I just got back from class, and I found my roommate sitting at his Windows XP-based computer listening to the oompa loompa song. I wouldn't have said anything about it, (with him, it wouldn't be something out of the ordinary anyway), but it just kept looping the first verse over and over again. Finally, he told me that he had gotten a virus, which was causing the looping of the first verse in the background. Ok, I'm not going to get into an argument about the classifications of different types of malware here, as I really don't have the desire to do so---- so call it what you will, a virus, trojan, worm, spyware, or whatever; I accept no responsibility for the accuracy of my statement labeling it a virus, as it probably belongs in some other category of malware.
No details about how he got the lovely piece of software, (I'm not going to go there, though I assume it is from the usual venue associated with prurient web-browsing in the exploit-prone Internet Explorer browser), but I will explain the symptoms in the hopes that someone has information about it.
About once every minute a small message box pops up, which reads, "teh 00mpa l00mpa 0wns yu0!!!1", and the song just continually plays in the background.
-----------------------------------------------------------------------------------------
I did some research, but the only reference to malware related to oompa loompas was one from early 2006 which spread on Mac OS X. Although he was running Norton Antivirus, Corporate Ed., (required by our college network policy), he did not have any anti-spyware tools installed on his pc. He did have all the latest windows updates and vulnerability patches, though, AFAIK. Right now, I'm installing Spybot SD, in hopes that it will clean the problem up, and then afterwords I will try to do a few things manually, (ie. checking "run on startup" reg entries, check all running processes for things I don't recognize, etc), before doing a full Norton scan. If that doesn't clean up his problem, I hope someone else will have more information to help me out, or else I will be shooting in the dark; just trying various anti-spyware tools in search of a solution.
Anyway, I am fairly confident that I will be able to clean up his problem, but I thought that the situation was humorous enough to warrant a thread. Maybe someone else will find this as funny as I did. There is something strangely satisfying about seeing someone getting pwnt by an 00mpa l00mpa over and over again.
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
UPDATE: It gets more serious:
Spybot SD found 137 problems, and fixed 135 immediately, and had to run on startup to fix the other two, but everything looked clean from there. I updated Norton virus definitions, (which I found out hadn't been done since 1/27/07!!), and selected a full system scan.
Here's where the problem is: Everytime I start a scan, the scanning window comes up, and it scans for a second, then it suddenly stops, and says, "completed" in the status square, while the number of files scanned, (listed in the bottom left corner), remains at zero. The total time elapsed remains at :01 seconds. EVERY TIME, no matter what scan type I choose.
The music is still playing, BTW, and the 00mpa l00mpa messages are still pwning him, (and me as well, as I am forced to deal with the issue now). I'm thinking about doing a few more things and then just telling him to take it down to our college's IT service support techs, although that would most definitely be an embarrassing trip for him, given the nature of the issue. Plus, I am nearly positive that they would take at the very LEAST a few days to fix the pc, probably by resorting to doing a reformat after a lot of screwing around.
In the meantime, I don't want to have to lend the use of my computer for his convenience. He is a WoW player too, so I hope he doesn't go through withdrawal while his PC is down.
Ah, the irony of justice.
No details about how he got the lovely piece of software, (I'm not going to go there, though I assume it is from the usual venue associated with prurient web-browsing in the exploit-prone Internet Explorer browser), but I will explain the symptoms in the hopes that someone has information about it.
About once every minute a small message box pops up, which reads, "teh 00mpa l00mpa 0wns yu0!!!1", and the song just continually plays in the background.
-----------------------------------------------------------------------------------------
I did some research, but the only reference to malware related to oompa loompas was one from early 2006 which spread on Mac OS X. Although he was running Norton Antivirus, Corporate Ed., (required by our college network policy), he did not have any anti-spyware tools installed on his pc. He did have all the latest windows updates and vulnerability patches, though, AFAIK. Right now, I'm installing Spybot SD, in hopes that it will clean the problem up, and then afterwords I will try to do a few things manually, (ie. checking "run on startup" reg entries, check all running processes for things I don't recognize, etc), before doing a full Norton scan. If that doesn't clean up his problem, I hope someone else will have more information to help me out, or else I will be shooting in the dark; just trying various anti-spyware tools in search of a solution.
Anyway, I am fairly confident that I will be able to clean up his problem, but I thought that the situation was humorous enough to warrant a thread. Maybe someone else will find this as funny as I did. There is something strangely satisfying about seeing someone getting pwnt by an 00mpa l00mpa over and over again.
-----------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
UPDATE: It gets more serious:
Spybot SD found 137 problems, and fixed 135 immediately, and had to run on startup to fix the other two, but everything looked clean from there. I updated Norton virus definitions, (which I found out hadn't been done since 1/27/07!!), and selected a full system scan.
Here's where the problem is: Everytime I start a scan, the scanning window comes up, and it scans for a second, then it suddenly stops, and says, "completed" in the status square, while the number of files scanned, (listed in the bottom left corner), remains at zero. The total time elapsed remains at :01 seconds. EVERY TIME, no matter what scan type I choose.
The music is still playing, BTW, and the 00mpa l00mpa messages are still pwning him, (and me as well, as I am forced to deal with the issue now). I'm thinking about doing a few more things and then just telling him to take it down to our college's IT service support techs, although that would most definitely be an embarrassing trip for him, given the nature of the issue. Plus, I am nearly positive that they would take at the very LEAST a few days to fix the pc, probably by resorting to doing a reformat after a lot of screwing around.
In the meantime, I don't want to have to lend the use of my computer for his convenience. He is a WoW player too, so I hope he doesn't go through withdrawal while his PC is down.
Ah, the irony of justice.