Well, I knew better, I know if one travels he should have extra protection as it's easy to catch something when one is not on familiar turf. With out knowing it, I caught a nasty little bug. I first noticed things didn't work quite right anymore, it wasn't natural, and just felt like something was wrong. So here I am, several thousand kilometers from home, and potentially down with something very serious.
I first notice problem what I would loose the ability to get information from the Internet. I would be connected, but after a few minutes I would just loose the ability to anything online. If I kept on clicking a link, sooner or later it would work, and then I would become disconnected from the ISP. While I was disconnected, my connection manager would try to connect to the Internet and establish a connection to on of the two following servers:
mail.cellar-studio.com
mail.telon-servers.net
The problem is that the connection manager would not inform me what application was trying to establish a connection. At this point I knew I had a serious problem. I started shutting down active programs, and in the processes rebooting my system many times
I was able to at one point stop the application from calling up the connection manager, but was not sure which process that I terminated it was. So with no real way of diagnosing my problem and flaky dial up things were getting more and more complicated. I went to my uncles house and got access to the Internet and started doing research. One of the mail servers came up in a forum, as he had the same problem as I did. From the posts, I discovered I was infected with a Sasser virus derivative, from I must have caught while being online as this virus doesn't need any user intervention for infection. The virus exploited a LSASS vornability through an open port, and installed itself. It would install its self as LSASS.exe in C:\WINDOWS, where as the real LSASS.exe is in C:\WINDOWS\SYSTEM32. As well, there is a spelling mistake "LSA Shel". So this is the virus, connection to mail servers and probably sending spam through my system.
C:\WINDOWS\lsass.exe
Service: LSA Shel (Export Version)
Display Name: LSA Shel (Export Version)
I killed the LSASS service, which was the C:\WINDOWS one, killing the real LSASS in C:\WINDOWS\SYSTEM32 will cause your system to shut down, and was able to delete the virus. I was able to as well grab a firewall (Zone Alarm) and quickly installed it. I prefer to use Zone Alarm over the Microsoft one because I feel I have a lot more control over how the firewall acts and give me more ability to set settings.
So me, a guy who hasn't aught a virus in years, spyware in about the same time frame leaves and catches a nasty bug on the way. The reason was simple for this, the virus spreads with out user intervention, just having your computer connected to the Internet is enough to catch this. Since I do not patch windows all that often I got tagged, and as well I don't have any anti-virus software installed, as I don't need it. The main reason for my lack of patching is that I am behind a firewall 24/7, which makes me immune to this type of attack.
So when you travel:
Have a good software firewall turned on
Have anti-virus software with you
Always have backups of all your important files on a external drive
Make sure your sensitive data is encrypted and the laptop has all the possible passwords and security turned on