Recently, one of my Windows desktop machines got infected with a Trojan virus. Since all my machines are connected in a network, the virus was able to spread and infect other hosts. The Trend Micro anti virus did not detect the virus at first so I wasn’t alerted in time to fix it before the spreading begun. I found out the hard way when I was no longer able to remote desktop into the PC. Windows kept returning an error “You have to disable the deny remote access…” I suspect the first computer got infected because it did not have the latest Windows Update or through a security hole in one of the running applications.
I have already put together a backup system years ago so it was now time to review my recovery skills. Though I have to admit I’m a little rusty; it’s been many years since I got a virus. A Trojan virus is particularly dangerous as it opens up a backdoor allowing the attacker to quietly come in and steal or corrupt information. Other forms of virus would have wiped out some data that I would know right away and recover from backups. A Trojan attack leaves you wondering how long the attacker has been compromising the system and if your backup data was still reliable or has been tempered with.
I was able to enter the system from console and install different anti-virus software (antidotes). I immediately unplugged the network and ran virus checks on the machine. Only McAfee, Panda and Kaspersky were able to detect the virus when Trend Micro and Symantec failed. The system was so badly compromised that none of the anti-virus software was able to repair the damage or quarantine the virus. The infection spread to operating system files and couldn’t be removed. None of the machines could be disinfected using the same approach.
The only hope was to reload the OS and restore data from the daily backup files that I had saved onto a remote server. Besides, I wouldn’t feel comfortable even if the anti-virus worked and I would have eventually followed up with a full reinstall to be safe. This was going to be a very long week.
After reloading Windows on all the machines and changing the passwords, which took many hours, now it was time to reconnect the network and run a full Windows Update. Microsoft certainly didn’t make it easy and required the machines to go through several reboots to get all my updates. I then installed all the applications and one by one recovered the data from the back up. It pays to have a fast connection to the Internet in times of crisis.
The whole experience was insufferably painful and never to be forgotten. Fortunately, my backup process saved the day. Lesson learned - update frequently and always backup to a remote storage.