Safe Computing

New scareware sends you to fake Download.com reviews | The Download Blog - Download.com

I spent a few hours over the weekend nursing a virus/spyware ridden relatives PC back to health. I'm probably one of the few Techie Geeks that actually finds this sort of thing kind of like a "puzzle challenge", so the time spent is better for me than most. A few observations:

• The linked article points out that the Viruses are getting more sophisticated, including messing with your links, hosts, etc so you actually end up going to a fake site to supposedly download software to help you!
• Malwarebytes Anti-Malware was one of the tools that I found I needed to use to remove "Antivirus XP 2009" from the machine.
• The other took that I really needed was The Ultimate Boot CD for Windows" (UBCD4W). The box would not run, and most of what was needed to be done could not be done from Safe Mode, at least not in the machines state of infection.
• One of the things that I was surprised had happened to the machine (I assume a virus did it) is that the ability to get to the Task Manager via Ctl-Alt-Del was disabled. Here is a link to the Registry entry to fix.
• I ended up running SpyBot Search and Destroy under the UBCD4W boot from CD then booting and finding out I couldn't get to Task Mgr, so did the registry hack to get that fixed, and then started finding bad tasks running. One thing nice about the net is that as long as you have another working machine (and it is hard for me to even IMAGINE only having one computer!! ;-) ) you can just Google things that "look wrong" and if they are, you go out and do a Registry / Disk Search and try to get rid of any remaining ones. My guess is that for most folks it might be easier to just try another free download of something that you trust rather than the manual approach. Since I "mixed", I can't be SURE that if I'd found Anti-Malware earlier, that might have just done the whole trick rather than me mixing in some hacking around.