Just another day in Windows hell
Before I begin this post, let me state that I do not want to read about how I should buy a Mac. Thank you.
Early this morning -- too early -- my main home computer became infected by "malware" -- the psycho destructo computer crud formerly known as a "virus." Suddenly the computer was not recognizing familiar domain names (like bojack.org and wweek.com) when it was connected to the wireless router. It was also going haywire when clicking on Google search results -- stalling out or sending me to crazy commercial sites that had nothing to do with my searches. The problem spanned all three of the internet browsers on the computer; curiously, however, the situation was A-OK on all browsers when the computer was tethered to the iPhone. The rest of the computers in the house (there are three) worked fine.
After 45 minutes with a Comcraptastic guy who was actually pretty helpful, it was on to Malware Removal City. First I installed and ran the Windows Malicious Program Removal Tool, which of course found and did nothing. The AVG program that I paid good money for was also completely worthless. Finally, something called Malwarebytes Anti-Malware and another free program called Super Anti-Spyware found the DNS-name-changing Trojan and got rid of it, as far as I can tell.
But one problem remains. On starting up the computer and every once in a while thereafter, I get a warning box in the middle of the screen, along with the sickening Windows "clank" sound that means something is seriously fubarred. It says "GoogleUpdate.exe - Bad Image," and then tells me that there's something wrong with a program called C:\Windows\System32\mstask.dll. When I "explore" over to that location, there's a file there, but it's showing 0 bytes.
I think this is part of the malware infection, but it could have been something I did with the Comcraptastic guy, who had me reset a couple of files (from an extremely scary command line) having to do with IP addresses. My hunch is that it's the malware, but I honestly don't know what to do about it. The computer's running OK now, as far as I can tell, but the whole "clanking" thing makes me slightly nauseous.
In the course of the day's agony, I've downloaded a program called HijackThis, which produces some sort of log of what's going on in the bowels of the computer, but I can't make heads nor tails of it. And the "mstask.dll" file doesn't show up in the log anywhere, although Google Updater's in there a few times.
Is there anybody out there who can help me fix whatever the heck has happened? The operating system is the dreaded Vista. A free bojack.org bumper sticker or a nice beverage is waiting as a reward for information leading to the destruction of this annoying, and distressing, bug. Have moicy, and e-mail me here.
UPDATE, 11/13, 2:02 a.m.: The D Man has come to my rescue, and with his help, I've managed to replace the corrupted .dll file, and now all seems to be well. In the course of prowling around with him, figuring out a fix, I discovered that the evil malware -- a terrifying rootkit -- had weaseled its way onto the computer early this morning by placing an executable file in a temporary folder, then sneaking into the automatic task scheduler that comes on Windows, and scheduling a task. The task instructed Windows to run the executable file, which in turn made my internet connection act stoned. Apparently, to get this to work, it had to gut the .dll file -- leaving it on the computer but having it be empty.
Anyway, the D Man and I copied a wholesome version of the .dll file from another computer, figured out how to get Vista to let us copy over the blank file, and then, with fingers crossed, overwrote the corrupted file. Lawrence, in the comments to this post, had exactly the same idea and provided invaluable moral support. I next discovered that the evil task was still in the task scheduler, and even though the executable program had already been deleted by Malwarebytes, I deleted the task nonetheless. It had given itself the name "7uOCEI3," although I'll bet it goes by a different name with every infection.
Hoping that is the end of this latest adventure in computing, I say thanks to the D Man, and to Lawrence. And I'm reminded once again of what a great gift the readership of this blog is.