From Pine View Farm

Cavalcade of Spots 2

An acquaintance of mine called me for help with her Win 8.1 computer; it had gotten really slow since New Year’s Day.

When I got there, I found the kind of Windows malware mess that you read about on rabidly partisan Linux websites–adware and pop-ups just flooding in, a true cavalcade of spots. It took me three and a half hours to wrestle that puppy into submission.

I started by removing about a dozen questionable programs in Windows–>Control Panel–>Programs and Features. If she told me she had not installed the program, it was gone. One of them, YTDownloader, fought removal tenaciously.

I scanned with Spybot S&D and Malwarebytes, which rounded up dozens of suspects. (A good part of the three and a half hours was waiting for the scans to finish.)

The worst item, though, was www-searching.com (don’t go there), which had hijacked her Windows Internet Exploder. You can read about it here. It had a particularly nasty trick: It changed the Internet Explorer “Tools–>Internet Options–>Advanced–>Connection” settings to use a proxy and made itself the proxy server. When I tried to change the connection settings to not use a proxy, this bad boy changed them back as soon as I “Okayed” the change. I finally got rid of it following the instructions at the “you can read about here” link above.

Along the way, I also installed a “hosts” file. It’s great passive protection.

I’ve seen a worse infestation only once, about 15 years ago, when my neighbors got cable internet for the first time and hooked it up to a Windows box with no anti-virus or firewall installed. This time, the odds are that my acquaintance inadvertently installed some innocent-looking program which dragged all this stuff along with it.

Share

2 comments

  1. George

    January 8, 2015 at 1:55 am

    YT Downloader/Spigot is pretty annoying. I got a copy with some conversion utility I was using about a year ago. I use Malwarebytes. You’re right about the time it takes to scan a system. It’s way too long, parsing files and directories for, first, signatures, and then — using heuristics, where there would never be malware. I rarely fire it up as it takes over an hour. At any rate, it’s thorough. If use it’s resident function it bogs the machine.

     
  2. Frank

    January 8, 2015 at 10:04 am

    When I run my routine scans on my Windows box, I fire up Spybot or Malwarebytes and then go do something else while they do their thing. That computer has three TBs of external storage, so a scan takes a long long time.

    Linux is soooo much easier.