I just got clobbered by something that, as best as I can figure, must have jumped into the system if I moused over something on the page at Photobucket after uploading an image there. A dialog box popped up telling me I had a trojan and Windows wanted me to load a new program to kill it. I was using firefox, and saw the download box pop up and Adobe Acrobat start to open, but I was using WinPatrol and Kerio Firewall and they were asking if I gave permission to open these. I didn't, but still got clobbered.

This program, whatever it was, loaded through a file called Kolobok.pdf. I closed browsers and ran a quick scan with the antivirus we use from work (Microsoft Share Point). Didn't find a thing. So I opened Spybot Search&Destroy, updated it, and let it scan. It found several things that tried to affect registry changes, and in the process of infecting the computer had set up dialogs to disable task manager, disable the ability to change wallpapaer, and make no active desktop changes. Even after finally getting the little red X from my system tray to go away I couldn't change the desktop back to it's original background. I used System Restore to go back a couple of days. Earlier today I had changed my wallpaper (to none, with a black background) and the desktop was none with a white background as a result of this attack. System restore put me back to the horsehead nebula in Orion that I had on before.

This was nasty. It is how it got there that is troubling--I wasn't downloading anything, I didn't open anything. I moused over something.

Last week a page and dialog box opened and tried to tell me I was under attack. A dialog box with the typical blue bar on top and the white x appeared, and I know they had set this up so clicking the x wasn't going to close it. I did click it to see what would happen, and it opened a web page (firefox again) that gave me a screen that looked like firefox was running an active scan and I needed to act swiftly. I always close these things with the control/alt/delete access to the Task Manager, but as you can see from above, that wouldn't have worked, and simply turning off the computer would have allowed the thing to write itself to the registry during shutdown.

I will reiterate: if I ever meet one of these designers on the street, I'm going to kick him in the balls. Hard.

Looks like it's time to do a big backup again.

SRS