Monday, August 31, 2015

August Movie Status and My Status (Why No Posts)

I’ll do the movie status first since it will be quick.  I saw only one new movie in August.  That was the film Seven Psychopaths (2012), which I reviewed as one of Steve’s Selections.  It’s also the only film review I posted in August.  I did re-watch the first season of the TV show Archer, and I caught most of Erin Brockovich on TV, which was also a re-watch for me.

Even before other events that I will get to I hadn’t really been in much of a movie watching mood for weeks.  It actually started in July.  Most of the films I saw that month were from the first half of it.  I don’t know that I watched much at all after that.  I’ve had three Netflix DVDs sitting on my coffee table, unwatched, for at least two months.  I had finished off a few lists after completing the big TSPDT list earlier in the year.  When I went to look at doing another smaller list, or any list, I just couldn’t get motivated.  It felt too much like a homework assignment instead of enjoyment.

And this bled over into posting about movies.  During this year I’ve gone from posting a few times a week to once a week the last month or so that I was doing posts.  These also felt more like homework assignments rather than the fun of sharing info on a film that I liked.

I also had three middle of the night implementations for work last week.  That completely messed up my inner clock.  And the final thing that made me less enthusiastic about using my computer to write and post reviews (or watch movies), is that about a week and a half ago I was partially hit by some ransomware.

For those of you not familiar with the term, it’s malicious software that encrypts the files on your computer and will not release them to you until you pay money.

Now I said that I was only partially hit by it.  I was surfing the web, clicking links off links off links.  I got one of the not uncommon screens that tries to say you’ve got a virus on your computer and it wants the go ahead to run a scan.  I “X”ed out of it.  It popped up an also not uncommon window asking if I was sure I wanted to leave the page.  I clicked “Yes”, but all that happened is the popup window went away and the page stayed up. 

At this point I decided to kill the page directly using the Start Task Manager utility.  I had several tabs open, but I knew if I killed the browser as a whole I would lose all of them.  I didn’t want to do that so I tried a surgical strike, killing individual IE instances.  All this did was set in motion a series of cancels and Windows automatic recoveries of the tabs I was killing.  My guess is that this is what triggered the page to start its work on my computer.

Not realizing this at the time, I finally did kill all browser sessions, then relaunched and surfed some more.  After a while it registered with me that my hard drive had really been cranking non-stop.  I went to launch Start Task Manager again to see what was running, but it wouldn’t come up.  I then noticed a couple of extra icons on my bottom task bar and knew something was attacking my machine.  I powered the PC off directly by using the power button, hard drive be damned.  When I booted up I had a text file and a web page try to automatically launch.  I killed the web page before it connected and immediately unplugged the power cord for my modem to prevent any web connection, and also knowing it should reset my IP address once I eventually powered it back on.

I took a quick look at the text doc that was open and it started to go into how a “powerful encryption device” had been used on my computer and to go to a webpage to find out more.  I didn’t bother since I knew what this was.  Had I gone there I would have undoubtedly seen a timer and demands to pay hundreds, if not thousands, of dollars to get my files back.  And who knows what else that web page might have tried to do to my computer?

I deleted all instances I could see of the .txt and .html files and rebooted again.  They came up again, but the html couldn’t do anything since I still had the modem disconnected.  That’s when I conducted a search for them and discovered that they appeared to have been written to literally every Windows file folder on my C drive.  I found and deleted over 40,000 copies of them.  I ran searches on my external drives, too, but found nothing there.  It appeared to only target the C drive.

By the way, I did first try to restore my machine to the prior day, but that didn’t do anything since this apparently didn’t attack the system files.

After rebooting a few times, checking files, and reconnecting to the internet I thought everything was okay.  As it turns out, I hadn’t happened to check the right files.  When I had immediately powered off my machine when I realized something was happening, and possibly also because I disconnected my modem, I killed the process of file encryption before it got too far.

It HAD encrypted some files on my PC, starting in the My Documents folder.  Here is where I also got a little lucky.  Over the years I have saved thousands of photos off the internet to my computer.  Some of them I thought I might use in a post, some I found funny, some were movie memes, and some were beautiful models doing what beautiful models do.

In this case, being a packrat helped prevent the encryption from getting to anything irreplaceable like personal photos.  It progressed alphabetically through the file folders, then through the files within then.  It targeted .doc, .xls. and .jpg files.  I appeared to also target video files, but only ones below a certain size.  I lost no movies and only one movie clip.  It left .gif files alone, too, for some reason.

It didn’t get to my personal photos because it was still trying to get through my “Internet” folder before it moved on alphabetically to the “Mine” folder.  It left the encrypted files with an “.abc” format, which my research showed was a music format, but these weren’t music files.  I didn’t even attempt to decrypt them.  I also had no interest in paying money to get them back.  I ran searches and deleted every single “.abc” file on my PC.  I’m the kind of person that would buy another entire computer before I would pay ten cents to anyone in ransom.  I wasn’t going to leave the files there, though, just in case they contained some kind of way to restart the encryption.

In addition to non-personal photos it did encrypt all the posts I’ve written for this site.  Here’s the thing, though – those were actually the backup files I’ve kept in case anything ever happened to the website.  If I wanted I can rebuild them all from the website, so I really didn’t lose anything there.

Finally, I lost all the excel movie lists that I’ve built.  But guess what – I have backups of those.  Yes the backup was a couple months old, but it took me less than 30 minutes to bring them all back up to date again.  I also had backups of my personal photos, even if it had gotten to them.

All in all, it was trying to be too precise with killing a screen that probably opened my computer up to it, but it was a combination of backups and awareness of my computer that allowed me to nip it before it did any real harm.

So let this be a lesson for everyone:  First, have backups of everything you care about.  Second, don’t try to be cute and kill an instance of a browser screen.  If you encounter a screen that doesn’t want you to leave then kill your entire browser.  Third, keep an eye out for unusual activity on your hard drive and/or PC after something like this.  Fourth, unplug your modem periodically, both for performance reasons and to reset your IP.

The entire episode did leave me a little leery of using the computer extensively, though – emotional not logical reasons.  I didn’t want to leave it up and connected to the internet if I wasn’t on it.  I’ve gradually eased up on that again.  My one worry was if there was another shoe that was going to drop.  I knew that ransomware had a timer where if you didn’t pay by that time then the ransom would increase.  Because I didn’t go to the webpage I didn’t know when the time would be up.  I didn’t know if there would be a follow-up attack whenever that time ran out, maybe as a way to “encourage” me to pay. 

In theory, even if there was I would now have a different IP address, so the only way to target me would be if something else had been written to my computer to communicate out.  I had run a deep scan of every single file, even on external drives, and did not find anything identified as a virus.  I also did targeted searches of files added or altered in the time period the encryption was going on and did not find anything.

All in all, I’ve done everything I can think of to make my computer safe from a follow-up attack, but there’s a small part of me that’s watching and waiting.  When I download a large file my hard drive will crank for a little bit as it’s writing from the temporary download storage to the hard drive location I want the download to go to.  I’ve checked afterwards a couple of times just to make sure there are no .abc files or the .txt and .html files I ran into.

So put all these things together and what does it mean for the future of this site?  The honest answer is “I don’t know.”  At a minimum I will do the movie reviews for Steve’s Selections (second Monday of every month) and I will do these Monthly Movie Status posts.  Because of the way I group reviews together under a common category, though, making the decision to post reviews means committing to several of them, not just one or two.  A possibility is to do away with the categories, but I do kind of like them and it makes this site a little different from many of the movie review sites out there.  It also seems like a waste to not make use of the 100 – 150 categories I’ve brainstormed and never gotten to yet.

And in regards to movie watching I think I might be getting close to starting that up again.  Of course, there are some TV season sets that will be coming out in September for all the returning shows.  There are at least a few that I am thinking I will pick up and re-watch before the shows return for their next seasons.

For what it’s worth, I have still been active on Letterboxd.  I created some lists on there and I’ve commented on several reviews and lists from others.  If you are also on there then look me up.  I link to my Letterboxd account on the upper right of this site.  If you haven’t used Letterboxd yet you may want to check it out.  While it’s not perfect, it’s a good site for people who like movies.


  1. Do what makes you happy is the best way to go, and if that means less movie watching, so be it. Look forward to what you have in store for us in the future.

    I've never heard of ransomware, it sounds awful, but what a relief you had those backups. Do you have norton internet security(with firewall) and Malwarebytes Anti-Malware installed? Since I got those I've not had a problem.
    I know you can restore laptops to its original factory condition, which deletes everything, which I'd suggest in your case. Obviously you'll need to save on an external device what you want to keep. Our family has had zero problems since we bought HP laptops 3-4 years ago. We had a virus every few months with PC's, so will never buy those again.

    I'm a big fan of letterboxd, I agree it's a great place for movie lovers. Don't know if you are into 70s horror, there's a new poll(which I plan to do) that many are participating in:

    1. Yes, I have real firewalls and anti-virus software running. It's one of those kinds of attacks that requires the PC operator to say, in essence, "go ahead". I believe my attempts to kill just the tab, and then Windows' constant recovery of it, to have triggered that go ahead. It doesn't attack or write to any system files. I've encountered screens like this before and just killed my browser to get rid of them. It's was not doing that this time that I believe got me in trouble,

      Yes, I could have saved off everything and started over. I actually would have gone the route of formatting my hard drive and reloading the system software just to be extra careful. The reset you talk about is only for system files unless you set specific parameters for it to be able to recover everything. Most of the time those parameters are not set because of it slowing down the performance of the PC. I did try a restore of the system files, but it didn't do me any good because this didn't use them for its attack.

      And copying off the files always opens up the possibility of copying off the very thing that is bad, so when you copy them back it's still there on the PC. That's why I went with identifying and removing all files written or changed by the attack.

      A neighbor of mine got hit by this kind of attack and it locked his computer up entirely. I had helped him get rid of other viruses, but this locked the entire computer the moment he booted up. You couldn't even interrupt the boot. Thankfully I stopped the attack on me before it got that far. He took it to a technician who wiped the entire computer and reloaded the software. He lost everything.

      On to better things - I have seen some people's Letterboxd lists for that. I'm actually not that big a fan of horror. I also probably wouldn't fit in with the norm since the 70s movie that horrified me the most was probably One Flew Over the Cuckoo's Nest - one that I doubt many people even think of as a horror film.

  2. So sorry to hear mate. I had problem as well when using HP laptop which refresh the browser over and over wasting my bandwidth connection I had to disable meta refresh from internet tools from IE, clear my browser cache deactivate all plugins and disable SHIFT keys from easy to access shortcut keys on windows. Just so annoying when you read articles suddenly refreshing the browser.

    1. Thanks.

      Yes, sometime newer features intended to make life a little easier for people end up just being annoying instead.