I even tried pulling it up on my iPhone with the WiFi turned off, in case it was something that got into the router. Same symptoms. So I wrote back and the techs put a customer support rep on it. By this time, though, I had decided to start up one of the virtual machines I have on this computer, in this case WindowsXP running on Parallels. Being Windows, I keep an anti-virus program updated on that, even though it’s only a virtual machine, and being too cheap to actually pay for software to run on an Operating System I only boot up once in a blue moon, I use AVG Free. Good stuff, that. As soon as I tried to open the blog, up popped a window announcing that it had detected an infected file on the page.

I logged back into the webhost’s support page to close the ticket, and discovered their rep had also seen a javascript file that was the problem, but didn’t take the time to discover which of many I’d installed in that blog was the culprit. However, AVG Free had already told me the URI of the site that was doing bad things, and I was able to find the link with my blog theme editor. I deleted both lines of code that pointed to the offending site, restarted the blog, and there it was, as good as new.

I never thought I’d see the day when an application on Windows saved me from malware, instead of exposing me to it!

mDNSResponder, by the way, is a software server that enables Apple’s Bonjour network, among other things. It is part of the MacOS. However, I didn’t know that when I started trying to track down all the rogue processes. As I mentioned previously, I blocked mDNSResponder using a Little Snitch “rule”, but I wanted to eliminate what was launching it. To this end, I started up the MacOS utiliy, Activity Monitor, which in addition to showing all the processes running on the computer, allow the administrator to shut them down selectively.

Little Snitch network monitor

Well, to make a long story short, apparently I got carried away. The concept was sound, but since I didn’t take the time to learn enough to really know what I was doing (always a dangerous thing for someone poking around the underbelly of the OS), I must have killed too many instances of the process, or the wrong ones, or something. Every time I tried to open a web page in FireFox, I had to click away a warning dialog, which got very old, very quickly. But the Little Sntich network monitor still showed traffic trying to go out to the Ukraine, even after restarting the computer and reinstalling FireFox!

So, I made an appointment with the “genius bar” at the local Apple Store. The very helpful techs there hadn’t seen this particular problem before, but they were able to isolate whatever it was that was making that call, and shut it down. As it happened, it was a QuickTime™ process, which is not surprising given that Phil probably acquired the trojan by trying to view a video someone had sent him. To help avoid such problems in the future, the “genius” suggested installing a bit of freeware, Perian, a QuickTime component that opens just about any video codec on the Mac without having to go out and find a tool or possibly accept dangerous suggestions from potential malware. Not only that, but “genius bar” help is even free!

So, we’re back to responsible, malware-free telecommunications. Next month, when we try using our Verizon wireless internet gear without the added stress of unwanted transmissions, we’ll reevaluate our experience with that system.