Monday, October 1, 2007

Norton Security Scan Clues (part 1)

I'm going to start calling the virus or other malware that attacked me less than 12 months ago (and possibly recently) Uber-Malware. Right now there's really no description more apt, it certainly won't get confused with other topics on this blog, and it sounds kinda cool. One thing this "Uber-Malware" did was, as it slowly infected my PC, it began disabling all my security applications. Every single one. This is commonplace behavior for a Trojan, I am sure. However, it made the apps appear to be working 100% correctly. But the spyware-finding and cleaning abilities in all of them was as fake as Joan Rivers'... pick a body part. They'd essentially been neutered. The only "problem" was, every antispyware and antivirus app I used would always result in zero viruses found, zero spyware applications, zero infections with malware... even, it turns out, zero cookies found from bad sites. In other words, the Uber-Malware was essentially too good at disabling my defenses, since I noticed right away that my antispyware program, which routinely returned dozens of "spyware" cookies from "bad sites" for me to delete, now returned none, yet my surfing habits had not changed. This was one clue something subversive was going on with my machine.Next, I noticed that if I ran Norton Security Scan (available as part of the Google Pack) and paid close attention to the destinations it was scanning, it was scanning entire folders and files that did not reside on my computer -- or so I thought. I was able to slow down Norton Security Scan considerably by running memory and processor-intensive applications at the same time, and by randomly performing screen captures. I caught one screen capture (below) that showed a shortcut for a program called PC Activity Monitor Standard on the Administrator's desktop. I was running the Administrator account when I found it, and that program was not on my desktop; in fact I had never even heard of it. I performed subsequent identical scans, and was able to see that on the desktop of this other person's PC ("host PC"?) there were maybe half a dozen Remote Administration programs or other programs that could be used as Trojans! My PC seemed truly screwed.I knew I was on to something when my computer mysteriously, spontaneously rebooted when I had an incriminating screen capture like the one above paused on my screen. Could it be someone on the other side of a monitor somewhere, viewing my computer and terrorizing my life, figured out I was onto him?

Afterward: I did a google search for the program PC Activity Monitor Standard and found no information on their site for how to detect or remove the program once it was installed. I find this infuriating, and think there's probably a consumer law about it that would apply.
Posted by at
Labels: , , , ,

1 comment:

FreedomFighter said...

I too have gone through the same thing form at least 2005, when much of my professional writings, much ready for publication, was uploaded onto the web. I had the same problems that you are experiencing with all the computer security scanning crap, which is occurring as I write. I have been prevented from communicating with anyone who could help me. I was prevented from applying for jobs--which must be done online because of the nature of the work I do. I am determined to write about this, and hopefully expose the need to create new laws with teeth in them to prevent such illegality. I have been through about 10 computers since 2004. Further, the purpose was to prevent me from seeking civil address to criminal activity and their attempts to find me guilty of something for which they could land me in jail and take my home and property. You would be very surprised to discover who is behind your harassment. Whoever is doing this may believe that you may know something that would implicate them in some wrongdoing. Mine has never been resolved and is still ongoing. I am experiencing the same computer problems now. When the police won't help, that suggests something. doesn't it?

September 25, 2008 at 11:44 PM

Post a Comment

Subscribe to: Post Comments (Atom)