Since installing ClamWin on my thumb drive, I’ve been trying to get into good antivirus habits by actually using it. ClamWin, I mean. Antivirus software. PortableApps.com has a page on safe “portable app-ing” policies, and for once I’m heeding its advice:

• Scan both your primary PC and on your portable apps device on a regular basis, using a solid antivirus program. Keep the program’s virus definitions up to date.
• Anytime you plug your portable apps device into a new computer, assume that it’s now infected and could potentially infect other computers. No exceptions! Therefore, next time you plug into a known computer, scan your portable apps device before running any of its programs.
• Backup applications and files on a regular basis. That way you can reinstall without a qualm should a computer get compromised.

This sort of thing doesn’t come easy to me. I’ve tended to rely on cautious web-browsing habits to fool myself into a sense of invulnerability. I use Thunderbird to read my email in plain text mode with javascript turned off. I use the NoScript extension for Firefox. I just assume that I’ve played safe enough not to worry about email worms and website-riding malware.

And there are disincentives. My last outing with free antivirus software ended when AVG caused my email headers and contents to randomly mispair, so that messages whose “From” and “Subject” lines indicated friends and business contacts had the message bodies of spam. This, even after declining AVG’s option to append reassuring “it’s clean!” signatures to email messages.

And ClamWin? ClamWin works just fine… but it takes for-ev-er to scan a Windows XP hard drive. The user profiles and applications data in the “Documents And Settings” subfolders consume two hours in and of themselves.

But they are two hours well-spent, as it turns out. First time through my laptop, ClamWin immediately started shooting up some boldfaced red text saying

c:\\Documents And Settings\\All Users\\
Documents\\My Music\\My Music.exe
Worm.Brontok.AF FOUND

only it said it about fifteen times, once for every brand-new .exe file disguised as a folder in my All Users profile. How it proliferated like this, I do not know. The Brontok worm spreads through email, and Thunderbird doesn’t automatically run email attachments. I certainly don’t open them up unless I know who they came from. But here they were, bunches of copies of the worm. Some carrier worm must have spawned them.

The good news was, they hadn’t gone off. Maybe they would have when I next rebooted. Maybe not. In any case, my laptop wasn’t infected. Yet. I was still able to run the registry editor (”regedit”) and get into my Folder Viewing options, which Brontok is known to disable. So I tiptoed through and deleted everything ClamWin said was an instance of the worm. After that, I aimed ClamWin at just the All Users profile directory, and ClamWin said I was clean.

Hurrah for that.

Because ClamWin’s FAQ says that a compromised system cannot be patched–only formatted and reinstalled. And I’d really rather not reinstall Windows XP and all my driver updates and preferred software. Can you say Pain In The Butt? Sure you can. Saying stuff is easy. Reinstalling the OS on my laptop, on the other hand… yuck.

Getting into good antivirus habits isn’t necessarily easy, either, but it’s easier than dealing with a virus that’s successfully delivered its payload.