How a custom virus caught a liar.

I don’t remember the names. It was sometime in the late nineties when I received a phone call from an ex-girlfriend who worked for a military contractor. She said she was sort of on the rebound from a relationship, but needed my assistance with a “computer issue.” I drove for over five hours to get to her house. Here I find that she’s cohabitating with her current “boyfriend,” but they are separated momentarily; and they also have another roommate, a girl, who she wanted to introduce to me. He was a computer science major, if I recall correctly, which is why she needed some “training to teach him a lesson”; rather unintentionally she was provided with a method of making a self replicating virus.

When I arrived we went out to dinner with her roommates to a local sports bar. We had a good time until someone started hitting the sauce. After we returned to the house, she pulled me aside and explained the issue: her ex, or soon to be ex- or whatever his status was at the time, had allegedly been looking at pornographic material on his computer. I didn't think this was a crime, but they had an agreement that he was not to look for pornography because apparently it had been an issue in her last relationship to the point that it haunted her. Her other roommate had heard him, clued her in, and when confronted, he lied in response about looking at it; and so she wanted to prove he was lying, but didn’t know how. She didn’t know where to look, and was afraid that any attempt for her to show him would backfire as he could say it wasn’t his, too many roommates. It was sort of a communal terminal.

I felt sorry for her, so rather reluctantly, I decided to enable her to prove, rather embarrass him with, evidence that he’d been looking at the things he was not supposed to be. Had he not been a jerk most of the evening (mean drunk), I probably wouldn’t have gotten involved, but at the time I still had weekends, so it was a mini-holiday.

For the record, I never touched his computer, and never touched her computer. I simply conveyed to her, a computer science major at the time, in theory how to write a couple of scripts that could modify the Windows auto-execute batch file to make something that worked like a virus, on her computer; theoretical stuff really.

First I explained to her that she needed to not touch the computer. If it at all seemed like she had any time with the machine, then the game would be up. I theorized on how she could write a little batch file that would write another batch file and clean up after itself. This other batch file could scour the Temporary Internet Items directory for video files and porn-sounding jpg names. Any files it located could then be copied to a new hidden directory of some obscure name, completely random even. The file extensions could then be changed, so they would not look like videos if someone were to do a search for videos on the hard drive, this way the batch could replicate them again into the startup and IE temporary items folder, by searching for their new unique extensions upon restart.

After searching for the files and copying them to their new location, the system would then, in theory, copy them to the startup folder in the start menu; then the batch file could patch the Windows registry runonce menu to trigger a new instance of itself, just in case the batch wasn’t called on the next restart.

The poor guy was using Windows 95 without service packs.

Upon loading Windows, a little snippet could be placed about 1000 lines down in the autoexec.bat file. If this sort of script was able to install itself from a floppy on insertion (not really a batch file, but something like autorun.inf), it would be much more detrimental of course. So in theory, all someone had to do was pop in the floppy, let Windows access the  disk, then they could eject it. Smeary fingerprint on the eject button would be the only indication of tampering, if someone tried to determine an origin.

The next day, after having me sleep on the floor in her room to further boil the poor guy’s blood, we spent the morning watching television in the main room snickering about my theories. He was hung over; his computer was in the hallway, waiting. When he came back from the gym he turned his computer on. My friend walked down the hallway and popped a floppy into the drive after he had booted the machine up. She then asked "are you going to use your computer," to which he said, "You've had all morning to use it, I just turned it on, so yeah, I'm going to use it." She promptly removed disk and turned the volume all the way up on the guy’s Labtec speakers. All of this happened with him watching, but nothing suspicious. The computer had become a dynamic of control in their arrangement.

About 30 minutes later he comes over to the computer and reboots it; it had locked up; no service pack was installed, it was poorly maintained, that sort of thing. Five minutes later we hear this blaring cacophony of multiple moans and grunts overlapping with the soundtracks of roughly 10 adult videos featuring who knows what, all playing simultaneously. Windows was nice enough to tile their display when the system started; we could see it from the couch, raunchy stuff.

Leaning back in his metal folding chair, he slams his chair forward and turns off the speakers. “What are you watching hon?” she says from the living room, the guy’s face is beet red. He closes all of the windows with alt-f4 repeatedly before she makes it down the hallway to “get a drink” from the kitchen. Then he proceeds to delete all of the items from his startup folder. He looks at me, he was about twice my size and I was 220lbs at the time, and says, “You had better not touch my computer again.” I told him I hadn’t touched it, and that he probably had a virus from looking at porn sites. I gave a plausible response and told the truth, having not touched his machine, omitted a couple of details, but didn't lie, technically.

About 30 minutes later he restarted his computer. Surprisingly the same thing happens again. He looks at me and says “what did you do?” I truthfully said “I haven’t touched your computer man,” with one of those smirks to make him wonder. He calls his friend, The Computer Guru.

This guy shows up, he walks over to the computer, looks back at me and glares. I don’t know what her boyfriend at the time knew about me, but whatever it was, he had his suspicions about what he didn’t know after that day. The computer guru guy goes in and deletes all of the IE history and temp internet items. Then deletes the items in the startup folder. “Watch this though,” her boyfriend says, as he reboots the computer. Same thing happens again. Computer guru goes in and removes all of the items as before, and this time does a search for videos, finds nothing oddly enough. He restarts the computer. Same thing happens again. Then he restarts it again, problem is compounded because there was no theoretical statement to check for existing video and picture files. He tells her boyfriend, “don’t reboot it again, I’ll be back.”

Enter Windows 95 for Dummies

The computer guru guy shows up with his tattered copy of Windows 95 for Dummies in-hand and a box of 3.5in floppies containing antivirus and Norton disk utilities; I always wondered why that book was so popular. He boots from a floppy, runs chkdsk, tells the guy he’s searching for hard drive errors that could cause the system to not be deleting the items from the temporary internet items folder, I'm off the hook at this point, so they relax around me. He also runs defrag. An hour goes by. Her, her other roommate, and myself go to the bookstore, hang for an hour, then we come back. They’re still at it. “I don’t know man, we’ve done everything I can think of.” the guru says. He pops in the Windows 95 recovery disk, rebuilds the system to factory defaults, without reformatting. This defiles the registry. Windows loads for the first time after the reinstall, videos all still in place. Mad, he throws the keyboard.

They reformat.

2 hours later, “where did all of my files go?” the boyfriend says. “I told you I was reformatting,” replies the guru. He looks at my friend “got any spare floppies?” She replies, “Yeah I’ve got one.” Brings him the disk. I grinned, gave her a hug, told her she was evil, and promptly left. The next week she calls me to tell me that he bought another computer, Windows 98 this time, and "geez, if it didn’t develop the same sort of characteristics a couple of days after he bought it." Poor guy... if only he hadn't lied to her.

So I've been thinking to myself, ethically, was it wrong to help her? Knowledge in the wrong hands... I'm glad I was on her good side.