Earlier today after browsing a questionable website, my anti virus was disabled. This usually poses no threat as I will reinstall with a quickness if a reboot fails to remedy the problem.
Today was a little different. After a reboot, I looked at system processes to see what was running using “Whats Running”. I found no unusual processes but the anti virus would not reload, even after three reboots. I went to another computer and downloaded the manufacturers anti virus install program onto a USB drive and attempted to install on the suspected infected computer. The anti virus refused to install reporting that there was an invalid forward reference. So I pulled a copy from a compressed backup on the network drives. Same thing happened. I rebooted into safe mode and attempted to reinstall as well as uninstall – same issue.
I came back into service mode and was getting ready to do a full backup restore from a three day old backup, but which I had first decided to reboot once more. Surprisingly, the anti virus came up. I ran a sha sum on all the files on the computer and could find nothing out of place.
I think that a virus or other malware nailed the computer and attacked the anti virus but could not fully install. It is puzzling that I can find no trace, but I can at least explain this as I have the computer setup so that it will reboot when anything interferes with the system processes.
What do you think might have happened. Why do you think it would leave no trace. How do you think it might have attacked my anti virus. And how do you think it might have bypassed two previous and different firewalls/anti virus programs before it got to the local machines firewall/anti virus to attack it. I did not download and files and was looking for information on new exploits on some dangerous web sites.
Oh, just before this problem occurred I was scanning for an ftp vulnerability.
