Friend has been over for the weekend. He rented a DVD from Redbox. For about a year the MPAA or it’s principles have been placing rootkits on some, not all, newly released DVD’s. In this case the DVD is Paul Blart Mall Cop. These rootkit on the DVD’s don’t bother me because I know which reg keys they affect and have on computer backups of those keys to restore from. However, a new key has been introduced that I do not yet know. So looking around for something to remove the rootkit that disables the DVD playback on a computer, I DL’d an executable and executed it. It installed a worm.
Immediately after installing the trojan the wireless lit up on my router. I walked around and shut down all computers in my home network, excluding the one I suspected of infection and watched the activity light on my router. The wireless was active without reason. I killed the wireless on the NB and watched the DSL activity light, it became inactive. I re-enabled the NB wireless and my DSL lit back up. Pretty good indication, I would say, of an infection.
This is the first infection I have had in 15 years. That is a decent record.
I updated MalwareBytes and scanned. MB found an infected file hidden in the program files under one of my normally used programs. The infection was identified as sd.botnet. I am not convinced that the infection is completely eradicated. I am scanning again with MB and then I will scan with several AV products. I do not expect to find the complete source of the infection and am scanning merely out of curiosity. I expect that I will be restoring from a backup taken a few months ago.
I really should do a complete reinstall since I last reinstalled this computer over three years ago. However, it takes two to three days for a complete reinstall and only 45 minutes for a bare metal restore from backup.
I hate Windows, but have to have one Windows box for the stuff that can not be done in Linux.
Anyone care to laugh with and at me, and to help me chew my own butt?
Time to notice infection: about 15 seconds.
Time to verify infection: about 10 minutes.
Time to scan files: MB: 2 x 45 minutes.
Time to scan with AV about 16 hours.
Time to restore: about 45 minutes.
Me Idjut.