Friday, January 01, 2010

Lightmoon virus, ugh.

The reason I'm not writing some insightful New Year's post right now, or at least getting useful chores accomplished, or even enjoying my recording of the Spurs flattening the Heat last night (they beat 'em by 30 points! Woohooooo!) is that every computer in the house, as well as cameras, ipods, external hard drives, etc., has been infected with some virus called Lightmoon. Fortunately it wasn't too difficult to clean most of the devices, with the help of Microsoft's free anti-virus software. (Just recently made available. It's called "Microsoft Security Essentials".) But one of the computers can't install the anti-virus software for some reason. I wonder if it's the virus itself that's blocking it? I'm trying to remove Lightmoon by hand, but the nasty little bugger modified some registry entries to allow it to run automatically at startup, even when I'm in Safe Mode, and once it's running I can't delete it; it just keeps re-creating itself. Naturally the virus also disables the regedit command so I can't easily fix the entries it edited. But there's probably a workaround somewhere, and hopefully I'll find it before I waste too many hours working on the problem, or blogging about the problem. :) Happy New Year's to you too!

Quiz time: my first sentence up there says "has been infected." Should it be "have been infected?" Do I make the verb agree with "every computer" or with "cameras, ipods, etc"? Grammarians, help me out here.

Update: The virus problem was taken out of my hands by two wonderful men who were visiting the house on New Year's Day. They tried to install Norton's anti-virus program, figuring that a program you have to pay for might do better than one that's free. But that wouldn't install either! Lightmoon was blocking all potential attackers. Undaunted, the men got on the phone with tech support, and eventually a genius in India took over our computer remotely and got the Norton program to install. Then came a big ol' virus scan, and the first defragmentation our computer has ever been subjected to in the five years of its existence. Lightmoon is now gone and everything seems to be running all right, thanks to our lovely friends.

If anyone landed here via Google and hopes to solve their problem without involving lots of money and tech support, you can check here and here for more info about the virus... and, um, good luck!


Heather said...

I think "has" is correct, since the plural nouns are all in a separate clause, so the subject/verb agreement involves "every computer," not "cameras, iPods, external hard drives."

As for the virus: UGH! I just read up on it, and it's a nasty little bugger! And yeah, one of the first things it does is try to cripple anti-virus application, so that may be why you're having trouble getting rid of it. I see it drops a copy of itself into the root of each mapped drive. Were the cameras, iPods, and external hard drives all mapped drives? Hopefully clean-up on those will just be a matter of getting access to the file structure of each device and deleting the virus. Since Windows isn't running on any of those devices, I don't believe it can really do any damage to them.

What a PAIN! Gotta watch out for those attachments from unknown emails. :-/

Oh, and you may be amused to note that your blog is now the #1 Google search result for "Lightmoon virus." No, really. :)

JimAroo said...

Your grammar is correct....or should that be your grammar was correct...

The hot internet rumor is TRUE! if you google Lightmoon virus, Infused Knowledge is the number one search result. I know that will be consoling to you.

Here is a quote to cheer you up - or is that a quote which up will cheer you?

"Hell is full of the talented, but Heaven of the energetic".

St Jeanne De Chantal

Mary and I wish you an energetic New year!!!!

Rachel Gray said...

"A quote which up will cheer you"? JimAroo, that is precisely the sort of pedantic nonsense up with which I will not put. And since meditations on the seven deadly sins reveal sloth to be my biggest problem, I'm not comforted by the Heaven quote, but I am glad to be wished an energetic New Year. :)

Thanks for backing me up on the grammar, folks! Hithah, you overestimate my techniness, for I'm afraid I don't know what a mapped drive is. But cleaning up the devices was pretty simple; I ran the Microsoft anti-virus program on each of them.

I pity the poor "Lightmoon virus" Googlers who come to my blog for help...

Warren said...

You should download and install a cool tool called "Hijack This".
It provides a transcript that you can email to technically competent people (geeks) which tells them of abnormalities present on your computer (files on disk, suspicious registry entries, etc).

Also, people can send you little scripts (bits of text) which you can paste in there, and "run" using Hijack this, it's a great way of cleaning crap off your computer, with some assistance from the geeks out there in cyberspace.

MSSE is probably a BETTER tool than anything Symantec/Norton, which is a pile of crap. If Norton slows down your computer, don't be afraid to take it back off your computer. And don't forget to remove the six different things it installs into your computer, one by one, until nothing that says "Symantec" or Norton, is left in your add/remove programs list.

Symantec/Norton Anti-Virus, and McAfee are both crap, worse than most of the viruses you'll get. Although the latest 2010 versions of Norton are apparently receiving better reviews than the earlier versions. Your mileage may vary.

I don't like very many things that Microsoft makes, but I like MS Security Essentials, and I like Windows 7 too. Mostly I want my operating system to "go away" and let me get my work done. Vista was horrible that way, and most anti-virus software does more to get in your way than most virulent of virii could ever do. Ironic, no?


Rachel Gray said...

Warren, I was actually noticing that the computer seems a mite *slower* now after all the work we did, which surprised me since we de-fragmented it and removed several memory-hogging programs. Perhaps Norton is the culprit!

So true about anti-virus software getting in the way. Norton is even putting little icons next to each webpage result when I Google something-- it's quite an omnipresent program! We have MSSE on the other computers, and that's not nearly as annoying.

I have Hijack This already and I love it. It's so useful for seeing what's going on with my computer, and it needs only one second to scan and report (contrast the epic anti-virus scans that take forever.) If a virus is replicating itself after being deleted, or automatically running at startup, or modifying my registry, or running even in Safe Mode, Hijack This is the program that alerts me to it.