Thursday, September 29, 2005
Spent an hour this morning composing a letter to my district supervisor Fiona Ma about the unfortunate state of the mass transit system (MUNI) in San Francisco. Rescheduled an appointment due to the bus showing up and leaving early. Fixed a student's laptop which had gotten some kind of virus or worm or spyware. Upon launching applications or upon opening any control panel item, the following error message would appear: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. (OK)" I removed mswin.pif and cleaned with Ad-Aware and Spybot Search and Destroy and protected with SpywareBlaster, but upon restart the computer showed pokapoka70.exe in Startup Manager. This computer had had SpySweeper installed but it's not clear whether SpySweeper failed to protect the computer. This computer has only Windows XP Service Pack 1 installed. Norton Anti-Virus 2005 said the computer was clean (albeit in Safe Mode With Networking). Research in Google indicated that the laptop was infected by one or more of the following viruses, worms, or trojans: Istsvc-A, Elitebar-A, Elitebar-O, Rbot-AHR. When I tried to turn off System Restore, I got this error message: "System Restore: System restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again. (OK)" To resolve this, I did Start > Run > services.msc, then found "System Restore Service", then stopped it and restarted it. After I returned to the System control panel, I was then able to turn off System Restore. This issue is currently not documented on the web. Eventually, I was able to clean everything up by putting SAV32CLI and stinger on CD-ROM, running them in Safe Mode With Networking, manually deleting c:\windows\etb, restarting in Normal Mode, running SpySweeper which found and quarantined hundreds of items. Norton finds the spyware but doesn't remove them—it's not clear that Norton isn't supposed to remove them and that it doesn't even try to do so. Did more VPN work—announcing to students the incompatibility of Nortel Contivity VPN 4.86 with Zone Alarm 6.0 and notifying peers of reports of blue screens of death when using VPN. Dinner at home with Patrick: Indian jambalaya. I did some shopping on Amazon and updated my wish list.