Cliff Notes:
1) Repaired friend's infected computer.
2) Virus infection spread to my computers.
3) Took most of a week to rebuild my systems.
4) Data was lost; email and addressbook from the last year.
These past few years I have worked to build a computer workcenter that will allow the safe storage of my files; along with a secure computer for normal work and a separate testing machine to be used for repairing computers, scanning hard drives for viruses, and imaging backups of systems after they have been repaired. These system images have proven useful a year or two later when friends return to me with more computer problems. I have known there were weaknesses in my setup, which I was planning to fix this spring with the addition of a linux file server and making a restore image of my testing machine. It seems that I did not plan well enough.
Last weekend, a friend's computer showed signs of hardware failure, specifically with the system hard drive. The anti-virus software was free AVG and this was shortly after an update by AVG had caused system problems worldwide. I plugged this system into my router and ran the fix routine provided by AVG to cleanup their problem and saw improvement. However, this system really had multiple java-based viruses, along with a virus in the master boot record (MBR) of the system hard drive, and a virus in the BIOS (CMOS) of the motherboard. This system was hooked up to my network.
The original infected computer was repaired and returned quickly. This was mainly due to having an Acronis system image available with a fresh installation from the last time I had worked on this computer a year ago. The restoration happened after a motherboard BIOS flash, of course. It was a day later after a reboot of each of my computers when I realized that somehow the viruses traveled through my router and network into both my computers, infecting my computers and rendering them useless.
I am normally calm, focused, and methodical when working on other people's systems but when my computers were taken out it became personal and I became nervous. I was also very tired. I made some mistakes and lost some data, luckily the data loss was limited to emails and my addressbook for the last year since my last backup was one year ago. Yes, one year ago. I have been so focused on other things I postponed setting up a backup system for my 2 TB of data. This is what the proposed linux file server was going to be for but it seems the viruses were one step ahead of me.
My systems took much longer to rebuild since I do not have system images of my own systems. The BIOS had to be flashed for both motherboards, and the infected hard drives had to be scanned by an older and much slower computer that was sitting unused off to the side. Rescue disks by AVG and Kaspersky antivirus, ubuntu, and UBCD4Win helped tremendously; along with an online scanner by Eset antivirus.
The second mistake I made, after plugging the broken system into my network thereby allowing the viruses to run free through my computers, was to reinstall the Windows 7 operating system back onto the system hard drive of my main computer in a nervous attempt to get my personal system back online. This is where my email and addressbook were located. I would have been fine with just a quick format of the drive to render the virus dead. After the quick format disabled the viruses, Runtime's data recovery tool, GetDataBack, would have safely recovered the Mozilla Thunderbird email profile with my email and addressbook. Unfortunately, I was tired, nervous, and not thinking straight while reinstalling the system. The system reinstallation overwrote my data and corrupted the files for my later attempt (too late) at data recovery when I realized data was missing.
My setup is focused on having an expendable and easily replaceable system hard drive for the operating system with all important data on other hard drives. With Windows XP, the system could easily be manipulated to store the Thunderbird email profile on another drive. With the new Windows 7, my personal bookmarks, email, and addressbook were located on the system drive ( C: ). I assumed my personal data was safe since I have not kept personal data on the C: drive for many years since I learned how to move it in WinXP. I had forgotten the new Windows 7 operating system changed this assumption. It seems I need to learn how to move the C: \Users\{username}\AppData\ folder in Win7 to another drive.
Add on top of this, system instability issues exhibited by my own system over the last month in the form of randomly dropped network connections and random bluescreen crashes that I thought were solved by replacing my cable modem and router, and reinstalling chipset and video drivers. These issues have persisted and currently point to possible overheating or just plain failure of the motherboard southbridge chipset. Motherboard manufacturers do not provide large enough heatsinks to properly cool the southbridge chipset. These issues had contributed to my unstable thought process that led to the decision to overwrite my data after two days without sleep.
With exception of my lost emails and addressbook from the last year, everything is restored and working again. Although my system did bluescreen this morning after I changed the heatsink on the southbridge chipset. This has been an awful week.
1) Repaired friend's infected computer.
2) Virus infection spread to my computers.
3) Took most of a week to rebuild my systems.
4) Data was lost; email and addressbook from the last year.
These past few years I have worked to build a computer workcenter that will allow the safe storage of my files; along with a secure computer for normal work and a separate testing machine to be used for repairing computers, scanning hard drives for viruses, and imaging backups of systems after they have been repaired. These system images have proven useful a year or two later when friends return to me with more computer problems. I have known there were weaknesses in my setup, which I was planning to fix this spring with the addition of a linux file server and making a restore image of my testing machine. It seems that I did not plan well enough.
Last weekend, a friend's computer showed signs of hardware failure, specifically with the system hard drive. The anti-virus software was free AVG and this was shortly after an update by AVG had caused system problems worldwide. I plugged this system into my router and ran the fix routine provided by AVG to cleanup their problem and saw improvement. However, this system really had multiple java-based viruses, along with a virus in the master boot record (MBR) of the system hard drive, and a virus in the BIOS (CMOS) of the motherboard. This system was hooked up to my network.
The original infected computer was repaired and returned quickly. This was mainly due to having an Acronis system image available with a fresh installation from the last time I had worked on this computer a year ago. The restoration happened after a motherboard BIOS flash, of course. It was a day later after a reboot of each of my computers when I realized that somehow the viruses traveled through my router and network into both my computers, infecting my computers and rendering them useless.
I am normally calm, focused, and methodical when working on other people's systems but when my computers were taken out it became personal and I became nervous. I was also very tired. I made some mistakes and lost some data, luckily the data loss was limited to emails and my addressbook for the last year since my last backup was one year ago. Yes, one year ago. I have been so focused on other things I postponed setting up a backup system for my 2 TB of data. This is what the proposed linux file server was going to be for but it seems the viruses were one step ahead of me.
My systems took much longer to rebuild since I do not have system images of my own systems. The BIOS had to be flashed for both motherboards, and the infected hard drives had to be scanned by an older and much slower computer that was sitting unused off to the side. Rescue disks by AVG and Kaspersky antivirus, ubuntu, and UBCD4Win helped tremendously; along with an online scanner by Eset antivirus.
The second mistake I made, after plugging the broken system into my network thereby allowing the viruses to run free through my computers, was to reinstall the Windows 7 operating system back onto the system hard drive of my main computer in a nervous attempt to get my personal system back online. This is where my email and addressbook were located. I would have been fine with just a quick format of the drive to render the virus dead. After the quick format disabled the viruses, Runtime's data recovery tool, GetDataBack, would have safely recovered the Mozilla Thunderbird email profile with my email and addressbook. Unfortunately, I was tired, nervous, and not thinking straight while reinstalling the system. The system reinstallation overwrote my data and corrupted the files for my later attempt (too late) at data recovery when I realized data was missing.
My setup is focused on having an expendable and easily replaceable system hard drive for the operating system with all important data on other hard drives. With Windows XP, the system could easily be manipulated to store the Thunderbird email profile on another drive. With the new Windows 7, my personal bookmarks, email, and addressbook were located on the system drive ( C: ). I assumed my personal data was safe since I have not kept personal data on the C: drive for many years since I learned how to move it in WinXP. I had forgotten the new Windows 7 operating system changed this assumption. It seems I need to learn how to move the C: \Users\{username}\AppData\ folder in Win7 to another drive.
Add on top of this, system instability issues exhibited by my own system over the last month in the form of randomly dropped network connections and random bluescreen crashes that I thought were solved by replacing my cable modem and router, and reinstalling chipset and video drivers. These issues have persisted and currently point to possible overheating or just plain failure of the motherboard southbridge chipset. Motherboard manufacturers do not provide large enough heatsinks to properly cool the southbridge chipset. These issues had contributed to my unstable thought process that led to the decision to overwrite my data after two days without sleep.
With exception of my lost emails and addressbook from the last year, everything is restored and working again. Although my system did bluescreen this morning after I changed the heatsink on the southbridge chipset. This has been an awful week.
Last edited:
Facebook
Twitter