A co-worker of mine wanted me to look at her computer as she complained it was running really slow and had a bunch of “illegal stuff” (they were windows Illegal Operation Errors) and had a bunch of porn pop ups.
After running SpyBot and AdAware, I found there were about 450 (no joke) entries found between the two programs. Ran AntiVir XP, found another 90 files infected with about a dozen different trojans. Ran Windows Update (which had downloaded all the critical updates in the background, but nobody bothered to install them) and got everything up to date, and now have an AV program running in the background (she had McAfee, but it was disabled for some reason). She already has a firewall on her dial-up setup (she’s not on broadband — thankfully, or this would be much worse), so I’m leaving that as is. I also told her to not let her friends touch the system, as she claims her boyfriend’s friends were downloading porn or something. Based on the types of dialers and such that were on the system, I told her to keep an eye on her phone bill to make sure these things weren’t “calling home”. It was a mess.
But I have to say, in all my time that I’ve been working on systems, this is the messiest system I’ve ever come across.
Update on 1/14: Oh man is it so messed up.
OK, so I spoke too soon. I thought I had it all cleaned up, and life was good. Ran two different anti-virus programs and three different anti-spyware programs over and over, and the system came out clean. So I plug back in the ‘net connection to install the various MS Office updates. Just for kicks, I ran SpyBot again, and it starts finding more stuff. “Oh crap” I thought. I look at the network activity in the XP Task Manager, and every few seconds, there’d be a large spurt of activity. I throw a packet sniffer onto the system, there’s piles of HTTP requests going out to nasty sites and they’re coming from explorer.exe.
Lovely.
So I open up the previously-emptied MSIE Temporary Internet Files folder, and the thing is loaded with cookies, graphics, and a whole ton of other crap.
From that I can tell, somehow explorer got over-written or hacked to include a virus that “calls home” the minute it finds an Internet connection. It’s a mess, and every time the anti-virus software says it’s cleaned it, it comes back and starts doing stupid crap again.
So what next? A reformat. There’s no personal data left on the system as viruses gutted the My Documents folders for both the users on the system. So this weekend I’ll be doing a low-level format and then use Dell’s recovery disk to reinstall everything.
Man, what a mess.
Comments
My AdAware record is about 390 for one system. The system I have to look at tonight may be a good candidate to break it though.
Here at work a couple of weeks ago I helped out a coworker who had just bought a new computer and it was only a week old and it was already the most pop-up and spyware infested machine I’d ever seen– in only a week, I kid you not. I’d guess the Spybot hits ran into the several hundreds, and Norton AV (came with it) found 3 trojans before I ran anything else. It was amazing.
i have seen the same types of junk of many friends machines. i use the internet all day at work i get to see all the new tricks the advertisers are coming up with pop-ups. unfortunately, my frineds are as savy as me and they click on every popup. 🙁
my fav story is this:
i mailed my dad a computer identical to mine. same make and model, so i know whats it’s perfomance should be. a few months later i go to visit and he says it’s too slow. i do some quick investigating to find out some program is pegging the system resources meter to 100% all the time and all the virtual mem is being used. how someone could not notice this is beyond me, although i am a geek and always look for these things. turns out he clicked on that gatorware/world temperature popup and the rest was history. cleaned it all up with adware and norton.
yuck.
dern. dang.
AdAware record – 63,061 New Critical Objects.
Where The Hell Did That Come From?
I’ve written here a few times about the various times I’ve removed malware from various computers. Generally you don’t hear about me actually having it on my system because I…
“Why Is My Fan So Loud?”
I do a lot of tech support during my day job, handling all sorts of random problems. I’ve posted about various spyware removal jobs I’ve had to do, along with…