Sunday, July 17, 2011

Trojan vs Indie

For the record, if one is ever contemplating how much time to set aside for technical issues in a 1-man operation, a full OS reinstall is a 1.5 man-day project.

Windows Defender found and removed a trojan a few days ago. It raised some concern for me, as I'm a pretty careful web user. But, WD claimed to remove it successfully, and my ESET online scan showed no infections. I figured I got lucky, and moved on.

Friday morning, WD found it again. The same trojan (Hiloti D, for reference). Now I was concerned. I went into paranoid mode, and started researching. WD claimed to succeed, and ESET seemed to agree. But I was suspicious. I realized I didn't have MS Security Essentials yet, so installed it. But quick scan came up empty.

However, I was starting to catch the subtle symptoms in action. That was it. I needed to do something, and I was considering the worst case: the trojan had compromised my OS, and potentially transmitted password info I typed into my browser. And it had a few days head-start. I ultimately decided on an OS reinstall, and changing all my passwords.

Friday and Saturday were coincidentally my weekend, as Rochelle and I decided on that arrangement not a day before. It gave us one weekday where I was off to run errands in town, if necessary, and one weekend day. One half-day of errands later, it was time to start the reinstall.

The reinstall went smoothly. Both times. Why install the second time? Because Windows Update was not-so-smooth. #20 of 90 got stuck for over an hour, and force-rebooting must've killed the restore points. Fortunately, that was #20 and not #90. So all told, backups, Windows 7 and 90 updates took most of Friday. And SP1, password changes, and reinstalling software took a good chunk of Saturday. Today, I still have a few essential tools to install before I can resume work, but the big stuff is out of the way.

So there you have it. A solo operation offlined for 1.5 days. It'll end up costing me a little production time today, and a lot of lost relaxation time over my weekend. The up-side?
  • I have a fresh Windows 7 install, which I was probably due for.
  • I have a better awareness of security issues on my setup, and have patched some of those holes.
  • I finally broke down and bought a NAS and some 2TB HDDs upon which we can store data we don't want lost in a PC crash. (Which also gives me enough space to write restore system images, if necessary)
  • I read some interesting articles, and got acquainted with while waiting for Windows Update to finish!


  1. Seems like you should do a Chris Blackbourn and always have two dev machines.

  2. Actually, I do! It definitely helped to have my laptop on hand during the restoration, as I needed to look a lot of stuff up. It also gave me some peace of mind.

    However, since I don't have an IT team to back me up, I can't really work on the laptop while the main rig is "in the shop," because I am the shop.