A neighbor gave me four huge butternut squashes.  Since I put eight butternut squash seeds in the ground in May and haven't seen so much as a sprout, I was grateful.  I thought I would try to find a recipe on the internet which reproduces Cambell's Select Butternut Squash Soup; a family favorite, but pricey at $2.50 for two servings.  I found one web page entitled, "Copycat Recipe Campbell's Select Butternut Squash Soup"--but I'm not going to share the URL with my blog readers.  Read on to find out why.

All that was on the web page was a screen like a video player.  Hmm, I surmised, some good soul is going to demonstrate for me how to copy Cambell's Select Butternut Squash Soup, maybe Emeril style.  "BAM!  Parsley!"  My computer asked permission to download an ActiveX control.  I clicked "Allow."

That would make a nice title for my memoirs:  "I Clicked 'Allow.' "

I'm not sure whether I ever got the necessary ActiveX control, because I never could get that video to play.  What I got, instead, was a major hijacking of my computer.  A weird green toolbar, "Security Toolbar 7.1", appeared above my Google Toolbar.  On my Control Panel, a second Microsoft Security Center icon appeared, duplicated down to the last pixel, labelled MS Antivirus.  And pop-up boxes bombarded me saying that my computer had 30, count them 30, viruses, malware programs, spyware programs, and trojan horses.  YOUR COMPUTER IS COMPROMISED!  the boxes screamed. 

The pop-up boxes gave me two choices--either go on naked and unprotected and let my computer crash, or buy the full version of MS Antivirus.  Mastercard and Visa logos appeared when I chose this second option, with instructions to enter my credit card number.  Popups gave me the warning and the two choices--pay up or face computer Armageddon--every 10 seconds.  If I closed the boxes, they popped back up again.

I got the sneaking suspicion that despite the letters "MS" and the MS Security logo, I was not dealing with Microsoft.  I just downloaded XP Service Pack 3 a week ago, and anything that I needed in the way of security updates had been already installed.  I had never heard of any of these viruses that I was allegedly infected with.  Besides, this computer is six years old, and 30 additional programs of any kind would grind it to a screeching halt, even if they weren't malicious.  I ran HijackThis, and the log didn't indicate I had a single program of the 30 on the warning pop-up list.

What I did have was malware masquerading as a Microsoft program to protect me from malware.  An antivirus virus!  You gotta hand it to these hijackers.

I googled "MS Antivirus" and educated myself.  In order to even run my real antivirus software, I had to hit CTRL-ALT-DEL to open Windows Task Manager and kill the process tree from which this monster was operating.  It was called msx.exe. Once I had stopped the infection from breeding pop-ups and slowing my system down to a crawl, I updated Spybot and ran it.  Spybot found that I was infected with a three-tentacled monster:  Zlob, MS Antivirus and Smithfraud-C.  There were multiple entries associated with each, about 12 in all.

http://en.wikipedia.org/wiki/Zlob_trojan

http://en.wikipedia.org/wiki/MS_Antivirus

Spybot murdered Zlob and MS Antivirus immediately, but a second Spybot scan showed Smithfraud-C remaining.  I instructed Spybot again to kill Smithfraud-C, rebooted the computer, ran Spybot again and came up clean.  Alwil Avast, my open-source antivirus program, also gave me the all-clear.

But when I rebooted my computer, three and a half hours after the malware infection occurred, the following warning box appeared:

16bit MS-DOS Subsystem
E:\WINDOWS\system32\command.com
E:\PROGRAM\symantec\S32 EVNTI.DLL.
An installable Virtual Device Driver failed Dll initialization.
Choose 'close' to terminate the application.
Options:- 'close' or 'ignore'

Symantec?  I got rid of Norton and Symantec a year ago, or so I thought.

I still had a major problem.  I swear I think Internet Explorer is male.  One Allow, and my whole life is one big mess.

So I cut-and-pasted the text of the warning box into Google, and found help on the techguy forums.

http://forums.techguy.org/windows-nt-2000-xp/185736-command-com-contaminated.html

"Cause:

This issue occurs most often after you install a 16-bit program or a program that uses a 16-bit installation program. The following registry value becomes corrupted:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers\VD D"

WHAT??? The #$&^*!@ trojans corruped the REGISTRY?  The Device Drivers?  The command.com file?  God help me.

"Solution:

This resolution involves making changes to the Registry."

LOVELY.  I simply adore making changes to the Registry.  You only risk destroying your whole operating system that way.  It's like performing surgery on your best friend in the dark.

"Click on the Start button on the taskbar and click on Run.

At the Open prompt, type in regedt32.exe and click on the OK button or press the Enter key."

Doesn't work  (profuse colorful language).  I'll try plain old "regedit" and see what happens.  Okay, I'm in the Registry Editor.

"In the Registry Editor, click to select the HKEY_LOCAL_Machine on Local Machine window.

Navigate by double-clicking on the plus (+) sign folders to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers.

Click on the VDD key in the right pane to highlight the value, then click on the Edit menu and click on Delete. . ."

DELETE?  Isn't that kind of risky?  Oh well.

". . .When prompted to confirm the deletion, click on the Yes button.
Click on the Edit menu and then click on Add Value.
In the Value Name field, type in VDD.
Click on the drop down arrow next to Data Type, click to select REG_MULTI_SZ and then click on the OK button.
When the Multi-String Editor appears, leave this entry blank and then click on the OK button.
Click on the Registry menu and click on Exit. (Note: Changes will be saved automatically upon exiting the Registry Editor.)"

Shaking like a leaf, I followed these instructions and then rebooted the computer.  I was staking my computer system on the advice of a complete stranger with the username "pileyrei" and an Animaniacs avatar.  But thank God for "pileyrei".  The offending warning box had vanished, hopefully taking to the e-grave the final traces of Symantec/Norton.

My command-com is no longer contaminated.  Command.com, listen up.  I'm telling you right now, don't be led astray by every trojan horse that comes along.  Even if they offer you wine, women, and song, stay on the straight and narrow.  I'm so glad you chose to repent.  Amen.  Sing it with me:  "Ding, dong, the Zlob is dead.  Which old Zlob, the zlobby zlob. . ."

All is peaceful on my desktop now.  Everything running as it should.  Only. . .that Microsoft shield icon labeled "MS Antivirus" is still on my control panel, leering at me like the Bride of Chucky.

Should I be worried?  I know one thing.  I'm swearing off butternut squash soup.