Virus-free or virus hiding: is my computer Conficked or just fine?
April 27, 2009 11:44 AM   Subscribe

On April 1 (bad news, I know), my antivirus program (Avira) warned me that it had not been able to retrieve definition updates from the internet.

It has been a frustrating saga to figure out what might be wrong; if you're not into the saga, skip to the last paragraph for an executive summary.

I immediately had Avira run a full-system virus scan, which picked up what Avira called a Trojan (dropper?) in my Temp files that was promptly quarantined. Searching Google, the only info I found to get rid of Dropper was to install MalwareBytes and run a full scan. Well...

I checked MalwareBytes, which I already had installed eight months ago, to find that it also wasn't updating. MalwareBytes did not pick anything up in its full scan. I tried re-naming MB, but the problem was not accessing it but rather updating, and renaming did nothing.

At this point, I tried TrendMicro to see if a program that was not on my computer would pick anything up. It did not.

I then tried grabbing manual updates for Avira via a USB drive from an uninfected computer. The files fail to correctly integrate with Avira.

I also know that my Adobe, Flash, and Java programs were all nagging me to update, and I had not done so for at least five months (not my brightest move).

Several days later, I checked to see if Windows Update was working, which it wasn't. The internet, yes, Update, no.

I then downloaded Avast to see if that would pick anything up. The most up-to-date version available did not pick anything up in its full system scan. Once Avast was installed, it too was unable to update.

I deleted Avast, then restarted my computer. With restart, the desktop, start menu, and system tray failed to become visible, as did a program (Rocketdock) that I installed two years ago. Restarting again did nothing, but once I restarted in Safe Mode I was able to see the desktop, start menu, etc.

However, at that point, Firefox and IE both stopped connecting to the internet. I know it wasn't my ethernet cord, and I know it wasn't the network. The network has a kick-ass automatic quarantine that I know was functioning correctly at the time, as well as some species of firewall.

I did a system restore to a point shortly before April 1st.

At the exact same time, my power cord died. With the battery dead and no AC adapter, I unplugged the ethernet cable and let the computer sit in hibernation.

Fast forward three weeks, and I was finally able to acquire a power cord and I re-connected the ethernet cable. My computer wakes up, with Firefox open and the tabs all reloaded to current information (i.e. Slate had yesterdays's articles not those from three weeks ago). Well, great.

Avira automatically starts updating, and the update goes through. MalwareBytes updates. Windows Update updates. I immediately do a full system scan, using both MB and Avira. MB once again picks up nothing, while Avira picks up another two Trojans (different ones, this time) in my Temp files. I then deleted the named files. I updated Java, then Flash, but haven't gotten to Adobe yet.

Here is the problem: my system seems fine. Antivirus programs, Update, everything that was haywire, now seem good to go. This just doesn't seem possible when the only thing I did was disconnect the computer to the internet for three weeks, and the system restore (which didn't seem to solve the problem three weeks ago).

Executive summary: Antivirus programs, Windows Update and other critical programs failed to update around April 1, Avira antivirus sees nothing but Trojans in temp files while Malware Bytes sees nothing, power cord dies and is resurrected three weeks later at which point the computer miraculously updates all problem programs and all seems well. This surely can't be right?

Tech specs: I am running Win XP (Media) on a Dell E1405, typically using Firefox 3, with Avira Antivirus, MalwareBytes, and Spybot Search and Destroy all installed and regularly updated, Windows Firewall is on and the network also runs a firewall.