The Evilness of W32.Swen
Date: 11/10/2003
Despite the rather excellent virus protection in Scribe my dad got swen'd. Simply because it was a convincing enough email pitch (using real graphics and HTML layout) to cause him to save the exe out and run it, despite the explicit warning about virii when he tried double clicking the attachment.

It's some sort of mark of acheivement for a developer when your own parents (esp. non-technical) happily use your software from day to day.

Anyway, so their laptop was swen'd and it was my job (of course) to unswen it. So I tried the usual things:
  • Open regedit - can't the virus has blocked all exe's from loading. Darnit!
  • Boot to DOS and delete the virus - Ok, but now what? I still can't run exe's.
  • Find symantic's "how to" on removing the virus. Which means typing in a bunch of stuff in DOS mode to removed the registry problems. Then run the virus remover.

    So I needed to transfer the virus remover to the laptop, which was where the fun really began. You see their aging laptop has no network of any kind, so I'm reduced to removable media or a laplink type arrangement. Firstly I no longer have a floppy in my box so I pulled out the laplink cable and plugged it in.

    A long time ago I wrote "i.Share", a simple laplink style app to transfer files over a parallel port link. So I fired that up on the laptop and went across to my machine to fire up the other local copy. But there was no local copy, I had somehow misplaced it and no amount of searching through old archives was to yeild a working copy. So I started rewriting the core parts of the application and sending a file from the laptop to the desktop and decoding the simple wire protocol. Then I remembered that the source code was on the laptop as well! Duh, I had it there to test that side of it when I was originally writing the code. So I retyped by hand the receive file function into the desktop and ran it. Then I sent the source code over this make shift link, and thus restoring the desktop copy to it's original glory. Me thinks a better backup stratagy is needed.

    Anyway I think that some more severe anti-exe attachment code is needed in Scribe. Something along the lines of an option to "Delete executable attachments on sight!" type thing to really make absolutely sure that you can't infect yourself. Scorch that earth!
    Email (optional): (Will be HTML encoded to evade harvesting)
    Remember username and/or email in a cookie.
    Notify me of new posts in this thread via email.