I was combating the nastiest bit of adware/spyware I had ever seen.
It was July 3rd and I had just sat down to draw out some characters for a few handbills when the phone rang.
The phone in my room is a Mario Kart phone and it has a plushy made by my wifes friend on top of the handset.
I stretched out across the room carefully balanced on the edge of the bed with one knee while my other leg was extended in the opposite direction counter balancing my 275 pounds into perfect balance.
It was my Uncle. He explained he was having problems sorting out his computer issues and Adaware, Spybot search and destroy and his copy of McAfee were not fixing the issues. He wasn’t able to uninstall a program called “Antivirus XP 2008“.
I told him I would be right over. He lives less than a mile away and I can in fact look out of my office’s window and see his house.
I hopped on my wife’s scooter and putted down the road, unprepared for what I was about to fight against.
I double checked the obvious solutions. Add/Remove Programs, Adaware, and clicking the uninstall option from the start menu. It wasn’t present in the Add/Remove Programs, Adaware found nothing and the Start menu option to uninstall went through the motions but it wouldn’t uninstall.
I tried running Spybot but it never started. I tried heading over to Trend Micro, but was redirected to some gibberish page that redirected me to other sites. Lavasoft.com was redirected in a similar way, so were almost every page that pulled a hit for the initial redirect’s gibberish address. I decided the best way to get around the redirects was to use Firefox instead of IE. Firefox would not start once installed. Opera would not install either. I just knew we were screwed.
I had him back everything up in preparation for the formatting I felt would be coming.
I don’t use System Restore normally, but the next day I decided that could be an option. I checked the restore points. The only restore point available was for July 3rd when he began having issues. The PC was usable, but I wouldn’t stand for the redirects.
I brought my laptop over this time and used it to research more. I discovered that he was possibly infected with Smitfraud. I downloaded the Smitfraud fix, but it didn’t actually fix anything. Also Windows DEP was refusing to display the log file in notepad.
My Uncle hadn’t backed everything up yet, so I backed up everything for him and went to the In-Law’s house for an Independence day cook out.
I returned on the 5th. I brought a copy of Windows XP SP2 home edition so I could begin the reformat, but before I dove in I checked around some more.
I discovered a description of Vundo and found out my Uncles comp was infected with it too.
As a last ditch effort to avoid reformatting, I attempted to download Malwarebytes, but was redirected. I went home and downloaded it. I brought back the proggie and transferred it over to his PC. I couldn’t install it. I renamed it and tried it again. It installed perfectly.
I ran Malwarebytes and it found 33 infections that Adaware missed, not to mention it fixed all the problems with his PC including the issues with Notepad and removing certain rogue programs from his system.
I am so impressed with this program that I include it on my repair thumb drive with all the tried and true methods mentioned in my other posts on freeware and spyware.