Sean's Blog

“No, I just know what I need to check on and where it is.”

That was, more or less, the question I was asked, and my response, on Thursday while I was working on a young lady’s computer. She was a foreign exchange student and was having issues connecting to the network. Mentally, I don’t believe I even paused when the computer woke up from sleep mode. Sure, the keyboard had extra characters, and most of the names of icons and menus were in Japanese, but I knew what I needed to check, where it was located, and other possible issues that could be causing the issue.

I’ll admit that even now, I’m not sure what was wrong with the computer, but there were a number of things I could point to that were probably the cause:

• an issue with McAfee Security Center, which I had already seen during move-in, or
• region specific software that I would not be familiar with using or configuring

The computer itself was able to see the registration network, get an IP, and even begin the registration process, but would only go so far. Since she had agreed to the usage policies, but had been unable to progress further, I manually registered the computer on the network, and after that, it was smooth sailing. That option came to me rather quickly, but I tried to find out what was causing the issue, but alas, I did not find it.

What it comes down to is don’t just do what you need to do to get a job done, but know what it is you are doing. If I had relied upon having to read the menus, buttons, et cetera, to get the job done, I would not have been able to even troubleshoot the issue as I did.

On Monday, I was resolving a connection issue over in Founders, and once I got the computer on the network, the adware woke up. In the process of cleaning that up, I also found Vundo hanging out on the system. I shifted gears from generic malware removal and checked on some specific things, namely system32. The system32 directory seems to be the favorite place to drop files, so I’m just used to looking there. Sure enough, there were gibberish file names (more so gibberish than actual files needed by Windows) with roughly the same creation date/time and file sizes. I selected a bunch, told the up-to-date McAfee to scan, and waited.

2 files. That’s all it identified.

I never felt more insulted by a program. I could tell those were unneeded files (qxzzsc.exe for example) but I’m guessing that they were files that weren’t considered a threat anymore, but still, why leave them on the system? Maybe I was wrong, and they weren’t really malware related at all.

To answer that question, I connected to the network, and thus the Internet, and went over to VirusTotal. I uploaded a couple files and sure enough, they were Trojans, and deleted they became. Then again, for some of the files, McAfee, Symantec, and Avast! said that those files were ok. Most of the other 30+ engines VirusTotal checks the file through thought otherwise.

I guess that’s the point of me posting this: just because one tool you use says that everything should be ok, it’s seldom actually the case, and that’s why it’s good to know when to look beyond just the tools you have at hand. I could have simply assumed that McAfee took care of it, but it’s just as likely that I would have been back out there in a couple days to resolve a re-infection of the computer.

I saw this error code this past weekend when I was working on my parents’ new laptop, which runs Windows Vista Home (I think that’s the version). It took me a while to figure out, but all it meant was that there was an issue trying to get an update. The reason: the computer’s date had been set 4 years into the past. Once I went and corrected the date, Vista was able to update correctly. Take that, Code 80072F8F!

After testing this on my work computer, I found that this also that the McAfee AutoUpdate will fail to update as well if the computer’s date is in the past as well. So, if you see that error message in Vista, or have issues with antivirus and other programs failing to update, check the date.