The Geeks vs. Spyware
It all started out like any other residential service call:
I can’t open Internet Explorer. The machine runs really slow. It does wierd things when we use it. Help us!
I looked at Jerry, my accomplice in getting this bad boy working again, and smiled. This should be no sweat. Little did I know what I was in for at the onset of this call. A quick inventory of the system left me with little in the way of worries:
- 2.4 GHz Pentium 4
- 1GB PC2700 RAM
- 40GB HD with around 23GB free
- XP Home with SP2 and Post SP2 patches
- Active, up to date McAfee Anti-virus
- No firewall – ok that’s an issue but not anything I haven’t seen in a long time
So first thing we do, whip out HijackThis! and see what we have going on. Quick run through and 122 entries removed. Hmm, might be an interesting one after all. Time for Bart to work his magic and make the bad things run away. Reboot and load up The Geek CD. Delete gobs of temp files and the System Restore and things are looking fairly mundane at this point. Boy, could I have been any more wrong!
Launched Ad-aware and AV Personal and let them do their thing. Ad-aware starts off fairly normally, maybe 500 items in the registry and AV Personal finds like three Virii. Next thing you know I look and Ad-aware is at like 1500 files found and we aren’t even remotely close to finishing the drive yet. Odd… oh well. Wait… we’re up to 7000 files now. Oh, this can’t be good. Hrm, AV Personal is still only at 15 virii, this can’t be that bad. Ad-aware at this point is close to 20,000 files found. Hope we can save it. Suddenly we hit C:\Windows and that’s when the shit hits the fan. BEEP, BEEP, BEEP, BEEP. AV Personal goes nuts! This is never good. Ad-aware finally finishes with 37000+ items detected! Just need to get it it to remove them all. Unleash it on the beast and cross my fingers.
AV Personal finally completes it’s scan of C:\Windows with around 11000 virii and still with C:\Windows\System32 to go. It was quiet for a little bit as the directories between the two are scanned, but we hit System32 and the scanner goes nuts again! Finally after my ears start bleeding from the costant beeping it ends. 18725 virii. 18725 virii, wow, McAfee did a really great job keeping this system safe, that’s for sure. Well that’s done, let’s run Spy Sweeper see what we can get there. Keeping it simply I just check the registry and pull out an additional 3000 entries from the registry with Spy Sweeper.
Next up, Alternate Data Streams. ADSpy pulls out a whopping 599 ADS from the system. My head is really starting to hurt here… how the heck these people even used their computer at all was completely beyond me. Well, Bart has done his job and done it well once again… magic I tell you… magic. Back to Windows we go.
Things look good. IE opens, things all seem to be working. So time to install and run Microsoft’s AntiSpyware. And while we are at it, run AČ Free as a backup to make sure things are nice and clean. Another 50 some files and 30 odd registry entries and AČ pulling out another 3 trojans it looks like we are done. Drag the customer in to show them the damage and they smile with the fact that their dead computer has been resurrected. Glad they are happy, cause my head hurts and I need to not think about what I was just forced to endure to save her machine from the dreaded reload.
Geeks – 1
Spyware – 0
And for you non-believers:
