Many companies have banned employees from using music-sharing programs, not just due to copyright concerns.
According to John Thornton, editor of Hacker’s Digest, 6% of one peer-to-peer network’s files are actually viruses. Downloads such as Pink.mp3.vbs are displayed by the music-sharing program without the .vbs extension, which indicates a Visual Basic Script virus (see The Register).
Merely having a policy against peer-to-peer, however, doesn’t clear up the mess that these programs quietly added to users’ hard drives. A clean sweep requires new tools.
One of the most intriguing approaches to the problem has been initiated by a website developer named Andrew Clover.
A British programmer who’s fluent in Python, PHP and Java, Clover divides his time between work in Germany and the UK.
The script works by querying your PC for character strings that various parasite programs insert into the Windows Registry.
Each string, known as a Class ID or CLSID, is a globally unique hex number identifying a single programme. These numbers are generated by GUIDgen.exe, a utility included with Microsoft Visual C++ 4.0 and later.
Many parasites use these strings to register themselves with Internet Explorer as a so-called Browser Helper Object. Microsoft designed IE to allow programs such as these to manipulate the keystrokes and activities of the browser.
This is one way parasites transmit false e-commerce codes. Unfortunately, Clover’s test doesn’t identify all worrisome parasites. Interviewed by telephone while he was visiting Bristol, England, Clover said, “There are lots of parasites that don’t use a Class ID at all, and my script can’t detect them.”
It’s my hope that a web service can be developed that’s truly comprehensive. Users could learn valuable info — such as the symptoms and diagnoses Clover’s site provides on 49 parasites — even if their machines test clean.
Meanwhile, run the free Ad-Aware program, which searches for and allows you to remove almost all parasites. A helpful download page is at PC World.
I’ll have more on this next week.