Friday, July 15, 2005

"In London, April's a spring month"

I think I won a major battle over spyware this week, but I can’t really claim victory because I nuked before I really had time to verify my success.

The story is that a coworker’s computer was badly infected with spyware. She is close to a technical illiterate, and so it was a bit of a puzzle in itself to try to find out what was wrong before I actually sat down at the machine and started looking around. It was also a puzzle figuring out what had caused the problem in the first place.

As far as I can tell, she got a popup one day saying that she either had a virus, or that she should install some program. She apparently hit the window and installed whatever came up. She thought she was installing her ISP’s anti-spyware package, and instead whatever she installed had a distinctly pro-spyware agenda.

There were dozens of different spyware packages running on her machine, but that didn’t turn out to be the problem. I could remove those easily enough, partly with the help of anti-spyware programs (legitimate ones downloaded from their respective authors) or by manually removing their startup keys and executables. This required booting to Safe Mode and sometimes to BartPE (thanks Jake for motivating me to make a disc last week).

When I thought it was all clean, I tried running Windows update, and suddenly the popups were back, along with a fresh load of spyware, only this time they were accompanied by the installer for MS Office (yeah, what the heck!?). All that work, and things hadn’t improved. So, I uninstalled Office and tried to refresh the IE files (MS doesn’t make this very easy). But there still were a couple of programs starting up that I couldn’t even find. The files just weren’t there, and neither were the registry keys, and yet they were there.

Eventually, I found them, and then promptly formatted the whole thing and install a (legitimate this time) copy of XP Home. So, the thing’s fixed and it’s out of my hands. I did what I could, and it was quite an adventure, even though in a way it was a tremendous waste of time. The point is that I learned a lot. And I think I’ll get a lunch out of it.

No comments: