Contact
Lifestream
Way not to go, computer genius. Turns out that while I was trying to cram Windows 7 unto a USB thumb drive (and boot the damn thing via Gigabyte’s retarded implementation) I did something, installed something or activated something that completely fucked up this station. I suspected a virus / trojan, but couldn’t install virus software (or get Clamwin running) even in safe mode. In fact pretty much no programs would run. The network was down and I couldn’t even open Firefox. Quite brilliant. And here is the real shocker that I had never thought of before. Because I have encrypted this entire drive (all 500GB over three partitions) I also couldn’t access the drive in any normal way. I couldn’t run a Windows XP repair because that would obviously supersede the boot loader. In fact I couldn’t boot any of the brilliant boot and recovery disks I have prepared for this exact eventuality. The lightweight virus software, like Windows Malicious Software remover and McAfee Stinger, that did in fact install, couldn’t find diddly-squat.
So, basically, an unfortunate convergence of a trojan that probably misfired, locking me out of the OS, no real-time virus protection, having shut down Comodo’s Defense+ and an encrypted system disk. A most troubling scenario that I had not bothered to consider.
In the end I considered decrypting the entire drive (from the DOS boot loader, which by this time had reverted to an old version 5.1 due to further cock-ups on my part). A five hour plus operation. But thankfully I went back, hooked the drive up to the Media PC, which also has TrueCrypt, mounted the volume bypassing the loader and ran a more complete virus scan (using Avira AntiVir). Let me tell you there was no shortage of trojans. Including two very suspicious cases within the windows folder structure.
WINDOWS\system32\BReWErS.dll’ contained a virus or unwanted program ‘TR/Agent.15412.A’ [trojan]
WINDOWS\system32\drivers\SKYNETkbxuyuwk.sys’ contained a virus or unwanted program ‘TR/Crypt.ZPACK.Gen’ [trojan]
Deleting these two and eight other older and less interesting trojans (mostly blacklisted keygens and cracks) seems to have solved it.
I have no idea how this could have happened. No idea where the trojans came from or why relatively benign malware crashed the system. I’ve been scanning high risk files manually using ClamWin. Including everything I installed yesterday when it happened. Perhaps ClamWin missed something, or perhaps there was some other kind of breach.
I feel more than a little stupid here. It’s been many, many years since I had a virus or a trojan do this much damage. And even more so for not realizing how system encryption limits normal operations and will eventually ruin your day. For instance, installing Windows 7, whenever I finally do it for real, will require a complete decryption and re-encryption of the drive. That is well over 10 hours. *facepalm* I get now why people generally don’t apply full system disk encryption.
