Skip to main content

I used to clean computers from viruses

Back in 2005-2006, when my friends were playing WoW, I got hooked on something much weirder. Some contemporaries may remember those as the start of their MMORPG careers. For me, those were the heydays of (anti) malware.

It all started as I installed the first antivirus software on our family PC, and oh boy did it find a lot of stuff. Perhaps it was that incident that triggered my fascination with viruses and malware. It cannot be overstated how bad the malware situation was back then. Every home PC had some adware/spyware installed. XP was riddled with holes. Virus scanners were falling behind the latest threats.

I began to read everything I could find about viruses. I lurked obsessively in Wilders' security forums and SANS internet storm center, which were the hubs for security-related news back in the day.

Unsurprisingly, corporate security was not my focus point as a 15-year-old. I was solely interested in malware. Can't really remember was there something specific about it, or was it just general geeky interest. Somewhere along there, I joined a Finnish security enthusiast community (IRC channel) and saw something called a HijackThis log.

HijackThis was the weapon of choice when the antivirus software was not enough. It is a Windows-specific tool that dumps a log about running processes, services, and registry entries. Given the security crisis at the time, popular tech forums began to provide a platform for security enthusiasts to help victims of malware.

The idea was simple. One downloads HijackThis (HJT), runs the scan, takes the logs, and posts a new message to the forums. There someone would analyze it. I actually found a thread answered by 15 old me from 2006. Someone, give me a medal!

A log from an infected computer. Can you spot the Trojan horse process?

I happened to join the largest Finnish home PC security-related community at an opportune moment. I got to know a few key people there and went through training to obtain permission to analyze the HjT logs. The job title was "fixaaja" a finglish term meaning someone who decontaminates your computer. Some of my mentors became so good at curing XPs of viruses they received Microsoft MVPs. I remember them being very secretive about which perks they would gain besides free Windows licenses.

This all sounds boring, but those were exciting times. I was on the front and concretely witnessed the increase of people needing help during bad outbreaks. There was also a bit of a cat and mouse game ongoing where HjT analysts sometimes hid their work from the most elaborate rootkit writers. Honestly, I can see a massively popular YouTube documentary about the subject.

I still can remember the standard set of processes running in Windows XP by heart. I know my way around the windows registry. I also discovered the art of googling, the foundation of my later career. Although my day job is not with compsec, I'm fortunate that my programming career kicked off there.

I also learned that virus scanners are effective but only up to a point. I have stopped using antivirus software (I obviously keep the inbuilt windows one on)

Luckily, I did not end up as a script kiddy but rather a trooper on the other side.

Labels:

Comments

Post a Comment

Popular posts from this blog

I'm not a passionate developer

A family friend of mine is an airlane pilot. A dream job for most, right? As a child, I certainly thought so. Now that I can have grown-up talks with him, I have discovered a more accurate description of his profession. He says that the truth about the job is that it is boring. To me, that is not that surprising. Airplanes are cool and all, but when you are in the middle of the Atlantic sitting next to the colleague you have been talking to past five years, how stimulating can that be? When he says the job is boring, it is not a bad kind of boring. It is a very specific boring. The "boring" you would want as a passenger. Uneventful.  Yet, he loves his job. According to him, an experienced pilot is most pleased when each and every tiny thing in the flight plan - goes according to plan. Passengers in the cabin of an expert pilot sit in the comfort of not even noticing who is flying. As someone employed in a field where being boring is not exactly in high demand, this sounds pro...
Post a Comment
Read more

Canyon Precede:ON 7

I bought or technically leased a Canyon Precede:ON 7 (2022) electric bike last fall. This post is about my experiences with it after riding for about 2000 km this winter. The season was a bit colder than usual, and we had more snow than in years, so I properly put the bike through its paces. I've been cycling for almost 20 years. I've never owned a car nor used public transport regularly. I pedal all distances below 30km in all seasons. Besides commuting, I've mountain biked and raced BMX, and I still actively ride my road bike during the spring and summer months. I've owned a handful of bikes and kept them until their frames failed. Buying new bikes or gear has not been a major part of my hobby, and frankly, I'm quite sceptical about the benefits of updating bikes or gear frequently. I've never owned an E-bike before, but I've rented one a couple of times. The bike arrived in a hilariously large box. I suppose there's no need to worry about damage durin...
Post a Comment
Read more

Extracting object properties from an IFC file with IfcOpenShell

Besides the object geometry information, IFC files may contain properties for the IFC objects. The properties can be, for example, some predefined dimension information such as an object volume or a choice of material. Some of the properties are predefined in the IFC standards, but custom ones can be added. IFC files can be massive and resource-intensive to process, so in some cases, it helps to separate the object properties from the geometry data. IfcOpenShell  is a toolset for processing IFC files. It is written mostly in C++ but also provides a Python interface. To read an IFC file >>> ifc_file = ifcopenshell.open("model.ifc") Fetch all objects of type IfcSlab >>> slab = ifc_file.by_type("IfcSlab")[1] Get the list of properties >>> slab.IsDefinedBy (#145075=IfcRelDefinesByType('2_fok0__fAcBZmMlQcYwie',#1,$,$,(#27,#59),#145074), #145140=IfcRelDefinesByProperties('3U2LyORgXC2f_hWf6I16C1',#1,$,$,(#27,#59),#145141), #145142...
Post a Comment
Read more