Computer nightmare
Aku telah menyelamatkan komputer aku selepas pengalaman buruk panjang... x_x
Sebelum aku memulakan cerita ini, aku nak gitau yang aku sekarang tengah guna komputer baru. Maaflah pasal tak kerap kali update page ni. Cuma aku jarang-jarang rasa nak pos blog banyak-banyak. Bukan aku taknak pos entry baru; kadang-kadang tu, ada juga rasa ragu sikit samada nak atau taknak pos entry-entry tersebut.
2 minggu lalu, komputer baru aku tetiba berkelakuan pelik. Norton Internet Security 2007 yang diinstal kat dalam komputer tetiba mula tunjuk report yang komputer sedang menghantar banyak-banyak e-mel tak henti-henti. Aku terkejut pasal ni; setakat yang aku tau, tak pernah aku gi hantar e-mel sebanyak ni. Pastu Norton tunjuk skrin dialog yang sesetengah daripada e-mel ni kena direject server-server e-mel kat luar sana, atas sebab alasan "spam".
Aku naik panik; memang patut pun aku naik panik, pasal aku baru jer beli komputer ni baru bulan Ogos lepas! So lepas cabut dari Internet, aku cepat-cepat runkan komponen Norton Antivirus. Hampa; Norton langsung tak dapat jumpa virus/worm/kuda Trojan pun. So aku pun scan komputer ni juga menggunakan AVG dan Ad-Aware, dan pastu McAfee, F-Secure, dll. Tak ada satu pun yang boleh detect worm ini!
Aku langsung tak tau camna worm ni boleh masuk kat dalam komputer aku. So aku pun cuba restore komputer ni ke keadaan dahulu kala (atau dengan tepatnya, 3-4 hari lalu sebelum komputer tetiba mula hantar spam) menggunakan System Restore. (Norton sejak versi 2006 menggunakan opsyen untuk melindungi program daripada diedit program luar, maka aku uncheck opsyen tu dulu sebelum melakukan System Restore pasal ianya boleh menggangu proses system restore.) Langsung tak berkesan! Komputer masih hantar spam dengan lebatnya.
Kemudian, komputer start tunjuk report yang proses RunDLL32 tetiba terhenti tanpa sebab. Bukan tu jer... Pastu, servis Plug and Play pulak yang terhenti: Ini menyebabkan komputer aku terestart. So aku buka dialog Services, dan gi edit property servis Plug and Play menukarkan opsyen apa yang komputer akan lakukan kalau servis ni diterminate dari "Restart computer" ke "Restart service".
Tapi, lepas tu, service DCOM Process Launcher pulak yang terhenti dan ini juga menyebabkan komputer aku terestart semula! Aku cuba ubah opsyen terminasi seperti Plug and Play jugak... Tapi opsyen-opsyen DCOM langsung tak boleh diubah! Aku rasa ni pasal kebanyakan servis dalam komputer memang memerlukan sangat servis DCOM ini supaya boleh beroperasi dengan betul. Untuk menghentikan komputer dari restart, maka terpaksalah aku guna command "shutdown -a". Ini menghentikan komputer aku daripada restart dengan sendirinya.
Pastu, aku dapati bahawa Norton dah jadi corrupt. Takleh nak update fail definisi virus, dan kesemua komponennya dah takleh fungsi dengan betul. Pada mulanya, aku reinstall Norton balik, tapi seminggu pastu, ia jadi corrupt balik. Biasalah... Baru-baru ni, individu yang tulis virus, worm dan kuda Trojan dah makin lama makin jadi pandai, dan cuba attack program antivirus supaya ia tak boleh dihentikan.
Kemudian, aku dapati bahawa komputer aku hanya berkelakuan pelik setiap kali komputer connect ke Internet. (Kalau offline, komputer macam normal jer.) So aku theorize yang, sebenarnya, komputer aku langsung tak pernah dicerobohi "worm" tersebut selama ni. Aku takut yang komputer dah kena dihack...
So aku cepat-cepat gi bukak dialog Windows Firewall. Rupa-rupanya, selama ni, Windows Firewall tidak diaktivasi! Ada satu benda yang aku nak naik darah dengan Symantec, syarikat yang tulis Norton. Diorang terlalu konfiden dengan teknologi firewall diorang yang disertakan dengan Norton, sehinggakan setiap kali user install Norton kat dalam komputer, ia juga akan secara otomatiknya menyahaktivasikan Windows Firewall, supaya user hanya menggunakan teknologi firewall diorang jer.
Dengan pantas, aku aktivasikan balik Windows Firewall. Norton kemudian memaparkan dialog bahawa Windows Firewall teraktivasi, dan tanya kat aku samada nak atau tidak tutup balik Windows Firewall supaya aku boleh guna firewall Norton jer. Aku tekan "No", tapi sebelum tu, aku pun tandakan opsyen supaya ia takkan tanya soalan tu lagi. Memanglah Windows Firewall tak mencukupi untuk melindungi komputer daripada dicerobohi hacker dan worm, tapi adalah lebih baiknya kalau ia juga diaktivasi bersama dengan program firewall lain, supaya boleh increasekan lagi keselamatan komputer setiap kali ia connect ke Internet.
Sejak itu, komputer aku dah tak berkelakuan pelik lagi.
Teruklah experience aku ni! x_x Masa komputer kena dihack masa tu, aku takleh tidur malam pasal terlalu risaukan komputer. Kadang-kadang tu, dapat mimpi buruk yang komputer rosak terus lepas tu. At least, nasib baik tak perlu reformat semula komputer... Aku dah nak hampir-hampir nak reformat semula komputer sebagai last resort kalau komputer dah takde harapan lagi untuk membuang worm mysterious ini yang rupa-rupanya satu attempt untuk hack computer ini. Reformat akan memusnahkan semua fail kat dalam komputer. At least, nasib baik, kebelakangan ni, aku dah form satu habit untuk sentiasa membuat backup copy fail-fail yang penting.
----------
I have saved my computer after a nightmare... x_x
Before I begin, I just want to tell you that I'm now using a new computer. I'm sorry for not updating this page more often. It's just that I seldom felt like posting my blogs that often. Not that I don't want to; sometimes, there are times when I'm in doubt whether or not to post such entries.
Two weeks ago, my new computer started acting weird. Norton Internet Security 2007 installed in my computer started reporting that my computer is sending mass e-mails non-stop. I was shocked; all I know is that I have never send e-mails this much. Then Norton showed dialog screens that some of these mails got rejected from servers for "spams".
I panicked; of course, I do have to, for a good reason: I've just bought this computer last August! So I quickly disconnect it from the Internet, and scan it using Norton Antivirus. No luck. it can't find any viruses/worms/Trojan horses at all. I also even scan this computer using AVG and Ad-Aware, and then McAfee, F-Secure, etc. None of them are able to detect this worm!
I have no freaking idea how this worm got into my computer. So I tried restoring the computer to an early state (more exactly, 3-4 days before my computer start sending spams) using System Restore. (Norton since version 2006 implements the option to protect the program from being edited by outside programs, so I unchecked this option before initiating System Restore because it can disturb the system restoring process.) It doesn't work! My computer still sending hordes of spams.
Then, my computer told me that the RunDLL32 process mysteriously suddenly shut-down without any known reason. Not only that... After that, even the Plug and Play service got shut-down, which triggered my computer to restart. So I quickly go to the Services dialog screen, and edit Plug and Play's property from "Restart computer" to "Restart service".
But then, the DCOM Process Launcher service would also mysteriously shut-down as well, which also triggered my computer to restart, too! I tried changing the termination option like Plug and Play, too... Unfortunately, DCOM's options can't be changed! I guess this is because a lot of services in my computer rely this service a lot to function correctly. To stop my computer from restarting, I'll have to use the "shutdown -a" command, which cancels my computer from restarting automatically.
Then I noticed that Norton got corrupted. I can't update any new virus definition files, and all components can't function properly. At first, I reinstalled Norton again, but a week later, it got corrupted again. Oh well... Nowadays, more and more virus, worm, and Trojan horse authors are getting a lot smarter than before, and would even attempt to attack antivirus programs trying to stop them.
Then, I discovered that my computer only acts abnormally every time I'm connected to the Internet. (Offline, my computer shows no signs of abnormality at all.) So I theorized that maybe my computer was never got infected by this "worm" whatsoever in the first place. I'm afraid that, maybe, my computer got hacked...
I quickly opened the Windows Firewall dialog. Turns out that, after all this time, it has been disactivated! I have one pet-peeve against Symantec, the company that created Norton. Symantec is so confident of their firewall tehcnology that's part of Norton that, every time a user installs Norton into their computer, it'll also automatically deactivate Windows Firewall, so that they can only able to rely on just Norton's firewall protection.
With a flash, I turned Windows Firewall back on. Norton would then show me a dialog that Windows Firewall has been activated, and offers me the option to deactivate it so that I can instead rely on its own internal firewall. I clicked "No", but before that, I even set the option to never ask this question ever again. Of couse, I'm aware that Windows Firewall alone isn't adequate enough to protect my computer from hackers and worms, but any additional security measures like Windows Firewall in addition to third-party firewalls are always better, and it can double the protection when browsing the Internet.
Since then, my computer no longer acts abnormally anymore.
What an experience! x_x I was unable to sleep well during those periods, because I kept thinking about my computer. Sometimes, I even had nightmares about my computer breaking down afterwards. Well, at least I don't have to reformat the computer again... I've almost about to reformat my computer as a last resort just in case there's no hope left to deal away with this mysterious worm that turnd out the be a hacking attempt. Reformatting will destroy all files in my computer. Thank god, at least I've formed a habit to always make backup copies of my most important files.
Sebelum aku memulakan cerita ini, aku nak gitau yang aku sekarang tengah guna komputer baru. Maaflah pasal tak kerap kali update page ni. Cuma aku jarang-jarang rasa nak pos blog banyak-banyak. Bukan aku taknak pos entry baru; kadang-kadang tu, ada juga rasa ragu sikit samada nak atau taknak pos entry-entry tersebut.
2 minggu lalu, komputer baru aku tetiba berkelakuan pelik. Norton Internet Security 2007 yang diinstal kat dalam komputer tetiba mula tunjuk report yang komputer sedang menghantar banyak-banyak e-mel tak henti-henti. Aku terkejut pasal ni; setakat yang aku tau, tak pernah aku gi hantar e-mel sebanyak ni. Pastu Norton tunjuk skrin dialog yang sesetengah daripada e-mel ni kena direject server-server e-mel kat luar sana, atas sebab alasan "spam".
Aku naik panik; memang patut pun aku naik panik, pasal aku baru jer beli komputer ni baru bulan Ogos lepas! So lepas cabut dari Internet, aku cepat-cepat runkan komponen Norton Antivirus. Hampa; Norton langsung tak dapat jumpa virus/worm/kuda Trojan pun. So aku pun scan komputer ni juga menggunakan AVG dan Ad-Aware, dan pastu McAfee, F-Secure, dll. Tak ada satu pun yang boleh detect worm ini!
Aku langsung tak tau camna worm ni boleh masuk kat dalam komputer aku. So aku pun cuba restore komputer ni ke keadaan dahulu kala (atau dengan tepatnya, 3-4 hari lalu sebelum komputer tetiba mula hantar spam) menggunakan System Restore. (Norton sejak versi 2006 menggunakan opsyen untuk melindungi program daripada diedit program luar, maka aku uncheck opsyen tu dulu sebelum melakukan System Restore pasal ianya boleh menggangu proses system restore.) Langsung tak berkesan! Komputer masih hantar spam dengan lebatnya.
Kemudian, komputer start tunjuk report yang proses RunDLL32 tetiba terhenti tanpa sebab. Bukan tu jer... Pastu, servis Plug and Play pulak yang terhenti: Ini menyebabkan komputer aku terestart. So aku buka dialog Services, dan gi edit property servis Plug and Play menukarkan opsyen apa yang komputer akan lakukan kalau servis ni diterminate dari "Restart computer" ke "Restart service".
Tapi, lepas tu, service DCOM Process Launcher pulak yang terhenti dan ini juga menyebabkan komputer aku terestart semula! Aku cuba ubah opsyen terminasi seperti Plug and Play jugak... Tapi opsyen-opsyen DCOM langsung tak boleh diubah! Aku rasa ni pasal kebanyakan servis dalam komputer memang memerlukan sangat servis DCOM ini supaya boleh beroperasi dengan betul. Untuk menghentikan komputer dari restart, maka terpaksalah aku guna command "shutdown -a". Ini menghentikan komputer aku daripada restart dengan sendirinya.
Pastu, aku dapati bahawa Norton dah jadi corrupt. Takleh nak update fail definisi virus, dan kesemua komponennya dah takleh fungsi dengan betul. Pada mulanya, aku reinstall Norton balik, tapi seminggu pastu, ia jadi corrupt balik. Biasalah... Baru-baru ni, individu yang tulis virus, worm dan kuda Trojan dah makin lama makin jadi pandai, dan cuba attack program antivirus supaya ia tak boleh dihentikan.
Kemudian, aku dapati bahawa komputer aku hanya berkelakuan pelik setiap kali komputer connect ke Internet. (Kalau offline, komputer macam normal jer.) So aku theorize yang, sebenarnya, komputer aku langsung tak pernah dicerobohi "worm" tersebut selama ni. Aku takut yang komputer dah kena dihack...
So aku cepat-cepat gi bukak dialog Windows Firewall. Rupa-rupanya, selama ni, Windows Firewall tidak diaktivasi! Ada satu benda yang aku nak naik darah dengan Symantec, syarikat yang tulis Norton. Diorang terlalu konfiden dengan teknologi firewall diorang yang disertakan dengan Norton, sehinggakan setiap kali user install Norton kat dalam komputer, ia juga akan secara otomatiknya menyahaktivasikan Windows Firewall, supaya user hanya menggunakan teknologi firewall diorang jer.
Dengan pantas, aku aktivasikan balik Windows Firewall. Norton kemudian memaparkan dialog bahawa Windows Firewall teraktivasi, dan tanya kat aku samada nak atau tidak tutup balik Windows Firewall supaya aku boleh guna firewall Norton jer. Aku tekan "No", tapi sebelum tu, aku pun tandakan opsyen supaya ia takkan tanya soalan tu lagi. Memanglah Windows Firewall tak mencukupi untuk melindungi komputer daripada dicerobohi hacker dan worm, tapi adalah lebih baiknya kalau ia juga diaktivasi bersama dengan program firewall lain, supaya boleh increasekan lagi keselamatan komputer setiap kali ia connect ke Internet.
Sejak itu, komputer aku dah tak berkelakuan pelik lagi.
Teruklah experience aku ni! x_x Masa komputer kena dihack masa tu, aku takleh tidur malam pasal terlalu risaukan komputer. Kadang-kadang tu, dapat mimpi buruk yang komputer rosak terus lepas tu. At least, nasib baik tak perlu reformat semula komputer... Aku dah nak hampir-hampir nak reformat semula komputer sebagai last resort kalau komputer dah takde harapan lagi untuk membuang worm mysterious ini yang rupa-rupanya satu attempt untuk hack computer ini. Reformat akan memusnahkan semua fail kat dalam komputer. At least, nasib baik, kebelakangan ni, aku dah form satu habit untuk sentiasa membuat backup copy fail-fail yang penting.
----------
I have saved my computer after a nightmare... x_x
Before I begin, I just want to tell you that I'm now using a new computer. I'm sorry for not updating this page more often. It's just that I seldom felt like posting my blogs that often. Not that I don't want to; sometimes, there are times when I'm in doubt whether or not to post such entries.
Two weeks ago, my new computer started acting weird. Norton Internet Security 2007 installed in my computer started reporting that my computer is sending mass e-mails non-stop. I was shocked; all I know is that I have never send e-mails this much. Then Norton showed dialog screens that some of these mails got rejected from servers for "spams".
I panicked; of course, I do have to, for a good reason: I've just bought this computer last August! So I quickly disconnect it from the Internet, and scan it using Norton Antivirus. No luck. it can't find any viruses/worms/Trojan horses at all. I also even scan this computer using AVG and Ad-Aware, and then McAfee, F-Secure, etc. None of them are able to detect this worm!
I have no freaking idea how this worm got into my computer. So I tried restoring the computer to an early state (more exactly, 3-4 days before my computer start sending spams) using System Restore. (Norton since version 2006 implements the option to protect the program from being edited by outside programs, so I unchecked this option before initiating System Restore because it can disturb the system restoring process.) It doesn't work! My computer still sending hordes of spams.
Then, my computer told me that the RunDLL32 process mysteriously suddenly shut-down without any known reason. Not only that... After that, even the Plug and Play service got shut-down, which triggered my computer to restart. So I quickly go to the Services dialog screen, and edit Plug and Play's property from "Restart computer" to "Restart service".
But then, the DCOM Process Launcher service would also mysteriously shut-down as well, which also triggered my computer to restart, too! I tried changing the termination option like Plug and Play, too... Unfortunately, DCOM's options can't be changed! I guess this is because a lot of services in my computer rely this service a lot to function correctly. To stop my computer from restarting, I'll have to use the "shutdown -a" command, which cancels my computer from restarting automatically.
Then I noticed that Norton got corrupted. I can't update any new virus definition files, and all components can't function properly. At first, I reinstalled Norton again, but a week later, it got corrupted again. Oh well... Nowadays, more and more virus, worm, and Trojan horse authors are getting a lot smarter than before, and would even attempt to attack antivirus programs trying to stop them.
Then, I discovered that my computer only acts abnormally every time I'm connected to the Internet. (Offline, my computer shows no signs of abnormality at all.) So I theorized that maybe my computer was never got infected by this "worm" whatsoever in the first place. I'm afraid that, maybe, my computer got hacked...
I quickly opened the Windows Firewall dialog. Turns out that, after all this time, it has been disactivated! I have one pet-peeve against Symantec, the company that created Norton. Symantec is so confident of their firewall tehcnology that's part of Norton that, every time a user installs Norton into their computer, it'll also automatically deactivate Windows Firewall, so that they can only able to rely on just Norton's firewall protection.
With a flash, I turned Windows Firewall back on. Norton would then show me a dialog that Windows Firewall has been activated, and offers me the option to deactivate it so that I can instead rely on its own internal firewall. I clicked "No", but before that, I even set the option to never ask this question ever again. Of couse, I'm aware that Windows Firewall alone isn't adequate enough to protect my computer from hackers and worms, but any additional security measures like Windows Firewall in addition to third-party firewalls are always better, and it can double the protection when browsing the Internet.
Since then, my computer no longer acts abnormally anymore.
What an experience! x_x I was unable to sleep well during those periods, because I kept thinking about my computer. Sometimes, I even had nightmares about my computer breaking down afterwards. Well, at least I don't have to reformat the computer again... I've almost about to reformat my computer as a last resort just in case there's no hope left to deal away with this mysterious worm that turnd out the be a hacking attempt. Reformatting will destroy all files in my computer. Thank god, at least I've formed a habit to always make backup copies of my most important files.