When in doubt, it must be a botnet, right?

IT pilot fish on a military base gets back from a weekend to discover his computer has booted with a message that his rear chassis fan has died. But once he hits F1 to accept the change, the PC runs like a slug.

"I hit Control-Shift-Escape to bring up the Windows task manager and found the CPU was running at 100 percent," fish says. "But looking at the processes, there was nothing running on my profile that was above 1 or 2 percent."

Fish tries to see what other processes are running, but the locked-down PC won't let him. OK, he thinks, time to call the central help desk to have an admin remote into the machine and check the processes to determine the culprit.

And he gets an immediate response from the help-desk admin: "Absolutely not. You don't have a process problem -- you're infected with a virus, most likely a botnet, and you need to unplug from the network immediately. We will be contacting you to confiscate your machine."

Great, fish thinks -- I'm going to lose all my files because of the highly unlikely possibility that I have a botnet infection.

Two hours of furious file-saving later, fish gets a call from a local help-desk tech. Why do you think you have a virus? tech asks. Fish says it wasn't his idea, and explains what happened. Tech sighs audibly, tells fish to reconnect to the network, and remotes in to look for the problem.

He can't find any viruses, and when fish reboots and the PC gets stuck on the welcome screen, tech suggests it's likely being hung up on updates that the machine didn't receive while fish was away.

An hour later, fish's PC has finished booting and he calls back the tech, who tells fish he can help as soon as he's finished with another user.

But not wanting to wait, fish disconnects from the network again -- so the admins can't see what's going on -- and then creates a new VM on his machine and hacks his own system with Metasploit.

"I ran a privilege escalation exploit against myself, clicked the show processes from all users, then found the culprit: For whatever reason, the group policy update service was locked up," says fish.

"I killed the VM, reconnected the machine, then ran a 'gpupdate /force' from the command window as admin. In ten minutes it completed and auto-logged me off. Upon logging back in all usage was normal.

"I informed the admin as to what the problem was -- and thanked him for not making me lose all my files to a botnet infestation recovery."

Feed the Shark! Send me your true tale of IT life at sharky@computerworld.com. You'll snag a snazzy Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

The Best of Shark Tank includes more than 70 tales of IT woe submitted by you, our readers, since 1999. Which all goes to prove, conclusively, that hapless users and idiotic bosses are indeed worldwide phenomena. Free registration is all that's needed to download The Best of Shark Tank (PDF).