Picture the scene. It was early evening, and I was, as is my wont, footling around on my computer. I decided I would like to download and install some new software that would allow me to bulk-grab images from websites. Er… that’s websites with addresses like lookattheprettyrainbows.com, obviously. What sort of a pervert do you take me for? Oh, yeah, right…
So anyway, I had a quick google to see if such software existed, and it did. I found one particular package that mentioned the word ‘free’ in practically every sentence: ‘free download’; ‘free to use’; ‘no usage restrictions’; and so on. I downloaded it in preference to other alternatives, mainly because it made a point of being able to grab images from ImageBam galleries, which I knew, from reading a couple of forum posts that cropped up on my google search, not all bulk-image grabbers can handle. (ImageBam is a free image-hosting service, and it’s very popular with people who run blogs that gather together pictures of…er – what was I pretending I was looking at again? oh, yeah – rainbows.)
I downloaded the software. It was free, as promised. I installed the software. It was free, as promised. I launched the software and pointed it at a gallery. It told me it could see the pictures, and it even automatically spotted the difference between the thumbnails (which I wouldn’t have wanted to download – you can’t see the…er…colour gradations properly on a small picture) and the full-size linked images. I clicked on download. It asked me to specify a folder to download the images into. It asked me if I wanted to re-name the images as they were downloaded, or if I just wanted to add some particular characters at the start of the filename. This was a very useful feature, I thought. The gallery had lots of pictures of the same attractive 22-year-old…uh…rainbow, and I was quite taken with the idea of being able to have all the images delivered into a specified folder and renamed so that instead of just being labelled ‘001, 002, 003, etc’, as they were on the site, they would be labelled ‘Eric 001, etc’. (What, you don’t give pet names to your favourite rainbows? You’re weird.)
I clicked ok, and momentarily thought everything was going swimmingly. Then a dialog box happened:
This software is for evaluation purposes only. Register now for a one-off fee of only $24.95 to enjoy unlimited downloads.
To say I was pissed off would be putting it mildly. Now, I will admit that I didn’t actually read the licence agreement that came with the software before I clicked ‘I accept’, and that, had I done so, the one-off fee would probably have been mentioned. It’s also possible it was mentioned on the download page, hidden under all the system requirements info. In my defence, no-one ever reads those things, and, anyway the words free and unrestricted had been scattered so liberally through the description of the package that I just assumed it was, you know, free. It’s not an unreasonable assumption – computer geeks like to program stuff just for kicks, especially if it’s technically complex to achieve. Then, into the bargain, some of them also tend to be the sort of people who spend quite a lot of time on their own in their bedrooms feeling frustrated, and so might be attracted to the idea of bulk-grabbing pics from the internet. (That’s pictures of rainbows, obviously – it’s their lack of contact with the great outdoors that frustrates the poor lambs. Honestly, you people, minds in the gutter…)
Anyway, I found myself on the horns of a dilemma (though, if I’m honest, this wasn’t the kind of horniness I’d been hoping for…). Paying the fee wasn’t an option. For a start, I don’t have a credit card, for a follow-up I would be extremely loath to pay for something that only really saved the inconvenience of right click –> Save as…, and for a final coup-de-grace, I’m not really in the position of being able to spend money without planning for it weeks in advance. That only left two options, if I wanted to persist in my dream of downloading oodles of rainbows in double-quick time – swear loudly, uninstall the software, and go looking for an alternative that actually was free, or (cue sinister music) go looking for a crack for the software or another workaround that would let me use it for free.
Well, ladies and gentlemen of the blogosphere, I’m afraid I went for the second option. To be fair to me (which I always am…), it wouldn’t have even been an issue if the software developer had been upfront about the charge, because I would have downloaded one of the many freeware alternatives instead. It was only because I felt that I had basically been tricked into downloading the software under false pretences that I was motivated to try and get at it for free. But, anyway, theft is theft (he said, with a paranoid fear that the Elders of the Internet might be about to strike him dead for failing to respect intellectual property laws…), so I can’t really complain about what happened next.
I went skulking through the nether regions of the net, and eventually came across a website that offered a keygen for the software I had downloaded. Glancing furtively about me, I clicked on download—
But, before I go any further, let me slip out of narrative mode for a moment, to tell you what I know perfectly well about catching viruses on the net. I know, for example, that downloading something that’s illegal is a high-risk activity. There’s that old saying that you can’t trick an honest man – well, the online version of that is that it’s hard to infect a computer that only accesses legitimate content from well-known providers. So I should have already had my guard up. Then, too, I know that downloading an unfamiliar exe from an unknown and unverified source is extremely risky, because by doing this you are essentially saying to a total stranger – ‘Here, let me help you with that mysteriously long and thin package you’re struggling with. I’m sure I’m not doing something really stupid, like volunteering to carry the rifle you’re going to shoot me with later.’ Just to recap I should have been very aware that what I was doing was risky, and that if I persisted then I needed to be really, really, really careful to keep my natural idiocy in check. Ok, back to the narrative:
I was given the option of running the exe then and there, or of downloading it first. At this point I was, I’m pleased to report, mildly sensible. I thought to myself ‘Hmmm, mystery illegal exe from unknown source – perhaps better scan it for viruses first’, so I opted to download. As the file was downloading, I noticed that it had a rather odd file name – it was labelled keygen.txt.exe. I sat watching the file download, and as it did so I thought to myself, ‘Hey, that’s like that thing virus writers do – use two file extensions, so when Windows auto-hides the real file extension (.exe), the file will sit on the hard drive looking for all the world like it’s an innocuous .txt file, and so will be far more likely to be double-clicked by some ignorant computer user who doesn’t know enough to know that a .txt file ought to have a different icon.’
Yes, that’s right. I actually sat there pointing out to myself that an illegal executable file I was downloading from an unknown and unverified source had been named in a way that raised the very distinct possibility that it was infectious, but this didn’t make me stop to consider my own actions. Oh, dear me, no. Instead I sat there congratulating myself – actually congratulating myself! – for being ‘superior’ to the kind of people who might be fooled into giving some kind of malicious software a home on their computer. The word ‘D’oh!’ doesn’t really cover it. But there’s more.
Because that’s the other thing I should have realised – the length of time it was taking for the file to download. I would have expected a keygen to be a fairly small program – all it needs to do is generate a string of letters and numbers according to the rules by which the software manufacturer produce their own legitimate serial numbers. Instead, I sat there watching as a more than 2mb file – a file that was all but waving a banner under my nose saying ‘I’m a virus!’ – downloaded itself (from a very slow server) to my hard drive. I did vaguely take note of the size, but I completely failed to connect it – or any of the other things – to the likelihood that the file I was downloading was a virus. Like I say, I’m an idiot.
In my defence, fully up-to-date antivirus software was running in the background as I downloaded, and the particular program I use is specifically supposed to keep a watch on things that are being downloaded (or uploaded, for that matter). In my further defence, once the download was complete, I pointed the new file out to my antivirus software, and asked it to scan it – it produced a lovely report telling me that it had examined 1 file, and that it had found 0 infections. Now, of course, I understand there are millions and millions of viruses in the world, and that antivirus software will typically only protect against the most widespread ones. The manufacturers also, very reasonably, assume that someone with the foresight to make sure that they have antivirus software installed is clued-up enough not to do patently idiotic things like downloading obvious viruses. Nonetheless, it does begin to occur to me to wonder why I have antivirus software, if it is incapable of detecting a virus until just fractionally too late.
That’s the thing, you see – it did eventually start throwing up panic-stricken red-for-danger dialog boxes, but only once the .exe was running, and the virus was actually active in RAM. Not that these dialog boxes were any actual help. The first one told me that a virus had been detected, although given that by this stage I had watched reams of gobbledegook being automatically inserted into multiple command prompt windows that opened themselves faster than I could shut them, this didn’t really come as news. The second dialog box told me that it had been unable to repair or quarantine or delete the infected files. The third told me the name of the virus (it was called ‘Trojan’, apparently, which seems like a very unimaginative name), and, so it thought, the location of the file so that I could delete it manually – except the file address was given as something like :\.\.\.\.\Trojan. In other words, it hadn’t even told me what drive I should look on (I have two physical drives in my computer, both partitioned, which makes for a total of 4 drives as far as the operating system is concerned), and it was clearly buried deep in a nest of folders.
Searching for this manually would obviously be an impossible task, and anyway, given the command prompts I was fairly sure it had written itself all through the registry, which would have meant that just scrubbing the easily-identifiable files out of the directory structure wouldn’t have done much good. I did have a half-hearted look to see if I could do an automatic search – but the virus was by this stage blocking access to most of Windows.
I was also distracted by the fact that my screen was disappearing under a blizzard of dialog boxes. Some were coming from my firewall (that part of my internet security program did it’s job, at least), and were thus giving me the opportunity to permanently block internet access for all kinds of innocent-sounding things (‘Windows Diagnostics Logon Tool’ is one I remember) that were obviously the various names the virus was masquerading under. Others were being produced directly by the virus itself. They were designed to look like Windows error messages, but, because I have skinned my copy of XP to look like Windows 95, they didn’t look right. I was quite pleased about that, because the ‘error’ they were reporting – ‘The application had to be terminated because it was infected. Please launch your antivirus software.’ – looked very plausible. As it was, the funny look was sufficient to make me realise that it was the virus that wanted me to launch my antivirus software, and that this was, therefore, the last thing I should do.
Unfortunately, it became increasingly apparent that there wasn’t a lot else I could do. Access to System Restore was blocked (not that it ever actually works, but still…). Access to the control panel was blocked. [CTRL] [ALT] [DEL] only brought up a ‘The application had to be terminated…’ dialog box. Access to the ‘Run’ dialog on the Start Menu was blocked, so I couldn’t launch msconfig or regedit (not that I’d have had a clue how to edit the registry without a step-by-step guide – I am reasonably tech-aware up to a point, but my ‘expertise’ runs out way before that level). I even got so desperate I tried launching the No-Help and Lack-of-Support Center, but that was blocked, too. At this point it seemed fairly obvious to me that my options were reduced to either formatting and reinstalling windows, or scanning the system with my antivirus software first, and then formatting and reinstalling after that didn’t work. I decided on the second option, but with some apprehension, because of the virus having made it so obvious that it wanted me to do that.
Initially, launching antivirus didn’t seem to have any negative effects. After the scan had been up and running for a few minutes the system did experience a Blue Screen Of Death, but I can’t say for definite that was a result of the virus – my PC is fairly elderly, and the connectors on the memory-chip are slightly wonky, so BSODs are a fairly frequent occurrence at the best of times (and something as resource-heavy as a full-scale virus scan isn’t the best of times). In any case, this meant that I now had no option but to reboot, with all the opportunities that gave the virus to insert itself more fully into the operating system. It did occur to me, as I was rebooting, that I should try and launch in safe mode, but in the heat of the moment I couldn’t for the life of me remember which f button you have to press during start-up. In the cold light of day, I think it’s probably either f4 or f8 (or maybe f9), but I’m still not sure – I really ought to check, and then write it on a post-it note and stick it to my pc case.
After the reboot, the virus obviously was affecting the system more deeply, but in ways that I found very strange. It seemed that the virus was doing everything it could to draw attention to itself – it got rid of my desktop image, it put a massive scary icon in the sys tray, it changed some of my programme icons for a big red X, and so on. I was struggling to work out why the virus would want to make itself so obvious that even the most naïve of PC users would know that something was up, but then it became obvious that it was part of a really quite clever psychological strategy.
The virus had obviously managed to recognise that it was trapped behind a firewall, and therefore wouldn’t be able to set about…well, whatever it was that it wanted to do – unless it managed to persuade me to let it past. The obvious impacts on the system were there so that, even if I was really unfamiliar with things technical (and given that I had just voluntarily downloaded and installed the world’s most obvious virus, I’m clearly not as tech-savvy as I’d like to pretend), I would realise that something was up, and would therefore be inclined to believe the next dialog box that popped up. I’ve got to be honest, I’ve forgotten what it said exactly, but it was very plausible. It mimicked the language Microsoft uses to talk about its Malicious Software Removal Tool very closely. By this stage my windows installation had been partially re-skinned to XP native, so the dialog box didn’t ‘look wrong’ any more.
Now, I would love to report that, after my experiences of a few minutes earlier, I was fully primed and able to recognise this bogus box for what it was, but sadly, no. I was so relieved at the idea that there might be a simple fix (and no doubt the sense of relief is what the virus programmer(s) had been intending to create) that I was on the verge of clicking ok, and allowing this special ‘anti-infection tool’ to connect to the internet. What stopped me long enough to think (and it was the only thing that stopped me) was that there were one or two mistakes in the dialog box. So, for example, it told me that ‘Windows needs download’ (rather than ‘needs to download’). I have no idea if the programmers were not native English speakers, or if they were just badly educated, but either way round I am profoundly grateful – without that tip-off, I could have potentially downloaded a whole lot of even more unpleasant nasties onto my system. As it was, I ignored the dialog box, and restarted the virus scan.
After staring blankly into space and criticising myself for an idiotic fool for a few minutes, I checked the scan, and found that it had progressed to a whopping 2% complete. So I decided to go for a long walk – 63% complete – and cook and eat dinner – 78% complete – and watch something mindless on TV, all in order to be told, when the scan finally completed, that there were no viruses on my system. At this point I gave some further consideration to the uselessness of antivirus software that couldn’t spot a virus even when the entire system was massively hamstrung, before deciding to shut down the computer for the night, with the promise that I would format and reinstall the next morning.
In the end the reinstall wasn’t as traumatic as I had feared. It didn’t begin especially well – I had decided to take advantage of the opportunity to re-jig the position of my hard drives in the IDE chain so I could install windows on a larger partition. This involved re-plugging the IDE cables (I know, I could have fiddled around with jumpers instead, but, frankly, life’s too short), and in the process of trying to do this I discovered that the cables weren’t long enough to stretch to where they needed to go. This led to a frustrating few minutes of trying to unscrew microscopically small screws located in the darkest depths of my PC case, before I decided it would be easier just to take the whole thing apart and then put it back together again. This I did, and was just about to reconnect the power and try switching on when it dawned on me that I had failed to reconnect the DVD drive. This involved some more re-plugging, and then, when the cables didn’t stretch, some more screwdriver time moving disks physically round the inside of my machine.
Once I actually got on to the software installation it was fine – lengthy and monotonous, but uncomplicated. (And I had, once again, my customary Thought Whilst Reinstalling Windows – namely that I should create a disk image once I had all the software installed and configured, so that the next install would be a doddle by comparison. As per usual, I have not followed through on this thought, and will now forget all about it until the next time I’m reinstalling Windows.) Anyway, thanks to the larger Windows partition I was able to find space for the various programs I had been gradually uninstalling over recent months to give Windows more room for – well, for whatever mysterious function it needs ever-increasing amounts of disk space for. I was also slightly surprised to find that Windows had (without telling me) been preventing me from receiving certain automatic updates because of a lack of headroom. So I now have Service Pack 3 installed, which I didn’t even know existed, and I also decided to let it install Internet Explorer 8. I find IE fractionally better for a very few things – ‘writing’ (i.e. cutting-and-pasting) posts in WordPress is one of them – so I will doubtless become familiar with it in time, but for most of my browsing needs I have been firmly wedded to Opera for about 9 years, and, based on my (admittedly limited) experiences with IE8 so far, it seems as though it’s still lagging a long way behind.
Most wonderfully of all, the modem installation worked flawlessly, without any 14-hour conversations with ISP scripted drones who are programmed to say things like ‘Is your computer switched on?’, and seem to know virtually nothing about computers. (Seriously, I once talked to one who had to put me on hold to consult with a colleague when I confused him by using the word ‘driver’.) Anyway, this time it worked fine, and I was online within seconds of nervously clicking on setup. (And while we’re on the subject, is it just me, or is the likelihood of whether installing a modem will work or not entirely random? Sometimes I believe there’s a secret Microsoft networking manual somewhere that includes instructions like ‘First walk widdershins around your PC thrice at midnight on the eve of the Hunter’s Moon, then sacrifice a goat of two-summer’s growth, before anointing your modem with its innermost heart’s-blood’.)
Anyway, all in all, I’ve been pretty lucky. The virus wasn’t particularly serious – it didn’t eat my data, it didn’t scramble the firmware on my hard drives, it didn’t write itself into the BIOS and start doing unspeakable things there (although I did have a nasty moment when the system clock seemed to have gone haywire, but it turned out that was because it had changed my location settings in Windows – part of the ‘make the virus obvious’ campaign, I assume). In fact, in some ways it was almost a good thing – my Windows installation had been getting increasingly unstable, and I’d been putting off the reinstall for ages because of my, as it turns out, groundless fear of the modem issue.
At the end of the lengthy installation and configuration process, I did download and install a freeware bulk image grabber, and, you know what? It was rubbish. For a start, it was too big to display properly on my steam-powered (800 x 600) monitor (and the ‘Restore Down’ button was greyed out, naturally), and it also failed to detect any pictures when I gave it the URL for a gallery of pics. It could see a picture if I typed in the URL of each image individually, but that made it actually less efficient than the old right click –> Save as… method. I uninstalled it pretty much immediately. And so, after all that fuss and palaver, I’m back to manually downloading my internet pictures. There’s probably some kind of a moral there.