Today I ate the humble pie twice, though the ‘cheese pie’ Edison Chen EdipR0n Chentuk ate would have been slightly more appealing…

Round 1
I have always thought I had a lot of knowledge about the automated workstation build and remote program installation process in the office. I felt there’s probably few things that I don’t know about after working here for a good 7 long years. And as they always say, “Pride goes before a fall” and “God opposes the proud.”

So it was a little annoying today when I failed to get a software reinstalled on the system by simply removing the registry keys at the usual location. For the better part of 15mins, I was fuming at the system and wondering what has gone wrong. Took me a long time to notice, that the FQDN [Fully Qualified Domain Name] of the applications package & system build server has changed, and I had * gasp * deleted the registry entry referencing the old FQDN. 他妈的，阴沟里翻船！！(Fxxk, it was a dumb mistake!!)

While that didn’t have any adverse effects at all, this is the kind of mistake I don’t expect myself to make. It was supposed to be a task that would take no more than 2 minutes, unless the system itself really had a problem – e.g. the kind along the lines of a broken MSI Installer.

I was wasting precious time doing a really simple task. I am glad I spotted the mistake and I reminded myself to always remain humble before I end up making a major mistake.

Round 2
And if you thought that was just a small episode in my usually mundane and boring life, it wasn’t over yet, because I had the cheek to tell my friend that getting hit by a malware is small matter and it’s easily cleared.

So I picked up my friend’s Lenovo X61 laptop at Change Alley some time before lunch. What I didn’t take into consideration was I had no clue what the malware was and as I have been in a well protected corporate environment, where malwares are a distant memory. In other words, I had not considered that malware has evolved and are now way more formidable than the last time I cleared them. To make matters worse, the laptop is loaded with Windows Vista and the elevated security along with the irritating system restore combined to give me one of the most annoying afternoons I have experienced for a long time. Consider it the second humble pie of the day, one that last long enough to serve as dessert for my tea break.

After sort of pulling my hair out for the better part of the afternoon, I finally managed to at least figure out what the malware was – File Secure and iedefender. It is also known as the unknown trojan. They are one and the same and they masquerades as an advanced spyware removal program.

I can only suspect where this might have come from… probably while someone was using my friend’s laptop to surf smut and to look for EdipR0n Chentuk pics, since I could see them all over the browser’s history. The most likely scenario would involve a false message popping up in Internet Explorer saying that the system is infected. No matter what the user clicked, be it ‘OK’ or ‘CANCEL’, it would have allowed the malware to be installed. The only way to avoid this would have been to close the window without clicking on any of the buttons on that message at all! Damn EdipR0n, Internet Explorer System Exploder and ActiveX to hell!

Either way, I also come to learn of some anti-spyware tools like Super Antispyware, which is quite handy and useful in clearing these kind of shits. While I wasn’t originally convinced that it is a genuine malware detection and clearing too when I looked at the website, I soon discovered that it is indeed legitimate, because I also find it available on download.com. (The current released version is 3.9 as of Feb 15, 2008. I personally won’t trust those so-called v4.0 beta copies found on Google, until I have verified that those sites hosting the files are trustworthy.)

So, after a combination of automated and manual clearing, the malware appeared to be vanquished as the symptoms are gone for good. However, I still decided to restore the entire laptop to factory default in the end as I am not quite convinced that the kind of defenses I am going to put on the laptop (the sames ones I have on my own system) would be sufficient for this laptop in its post-compromised state.

So, I conceded defeat and sourly boot the Lenovo laptop into recovery mode using that ‘Think Advantage’ button, and let it do a restore. I reminded myself I should humbly turn down any request for assistance with clearing malware in the future… as I realized I ain’t that great with dealing with this kind of problems at all.

But nevertheless, all glory be to God. At least I learn something today, and as it always goes, I know this experience is going to come in useful someday… soon.