Friday, April 02, 2010


In exchange for some laptop maintenance my neighbor installed Zooks99's Xmas present: a tetherball pole.  It took him less than 2 hours to install the pole and the boy is giddy with anticipation - the cap will be delivered soon and the concrete will be set in a few days.

Yes, we are now THAT family. 

I started working on the two laptops they brought over.  One needed to have the OS upgraded from Vista to Windows 7 and the other just needed to be cleaned up - they suspected they had picked up some bad things.

They were right.

HO MY GAWD.  I ran Glary Utilities first.  I found all kinds of stuff including 24 spyware infections.  Then I fired up Malware Bytes.  Over 200 infections.  After rebooting and running it again even more popped up.  Malware Bytes is an excellent AND FREE program that I had installed on this laptop about a year or so ago.  I'm pretty sure it had not been run since.

While Malware Bytes is a great program there are some insidious little creatures that even it can't deal with.

The first thing I noticed when I fired up these machines was some crazy program asking me if I wanted to connect to a broadband network.  This family had DSL and their own router so I was pretty sure they weren't using this thing so I just closed it.  Besides, I was doing this work at my house and would be connecting to my router to access the internet.  Eventually I figured out they weren't even using this and deleted this network connection in their Networking Center. 

Another thing I noticed when I was doing a Google search for Malware Bytes was that the default search engine was something called Fast Browser Search.  What really bothered me was that the results I got for my Malware Bytes search didn't point me to Malware Bytes but to a bunch of other products I had never heard of, BUT, specifically, to one product I had just removed from another friend's machine: XP Security 2010.  XP Security 2010 was a disgustingly annoying, fake malware product.  It wasn't terribly hard to remove it but man oh man I wouldn't want my friends to accidentally install that thinking it would cure their problems.

After a little research it looked like I would be having to manually delete a ton of registry entries in addition to removing the programs and tool bars that Fast Browser Search had installed.  I was amused by the popup I got when I uninstalled the software: it asked me if I also wanted to remove some other product THAT WASN'T INSTALLED ON THE MACHINE.  Never mind that the uninstall program didn't actually uninstall anything.  The next time I fired up Firefox and IE the browser default was still Fast Browser Search.  I did manage to remove all the registry entries for that program, delete the program files, and change the about:config in Firefox to finally get rid of it.  A few things I read about it said that people picked it up from a FACEBOOK TATOO APPLICATION!  Now I know why I don't play any of those Facebook games or install any of their add-ons.

It took me over 5 hours to clean up both of these machines including over 20 Windows updates - even SP2 had not been installed.

Once again I showed them the Glary Utilities and Malware Bytes programs and suggested that they run these once a week.  I even told them about installing the Windows updates as soon as they appear.  The wife mentioned to me that she gave up using that machine because it wasn't running right and now she has a netbook that she uses while she lets the boys use the laptop.   I'm pretty sure this machine will be infected again in no time at all.


nzgreen said...

Set them up with a non-admin account and see if it gets infected then. Recent tests found that WinXP infections can be cut by 60% if using an account without admin privilege.

gadzooks64 said...

I did check to make sure the kids accounts weren't administrative accounts. They weren't and they had the parental controls set up.

I think the biggest problem was the lack of a realtime protection program. They were relying on AVG and nothing else.

I set them up with WOT, Microsoft Security Essentials, Glary Utilities and MalwareBytes. They should be ok as long as the run the MalwareBytes every now and then and don't click on any sites that WOT says to stay away from.

I'm keeping my fingers crossed.