 You've got mail
CAROLINE KEHNE
One victim's voyage into the abyss of viruses, technology, and customer service
My computer and I are like Siamese twins: when one gets sick, the other's life is misery. Since my livelihood revolves around being 'wired', I take computer care very seriously or so I thought I did.
The fireworks began early last week when my computer became infected by W32/SirCam@MM, described by a McAfee.com technician as "half-worm, half-trojan" for its ability to lie dormant until triggered by the system clock into life. My normal procedure is to delete any emails that I regard as suspicious; in this case, the email, from a fellow correspondent with a cheery note asking for my comments, lulled me into a false sense of complacency. Thus, I become one of the latest victims of a class of viruses known by its numerous variant forms, including W32/SirCam.bat, W32/SirCam.gen@MM and W32/SirCam@MM.
McAfee, one of the leading creators of anti-virus software, has classified one variant, W32/SirCam@MM as a "high risk" virus. Since its discover on July 17, McAfee statistics have recorded over 230,000 infections in 1.5 million scans, a whopping incidence for a relative newcomer. McAfee describes the infiltrator as a mass-mailing virus that attempts to send itself and local documents to all users found in the Windows Address Book and email addresses found in temporary Internet cached files.
There are many variants, with internal text messages that may read "I hope you can help me with this file that I send", "This is the information that you asked for" or, in my case infiltrator, "I send you this in order to have your advice". The attachment of a file plucked off the unwitting host's hard disk and the insertion of its name in the "subject" header added two more elements of credibility.
I dutifully perform weekly updates, downloading new virus definition files from the McAfee website and performing a hard-disk scan; unfortunately, my last update came a few days short of W32/SirCam@MM's July 17 discovery and thus, my computer was a sitting duck for infiltration.
After opening the text file, I sensed that something was amiss, downloaded a virus update from the McAfee website and performed a new scan that revealed W32/SirCam@MM on my system. However, the virus had by that time become well embedded in several operating system files and was interfering with normal operation. I was, however, able to download from McAfee's website three pages of removal instructions. Almost immediately, my attempts at computer surgery were brought to a standstill by missing information in the instructions. At a loss, I rebooted, a choice which proved to be a key error: damage done by the virus now blocked access to the Internet and thus, to online technical support services. Frustrated, I decided to call it a day.
DAY 2: With options rapidly diminishing, I turned to the old standby, phone-based technical support. Thus began a second experience, as hair-raising as the initial infection, trying to get a human technician to whom I could discuss my problems. After several hours of phone calls, referrals, numbers that did not function in Canada and endless waits on "express" technical lines (accompanied by a continuous loop of elevator music as I held), I finally did get to a human being, a very competent, calm technician named Tim. Within minutes, we discovered the reason for my frustration: the instructions posted on McAfee's website were, as I had suspected, incorrect. ("I'd better correct that," said Tim earnestly. I did not charge him a consulting fee; in fact, I had paid $30US for this support.). Tim and I worked our way through infected Windows files, removing scripts surreptitiously inserted by SirCam. By the time Tim and I parted, I felt that the worst was over. It was not.
DAY 3: A new day was dawning: I upgraded from my old virus scanning engine to McAfee's Online Clinic (hailed as its most comprehensive package) and ran a full hard-disk scan. To my amazement, the scan revealed three more copies of the virus peppered across my disk. These I deleted, ran another full scan, which confirmed that the virus had now been successfully expunged from my system. However, now, my digital camera software interface had been corrupted. Another (unsuccessful) internet chat with another company's technician ensued; finally, working on a hunch, I solved the problem myself.
At the time of the writing of this story, my system has now been clean and stable for about four days, though the popular press is predicting a new wave of virus invasions as vacationers return to work and fire up their email. The lesson, if there is one in all of this, is that the cost of maintaining up-to-date virus protection is essential and can be far less than the cost in terms of lost work, time and aggravation caused by a single, successful virus attack. Even though my cost of repair was a fraction of what it would have been had it been done by an on-site technician, it is an experience that I do not wish to repeat. It was a wise man – probably a technician - who declared that "an ounce of prevention is worth a pound of cure."
Copyright © 2001 Caroline Kehne/Log Cabin Chronicles/08.01 |