Warning, rant time!
I went back to Kansas over the weekend to see my family (hadn't been back in 5-6 months) and one of the things I needed to squeeze in was fixing my dad's computer that I built for him a while back. He thought the new hard drive was having problems (the system wouldn't boot). I'm not sure what the hardware problem was..I just unplugged everything and plugged them back in and everything worked. I thought the power supply was fried because the fans were'nt even spinning up but everything turned out ok....until....
I actually got into XP and about 9 gazillion weird applications launched. Popups, strange VB6 apps, apps that didn't launch properly and generated errors, etc. I wasn't aware that you could get 15 IE popups when you didn't even have an active internet connection until I dealt with this mess. Turns out he hadn't gotten around to installing the antivirus that he had actually purchased before I built his system. The fact that he already had AV was the reason I didn't load something on it when I built it. Plus, I ran out of time so I didn't get SP2 on it when I built it so it wasn't as patched as it should've been (he was supposed to do that as soon as he got home too! Bad Dad!). So, bring on Task Manager and let's start killing as many of the 80-some active processes as I can. The system was dog-slow because 99% of the CPU was being used by all of that crap. After that, on to the common places. First, the Run registry keys in HKCU and HKLM. Over 45 entries in the HKLM one. I just renamed those keys instead of bothering with clearing out all of the "bad" entries. Time to reboot and see what is left. Turns out quite a bit.
Well, I managed to get Norton/Symantec installed and it found over 400 instances of spyware/viruses (not just cookies, actual viruses and spyware). Unfortunately, it only cleaned about 80 of them. Next stop, SpyBot. It did better. It got rid of around 300 of them. Reboot, still 50 left--the fun ones. Time to break out the good stuff. AutoRuns from SysInternals. Long-story short...after 9-10 reboots and a bunch of full scans in Norton and SpyBot and manual cleanups using AutoRuns, I managed to get rid of everything....6 hours later. But, without AutoRuns, I never would have gotten rid of the meanest ones. There were a number of them that installed themselves as system-level services that neither SpyBot nor Norton were able to clean. You couldn't kill the processes or even stop the services because they are so ingrained into the system. And they are smart. Those still-running processes re-inject themselves as soon as you delete files and remove registry entries. I was a bit disappointed that SpyBot wasn't even able to clean them out when you set it up to run during bootup because it usually does a great job. Even more disappointing, full system scans with both products didn't find a number of EXEs that are obviously spyware/viruses. I had to manually get rid of a bunch of them. Sometimes Norton would pop up that it "found" it when I started working with it manually but it would fail to clean it or even delete it.
Probably the most annoying one was SurfSideKick 3.0. It seems to be comprised of 3 different system-level services that work together to re-install everything if you don't manage to get rid of everything completely. I tried running a program called "COMBOFIX.EXE" that was supposedly written spefically to take care of this little beast but it failed quite miserably. It certainly *looked* like it was doing all of the things that needed to be done to eradicate it, but, alas, no dice (and it even had a nice little log showing me everything that it did...you'd think it would work, right? ![Smile [:)]](/emoticons/emotion-1.gif)
). As I said, w/o AutoRuns or hacking through the Services entries in the registry, I never would've gotten rid of it.
After my frustrations, I have two annoyances: (1) Shouldn't your antivirus be able to do anything that you can do manually? Why did they fail over and over again when there did end up being a specific process that would get rid of everything? I run Symantec at home and it seems to work pretty well on a clean system....obviously it just doesn't work very well on a system that is already heavily infected. (2) When is the government going to start putting these bastards in jail? I saw that the Zotob authors are going to jail now. What is the magical breakdown that makes spyware legal but not a "virus"? What's the difference? How much publicity something gets on CNN? The stupid things change your security settings so you don't get security updates anymore, disable your firewall, disable your antivirus, etc. It is all property damage. And since most of the crap redirects you to web pages so they get advertising $$$ or send your private information to specific sites, why can't we track it down? If the people paying them for sending people to their site won't divulge who they are, put those bastards in jail. Seriously, we wouldn't have to dedicate that many people to this to make it happen. Maybe there is enough money being earned by the big anti-virus companies that we don't want to eradicate them totally and provide a real disincentive to putting this malware out there??
On a happier note, I got two rounds of golf in and shot 82 both rounds (41-41 and 45-37). The first day my driving and ironplay was incredible but I couldn't pitch, chip, or putt. The second day I was driving like crap but my pitching and chipping were awesome and my ironplay was pretty decent (it had to be do get over and around all of the trees I was behind). Lot's of one-putts. Plus, I got to spend some quality time with my parents, sister, grandparents, and my new nephew. Makes the 12 hours of driving all worth it...even with the annoying computer problem that I will promptly erase from my memory as soon as I hit the post button right down there....