punkwalrus (punkwalrus) wrote,

  • Mood:
  • Music:

Tech - Virus Queue

While parsing through a lot of data on a new jpeg virus, I am reminded of back in the old days when I did tech support for America Online in 1996. We had this one major Trojan people were downloading that would log keystrokes when you entered in a password, and then when you signed on, it would telnet an address, and send those keystrokes to it. Well, once our company got wind of this, we would detect the Trojan (any username that connected to the telnet address), suspend the account, and then the user would have to call us and we'd explain they had to reset their password.

I was one of the people assigned to the "test queue" for this. I was, at the time, a "callback specialist," which was some poor schmuck deemed both technically and diplomatically competent enough to deal with "special cases." Up to this point, I dealt with both the banal and obscure; from testing whether the phone cord was really plugged into both the modem and the wall to Rockwell Chip Mwave modem.ini hassles, I covered it all. I didn't have a "call time" to worry about, because some of what I got I knew would take up to an hour to fix or longer.

My boss had a lot of confidence in me, so when the test queue started, he hooked up a headset along with some major corporate bigwigs who designed the Trojan removal scripts to sit in on "a typical call." At first, when I saw the 8 pages of step-by-step directions, I thought, "No one in their right mind will accept a call from a total stranger to go muck about in their Windows Registry." Well, I was wrong. Not one person ever questioned who I was, or where I was from. I guess these are the types of people who download Trojans, so I don't know why I was surprised. The step-by-step script was very thorough, for this I was glad, but they HAD to be done in a certain order, because if you didn't delete certain things in order, it would just reinstall itself, and you would have to do the whole thing all over again. In some steps, if things weren't done exactly right, it would hose Windows. It was a nasty Trojan. It nestled multiple commands and traps in your win.ini, registry, autoexec.bat, windows folders, and startup folder. It showed up in the task list as an invisible process (blank text). It also did some other crap I have forgotten. Luckily, one of the steps was NOT to have your original Win95 CD or floppies (yes, children, Win95 did have the option to be installed from 16 floppies, ten more than the DOS/Win3.1 combo previously), unless the customer hosed something on their own. This only happened a few times, thankfully.

One call will always stand out, however. And it was one of the calls the corp bigwigs were listening in on (Keith Jenkins, if you knew who he was). It started with this conversation:

Phone: [ring ring... ring ring] [a kid's voice answers] Uh, hello?
Me: Hello, this is America Online may I speak with Edna Fuklestein, please? [not her real name - due to security concerns, we could only speak to the billing contact, because we didn't know if one of the people we spoke to was one of the hackers at the time]
Phone: Is this about why I can't sign onto America Online?
Me: It might be. I need to speak to Edna.
Phone: She, uh... doesn't know how to use computers. Just tell me what to do in order to sign on.
Me: I am sorry, but I have to speak to the billing contact, Edna. Is she home?
Phone: Um, no. I'll take care of it.
Me: I am sorry, but can you tell me when Edna will be at home?
Phone: [gasp] She doesn't know how to use a computer. I can take-- [sound of woman's voice with a thick Jersey accent in background] Josh??? Who is that on the phone? Is that for me? [click]

The kid hung up. I looked at Keith and my boss Morris, and we all shrugged. "Call them back," said Keith.

Phone: [ring ring... ring ring] [a thick Jersey accent answers] Hello?
Me: Hello, this is America Online may I speak with Edna Fuklestein, please?
Phone: This is Edna, how are you?
Me: Fine Edna, I need to verify your billing info... [exchange takes place and it's her] Now, recently, your computer became infected with a Trojan and your account was suspended for your security. I need to try and remove this Trojan over the phone, and it might take half an hour or more, depending on the level of infection.
Edna: Oh, I can do that, yeah. I am taking computer classes in community college. I didn't know my account was turned off. Did we do something illegal?
Me: No, it's just an infection that was downloaded. First, we're going to start with...

About half an hour's worth of Regedit, Windows Explorer, and rebooting goes on. Edna was very patient, asked intelligent questions, and did everything I asked with confirmation. She was an awesome sport. But while we were doing this, you could hear Josh in the background whining very urgently, No! Don't listen to him! You don't know what you are doing! No! Get off there and let ME do it! and so on. Frequently, she had to tell him to be quiet and leave her alone. Josh's voice kept getting more and more desperate as time went on. "Josh needs a spanking," said Keith while I was on mute. "I think Ritalin is in order," said Morris. Judging from Josh's voice and vocabulary, I estimated he was about 11-13 years old. And VERY upset his mother was on the computer. Finally, we got to the last step. This was hard, because we had to delete the original file that started the infection. It could have been one of over 40 file names, and then you had to hope the customer knew where their default download directory was.

Me: Okay, Edna. Here is the list of files to look for in there. You ready?
Edna: Yeah. Go ahead.
Me: "aparty.exe?"
Edna: ... no.
Me: "bemine.exe?"
Edna: ... no.

Then, halfway down the list...

Me: "porn4U.exe?"
Edna: ... yeah, wait. The number 4?
Me: Yes.
Edna: Got it!
Me: Good, now don't double click it! Click it once until it's highlighted, and then hit the delete key.
Edna: Okay... got it. In the Recycle Bin?
Me: Yes. Now empty the recycle bin.
Edna: You got it... whew! That was hard!
Me: You were very patient. I need to find if anything else is...
Edna: Wait, how did we get a file called "porn4U?" [Josh's voice got REALLY high here]
Me: Err... well, it had to be an attachment in an e-mail.
Edna: We downloaded a file that had porn?
Me: No, only one that promised porn. It was a lie, but it has to be downloaded and executed to work.
Edna: And how would that happen?
Me: Er... well... the user would see the mail, then download the --
Edna: This is my son's computer.
Me: [uncomfortable pause] Uh... well.
Edna: [I can almost hear an eyebrow raising] So my son got an e-mail promising free nookie?
Me: If his account downloaded--
Me: We still have to see if there are any more files...
Edna: [sound of whining and claims of He's lying! I didn't!!] I AM SO GOING TO PUNISH YOU!!!
Me: We still haven't checked all the files. Hello?
Edna: DON'T RUN AWAY FROM ME! COME BACK HERE! [smack!] OW!!! My ear! Owwwww!! Stop it stop it!!! [smack smack] YOU ARE GROUNDED!! I just had to spend half an hour of my time, and half an hour of that nice man's time to remove a porn virus from your computer! Nooooo! Waaaaaughhh....!!!
Me: Uh, can we finish this?
Edna: ONCE I AM DONE HERE, YOU ARE NOT ALLOWED ON A COMPUTER AGAIN!!! Noooooooo! Waaauuugh....!!! [to me] Sorry we caused you this trouble. You have been very patient with me... [to Josh] UNLIKE SOME OTHER PEOPLE IN THIS HOUSE!!! Waaauuugh....!!! When I get off of here, I am packing this computer up, and sending it to your sister in VANDERBILT!

The people around me were on the floor, suppressing laughing so hard, tears were coming to their eyes.

Man, Josh... you got in trouuuuuubllllle....
Tags: aol, humor, pr0n, work
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded