But that’s not what I want to write about today. Today, it’s kudos to the Microsoft security people based in Chennai.

My computer had been colonized by the Alureon CT trojan, or actually rootkit . I didn’t even know: Norton Internet Security, (which is what I had) doesn’t see it, let alone block it. Then one day, someone suggested downloading Microsoft Security Essentials. It found Alureon CT, cleaned the computer, and then suggested I restart the machine. I did. And within minutes, Alureon was back.  (Norton still showed nothing amiss.)

Rinse and repeat.

The infection explained some weird things that had been happening – like search hijackings, where clicking on a link took me someother-place.com. I’d attributed it to my computer aging and becoming incompatible with updated search engines. The thing is insidious; it keeps very quiet, but  it can steal passwords and make your computer part of a network outside your control.

I also found that getting rid of Alureon was Not Easy. Someone on one forum opined “formatting and reinstallation of the operating system is the only sure way…“

Someone else suggested opening a support file with Microsoft.  “Start here – https://support.microsoftsecurityessentials.com/ and select the link that says I think my computer is infected and then select the support option for phone (or email if phone is not offered for your region).”

So I did. Within minutes, I was in touch with their 24/7 phone help, given a case number and immediate assistance. “Nanda” shared my computer, performed a scan, emptied my temp files and cookies, and pronounced it cured.  But it wasn’t.

I e-mailed him (the engineer who’s been helping you provides an e-mail address) that it wasn’t working, and sent them a link to a particularly dire article on Alureon. I assumed the only solution was to go off and rebuild my computer with much cursing.

Well, Microsoft called back. The case isn’t closed until the problem is fixed. They wanted to give it a second try. This person had actually heard about rootkit infections. “I am going to run Kaspersky’s tdsskiller,” he said.

“I read that Norton, McAfee, Kaspersky, none of them work,” I argued, annoyed. This was going to be another afternoon of rote, by-the-book attempts. “I read that I have to rebuild.”

“Yes,” he said. “But sometimes the people on the forums are not aware of special programs like tdsskiller. I believe we can clean your computer without having to reinstall the operating system.”

I had nothing to lose, so I stood by while “Allan” took over my computer.

What do you know? It worked. I ran a full MSE scan, which took 2.5 hours. My computer was clean. Now, 36 hours later, it’s still clean.

I told my brother, who’s been active in the outsourcing space. “Those young people in Chennai,” he said. “They’re good.”

Yes. They are.

Thanks, Nanda, Alan/ Arul, and all the folks on the forums.

——–

[ETA: Some people still think it makes sense to reinstall the OS even after Alureon has been removed, because Alureon could have allowed undetected malware including keystroke loggers to lodge in the computer. As a precaution, I'm not using this machine for anything sensitive.]