By Haresh the "Virus Buster" Karamchandani
We are in the process of signing a new monthly maintenance contract with an INGO and had done a survey of their offices and presented our proposal to them.
Then one fateful day they called me and said that they have another set of computers stacked somewhere that were not added to the inventory and we need to come and take note of them as well to form part of the Maintenance deal.
I was happy that the size of the contract would thereby increase and that would mean more income for the company so I rushed to the NGO office site to do the new inventory myself. On getting there the manager complained that these fairly new (7 in number) laptops apparently did not have any Anti-Virus loaded on them and therefore were not working well. She wanted to purchase AV from the market and I advised her that that would not be necessary as NATC can load the free version of AVG AV and license it till 2018 at no cost whatsoever.
Now she was happy, and she requested me to begin the job right-away. I brought back 2 Laptops to the office and started downloading the AVG AV on them. On completion we discovered that these 2 Laptops were badly infected and indeed had 34 and 16 viruses respectively. The AVG healed the viruses and the computers were up and running, fully healed back to life.
Next we started working on the other 5 laptops and this is where the story begins:
Laptop 1: The Windows OS was not genuine! The computer kept crashing on start up. We realized that the computer would have to be formatted and a genuine OS would have to be installed. Therefore we decided not to do the AV installation and set it aside.
Laptop 2: The network drivers were missing and could not connect online. The only solution we felt was to re-install the OS, therefore we had to set this one too aside.
Laptop 3, 4 and 5: All these laptops had issues with the OS license. The license was temporary and would expire in a few weeks. They also had USB driver problems, Network driver problems, etc. These problems could be resolved but that would mean formatting and re-installation. We felt that if we anyways have to format the computers it would not make sense to invest time in installing the AV. Because of the slow internet speed here in Liberia it would take up to 6 hours to download the AV per computer. In any case we felt that we should go ahead with at least one more computer and download the AV for the client.
We downloaded the AVG AV on this laptop and after we updated it we put it on a full computer scan. I felt that this scan would be over in a few minutes and we would see maybe 20-30 viruses. But I was wrong! The scanning began and took the whole night to complete. I had taken this laptop home to do the scan and kept awake until the late hours and kept checking and checking and checking. I stopped checking when the virus count reached 800 and went to sleep. When I woke up in the morning and checked the laptop again I was alarmed to see 1404 viruses!!
Types of VIRUSES detected:
Win32/sality, Worm/Mabezat.A, Autoit.CZ, Autoit.DB, Trojan Horse Back Door.VB.LSX, Win32/Cryptor, Trojan Horse Generic22.VSY, worm/Autorun.HV, Win32/Patched.GT, Win32/Virut, Trojan Horse. Cryptic.COL, Trojan Horse Generic18.BEZN, Trojan Horse Generic13.BOPQ, Trojan Horse PSW.Lineage.BVE, Win32/Heur, Trojan Horse SHeur3.CESH, Trojan Horse S.Heur3.BIKN, worm/Generic2.DHR, Trojan Horse Generic 22.ZRO, Trojan Horse Cryptic.BJD, Worm/VB.13.BV, Win32/Tanatos.H, Trojan Horse VBCryptic.XT, Trojan Horse Generic_C.AGHY, Trojan Horse Generic14.BANO, Worm/VB.9.BT, Trojan Horse Crypt.HIC, I kind of like the names of some of these viruses!
I spoke to the client in the morning and reported the issue to her. I wondered aloud, how would the computer get so badly infected and nothing was done about it? She explained that her staff was quite computer illiterate (Multiply that by 100!) and did not know how to manage IT related issues.
I told her it was time she got the Monthly Maintenance contract signed so that a professional company like ours would come in and ensure that their expensive equipment is secure. Hopefully the contract should be signed by the time I end this blog!
Meantime, you can call us the Virus Busters!