Closure!

More than a year after the fact, I found the answer to the hacking of my PC: the article SubVirt: Implementing malware with virtual machines. Reading this article, I instantly recognized the symptoms in the proof-of-concept described in it as identical to what I had experienced. A virtual machine monitor (VMM), running on a system such as VMware or Virtual PC, had supplanted my existing operating system, making it the guest (virtual) operating system running virtually in a directory of my hard drive. This was done by changing the boot routine at startup. After an initial reboot upon infection, the VMM is run as the core operating system, with the virtual operating system loading directly afterwards. A barely noticeable lag results upon bootup. Small differences will be noticed by the observant user, however. When a user attempts to shut down their infected system, the virtual machine instead puts the computer into a hibernation mode, and makes it appear as if the computer has shut down. (It is only upon an actual reboot that a user can detect the virtual machine malware, reinstall the operating system, etc.) Since the machine is running a virtual operating system, any antivirus or antispyware utilities can be made to look like they are working, when they are in fact doing nothing. I urge anyone who has experienced any problems such as the ones I've described in this blog to check out the SubVirt article. It describes in detail how to circumvent and prevent these attacks. I'll say again for the record that for the last year and a half, running a MacBook, I've been rid of these problems. Windows computers seem to be extremely vulnerable to this difficult-to-diagnose and difficult-to-eradicate attack. Good luck.