dozen complete different anti-virus/Trojan/worm/etc programs, covering every file on the system (including music files, photos, etc). Your suggestion about having a small Linux backup box makes sense… I’ll have to look the idea over; I’m not sure she spousal unit wold understand the need for four functional machines in my office, even if there were rarely more than two running at any given time.

  4. Related question: any strong recommendations (other than MAC, LINUX, Android, or other OS 🙂 on what’s the best anti-virus stuff going, right now? It seems like a lot of the “reviews” are paid for, and while I used to use ESET it’s not getting good reviews now, but kaspersky used to be only so-so and now it’s better, and Microsoft Security Essentials I used to have faith in, but not quite so much any more :-/ Some of the free stuff is likely worth just what you pay for it, and some might be pretty good, but….

    All thoughts appreciated.

  5. I’m not really up on the Windows anti-virus stuff, but I know we use ESET at work and only switched to it a few months ago (maybe a year, but I’m pretty sure it’s less than that). Virginia Tech recommends Symantec and provides it to students for free.

    As far as adding on another computer, you could probably get away with something like a Rasberry Pi. Or you could use an old outdated Mac Mini with some flavour of linux loaded onto it – university surplus auctions are great for finding that kind of thing, and Virginia Tech wipes them and loads linux on them before the auction, I assume so that they can re-use their OS X licenses, so I would guess most universities do something similar (just make sure it works!). Either one would be pretty unobtrusive if you only access it through the network so you don’t need a dedicated monitor or keyboard. Heck, the Rasberry Pi could probably hide behind your router!

  6. When the nasties come to call, the best bet is to totally zero the hard drive and reinstall/restore. Of course, this supposes your backups are up to date. Your backups are up to date, right?

Comments are closed.