![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Virus/Malware
Nov. 22nd, 2014 06:50 pmMy main machine seems to have picked up something nasty.
Thursday night I noticed that BitTorrent wasn't running any longer. And attempts to run it failed.
A reinstall got some really weird outgoing connection attempts, and a few other things were acting odd.
So I rebooted. To discover that a "software restriction policy" had disabled the firewall I use, Windows Firewall (which was turned off anyway) and my AV program.
Safe mode didn't work either. Got the login screen, but the keyboard and mouse were both disabled.
Trying for safe mode with command line got that too (which it shouldn't have).
Obviously something had majorly compromised things.
I wasted a few hours trying to get Windows installed on a spare drive (install went ok, except I couldn't boot off the drive).
I've spent time since then sticking the drives from the main box into a removable "rack" in another system (one at a time) and doing AV scans on them.
Didn't find anything significant.
Currently backing up the drives, and then I'll stick the boot drive back into the main system and try various repair tricks.
Worst case, I'll reformat it and reinstall Windows (and entirely too much other stuff).
Any suggestions on how to fix that software policy BS?
Thursday night I noticed that BitTorrent wasn't running any longer. And attempts to run it failed.
A reinstall got some really weird outgoing connection attempts, and a few other things were acting odd.
So I rebooted. To discover that a "software restriction policy" had disabled the firewall I use, Windows Firewall (which was turned off anyway) and my AV program.
Safe mode didn't work either. Got the login screen, but the keyboard and mouse were both disabled.
Trying for safe mode with command line got that too (which it shouldn't have).
Obviously something had majorly compromised things.
I wasted a few hours trying to get Windows installed on a spare drive (install went ok, except I couldn't boot off the drive).
I've spent time since then sticking the drives from the main box into a removable "rack" in another system (one at a time) and doing AV scans on them.
Didn't find anything significant.
Currently backing up the drives, and then I'll stick the boot drive back into the main system and try various repair tricks.
Worst case, I'll reformat it and reinstall Windows (and entirely too much other stuff).
Any suggestions on how to fix that software policy BS?
