This morning started like any other, but I hadn’t been seated at the PC for more than a few minutes before the first clues appeared, hinting at impending doom.
A small Windows dialogue appeared, telling me a program I’d never heard of had crashed. RIP itmy.exe, I didn’t know you at all. Seconds later it happened again – and21.exe had crashed and needed to close. Well, the alarms in my head were going off now. Google revealed nothing, these apps didn’t exist. I searched the C drive and found these two apps, and a half dozen more, lurking in AppData/roaming. Random folders, random exe names, and a few zero-byte files with more random names. Not good.
Task Manager indicated a command window was consuming 10% of my CPU, but it wasn’t visible. I killed it. I deleted the random apps and files, then used this program to search out any additional auto-running apps, and I killed those too.
And then websites started to fall down on me. I was unable to ping anything, windows was throwing up socket errors. I ran Malware Bytes and it found nothing, with a fresh set of definitions. Windows defender found nothing…
And then Resource Monitor showed a steady 8kB/s stream was heading to an IP address (126.96.36.199) in China.
At that point in figured I was basically compromised, so I turned the machine off. A few new Antivirus programs found nothing weird, but the boot process was far longer than before, networking was dead, Event Viewer couldn’t start, etc. It was all basically fucked, and so the decision was made to nuke and pave.
Cue an adventure involving missing install discs, product key decryption, borrowing the wrong install CD, downloading the right one from a hard to find site, not having DVD-Rs, Microsoft’s tools (use this one instead) not working, etc etc etc.
Oh, the trials are endless around here. When I’m done installing the OS, and a million drivers, and all my apps, then I’m going to encase the PC in concrete so China can’t fuck me again, then I’m going to see about strangling someone.