That's Hurt, You Know...

SHUT UP, YOU TRAITOR! SHUT UP, YOU TRAITOR! SHUT UP, YOU TRAITOR! SHUT UP, YOU TRAITOR! SHUT UP, YOU TRAITOR! SHUT UP, YOU TRAITOR!

Well, that was kept resounding in my mind yesterday. I have broke my heart and it was painful. I have betrayed my principal and look what I've got? A wound of my pride.

As you all know, I have stated that I will only helps people with FOSS and said go to hell to W*****s users! But, yesterday I have broke my own words to help a friend. But, instead of cooperation, the one that I tried to help asked my integrity. OMG, don't you know the one that I hate the most is when people trying to ask my integrity.

That SOHO admin, how dare you insulted my integrity.

The story was when a friend call my friend to trouble shoot his network. They've been attacked by virus and it was flooding the network so the network became unusable. Then, it was interesting to help because he is my friend too and I always want to help anybody especially a friend. So, he connected me with his admin.

When his admin asked me, have I ever done this? Then, I simply said yes to him. Then, he asked me what method that I used. I said that I would reformatted the infected computer. He said that this was not a viable option, so he asked for another methods.

The other method that I suggested him was to shut the infected computer and scanned the harddisk with another clean computer that had an updated antivirus. I barely heard what he said but, I think he didn't want to do that to all the computer infected. So, I suggested he did that with a sample and then he could googled it to find the virus removal.

He said that he already used a corporate antivirus but it failed to scan and asked me of something new. So, I thought it might be a trojan/worm combined with adware/malware. So, I suggested him with Windows Defender or having an online scan. Gosh, I thought up into this point he would realized what he would do.

But, he asked me again of my capability, the same question of having this problem solved before. So, I stated my status as an UI admin and said to him that in our place, cases like this would ended up with some networks being banned. I know, that wasn't an answer to his problem because of the different scale of our network. So, I thought I just have to give him an easier (temporary) method that was to rollback the system.

I asked him to do activate his last restore point which haven't infected with the antivirus. I instructed him to have the restore point. But, he said he didn't know how to do that. So, I asked him to reboot the computer and went to system mode.

Now, this was the painful part. He ASKED me again if I ever done this before. He said that he already got into the safe mode and it didn't work. Gosh! That pissed me! He even didn't asked what to do in safe mode. Or, if he really done the restore point, he could just said that he already done that and the result was ineffective.

Man, what kind of attitude was that? Questioning me as if being an UI admin meant nothing?

I could restated my status and said how BIG is the network that we handle here. But, it would means that I just kept boasting and that would made me an arrogant. That's not what I intended to be of myself. I am in learning to become humble everyday but that third time question blows my angered pride. So, I got back to the first answer and played dumb by saying I would just reformatted the computer. And the conversation was off.

If he ever asked me nicely of how to isolate the virus, I would gave him tips.

First, about the infected computers. Reformatting is the only option, if you don't have the virus removal, the virus will never got away. Today's virus is equipped with the ability to polymorph. Even if you manage to hunt down every single one of them, you still have a computer with vulnerable system. For my experience, the cleaned computer was always have their performance degrading in significant terms. Furthermore, the computer registry was in total mess because virus removal, that I know, didn't fix the registry to its fullest state.

So, if he asked me why we ran the System Restore, I would suggested him to have his system in older state where the registry, some system libraries, etc in a good state so he can saved the document.

Maybe he was arguing that the document was already infected. Right, but recently I have encountered that kind of viruses. So, if he asked me nicely of how to backup the data, I would give him my steps.

First of all, I would examine each process that runs in the infected computer and kill the process. If the running process is starting again automatically, it means it was registered to a service. So, I would see what service is running and try to shut the culprit down. So, the memory is in good condition. But, I know that would be a dull action, because you have to do it every time you reboot.

So, if we continued our conversation, I would suggested him to backup all the important documents. I know one of the symptoms of infected computer is the computer hide the extension of the computer. The virus is actually a .scr (screen saver extension) playing as if it is an office document. The real document is hidden and attributed as a system file.

In order to recover the data, I would go to the console and cd-ing to the directory. This is the example: (My Documents is in drive G:)

# G:
# dir /ah <-- You could add /s if you want to examine the subdirectories.

This is done in case there are hidden files with extension .doc or whatsoever, so you could safely erase the .scr file. My only concern is if the virus is the document itself, so when you delete the .scr you too wipe out the document. In that case, you should convert all the documents into a Rich Text Format, or you just simply ke laut aje (tm).

# attrib -s -h -r +a *.doc <-- change the files attributes into archive files, not system files.
# del *.scr

Use /s if you want to have it done into subdirectory too. Mount a clean drive and move all the important docs there.

That was an option. Another option is to put a clean (non-infected) antivirus into your USB stick and use it in safe mode to delete the viruses. If he didn't questioning me, I would asked him to go to www.portableapps.com and downloaded ClamAV for W*n (Portable Version) and updated its virus definition. With that, he can then scanned the infected computers.

How about the network?

Well, if I were the system admin, I would try to subnet the network into several subnet. I know that most SOHO use subnet 24 as the result, the virus can broadcast into more that 200 IP and flooding the network with its data. Why not use non standard subnets? You still have a DNS, gateways, and etc so the networks still could talk each other without ever imposed extremely.

My second recommendation is to use unusual ports. Why not using ports with at least 5 digits? You could set a proxy and email controlled with higher strain. Current viruses and malware/adware use commons port to open a connection. By using the unusual port, we can close all the ports but the used and left those things crippled. So, you could protect your network from brute viruses and those ware (malware/adware).

How to set it up? W*nXP SP2 have firewall enabled by default. You could set the thing to block any ports and, boys and gals, you could explore the administration tools for reporting etc. Or, you could even use third party software to do so.

What is my preference? I would migrate ALL the important systems into GNU/Linux. It don't have viruses, yet. It may vulnerable against DDoS too, but you could easily block it with iptables. Yeah, I know iptables is for hardcore people. But, it's well proven to be a big hit to use it against viruses, those ware, and abusing users. You could even sets the mailserver there. The email could be scanned before downloaded into the client's computer without a risk that the machine would have been infected. That is the way I would choose.

Alright, I think I have said my feelings here. So, further methods that came into my mind will not be written here (if not, this entry would be a book ^^).

I have been scolded with a Highschool graduate, but I can accepted him. In his view, what I did is undesirable. I still respected him and consider his will. By default, I always put everyone in a position of respect. I claim equality towards all people. But, one thing that I don't like is when people asking my integrity. Asking once could be comprehended, but asking it too much makes me play dumb and acting like the way he/she thinks I am to walk away.

Please note, I have the ability to life by myself independently and just see everything (including people) as a tool to achieve my objectives. That's why I've never liked any girl before. But, my father said to me that people is not a machine. I also realize, life is boring if you can control everything and knows the result. Also, I have touched by my Lord so that I could accept and treat people properly and have feelings too.

Because of that, the one thing to make my life more interesting is to have my GPA between 2.75 and 3.0 (though I've failed to do so, I have 3.01). By doing so, I could prove myself that I can go up from bottom. I could learn myself to have humility in life. That's my goal, to have a life humble and to help people with my ability.

You don't know what was my ability in the past, you couldn't even measure how deep is my knowledge now (for I always hide it in the sake of being humble). But, it should be a lesson that you couldn't do it too to anyone. Because anyone have their own ability. Anyone have their own skills that they themselves didn't realize. That's my second goal in life. To show people to not think lowly about other people.

I hate people that look down into others. If we have advantages doesn't mean we can easily put aside others. What is it a good of a life without ever helping people? What is it a good of a life if you can only think nothing but yourself?

This is the thing that I've learn:
NEVER UNDERESTIMATE ANYONE.

I have gain many knowledge unpredictably from people that many thought of lowly. I have experience many fun uncovered by being with someone that others may never see. They are something and The Lord always teaches me that everyone is created for special purpose and that purpose is a significant one.

Well, I have remember my religion and I send forgiveness. Hmm... this blog is cool, I could say my uneg-uneg here.

Comments

  1. iptables is not for hardcores :p

    ~hehehe

    ReplyDelete
  2. wow..

    The it was a very-long article, mate!

    ReplyDelete
  3. @zaq:

    It is for those lame W*n users...:)

    ReplyDelete
  4. Hmmm
    "I will help all people, not matter the OS they are using ..."

    *KABOOR*

    ReplyDelete

Post a Comment

Popular Posts