Firewall bypass attacks
This type of attack is interesting because it involves hijacking your system protection. It seemed easy to solve but that remains to be seen.
The symptoms were (a) really painfully slow Internet download and upload speeds - almost slower than dial-up - and (b) getting my user kicked from MSN Messenger and havuing to reset my password almost every ten minutes to even get into an antique version of Windows Messenger. Regularly updated anti-virus software all seemed OK. Ad-aware siad everything was fine.
Slow Internet access is hardly a unique occurrence. This could have just been due to problems with the net in general. Similarly, MSN Messenger has its own eccentricities. Sometimes it's just poor. However, after a few days, there was no improvement.
With the help of the person who was trying to send me files, it became obvious that the PC was apparently firewalled with Windows Firewall There are 2 PCs networked to this one. One was unable to access it normally, because it was supposedly locked. However, none of the PCs on the network had Windows Firewall enabled, according to the messages from Windows Security Centre. No unexpected processes appeared in the task manager or other basic process monitoring software.
After using all the other diagnostic software I have, to minimal effect. I ran Spybot Search and Destroy. It found a Windows Firewall bypass with 3 registry keys. The relevant message is shown here. (It also showed that Firefox lets through a dozen adcounters but that's another issue.)
Before letting spybot delete these keys, I had a rummage on the Internet and found this old reference which explains what they were doing Sans.org article. This suggests that changing a few registry keys can disable a firewall and also reenable it, reset it to allow itself through but hide its own name. By taking over the firewall, it could even keep out rival malware software.
This explained why my network seemed to have a firewall to the outside world but not to myself. If I had had Windows Firewall enabled, there would have been no evidence whatsoever of the firewall bypass, unless I had diligently searched the registry for keys that hid what was enabled.
Malware takes many varied and wonderful forms. Repeated signs of odd behaviour from your PC should make you suspicious (as in real life, so in the digital realm...).
Run lots of different forms of anti-virus software. Don't necessarily believe them, though. Malware writers can target your computer security software first, then modify the PC security software to cover up their activities.