Browser Hijack / Trojan / Downloader EXPUNGED!

April 1, 2008 at 3:30 pm

I used to have a core set of tools to keep my PC free and clean of viruses and ad-ware. Then, about two weeks ago, I was browsing the world wide web with reckless abandon and through some unknown means, I picked up a nasty unwanted piece of software that we shall (for the sake of simplicity) call the lop virus. Realistically, it was the combination of a virus, a downloader and one or more trojan horse. I’m wondering if some piece of internet trash I viewed used a security hole to install itself. These have existed in the past and usually take advantage of a buffer overrun or some such which I am positive are ALWAYS caused by C++ programmers with short attention spans.

The short version is that Adaware is no longer my homey. It failed me. My new best friend is SpyHunter, but it isn’t free…

I knew I had a virus because on some very wholesome sites, the advertisements were getting replaced with banner ads for p*rn. So, I had a virus++, and tried my classic tools to remove it. Adaware for the hijacks and AVG the virus. AVG was able to find and remove the virus (things getting executed in my System32 directory). But Adaware didn’t seem to get all of the browswer hijacks. Each time I started IE, even after a full system scan with both tools, I would get re-infected with the virus. I tried the AVG ad-scan and removal tool (free), and it didn’t detect anything. I tried a couple of virus-specific tools for lop and Vundo, but those weren’t working either because it was suite of viruses, downloaders and trojans that seem to re-infect me very effectively. Finally I found SpyHunter and it seemed to find the root cause of the reinfection, a few registry keys which were getting used by Internet Explorer. And it has one of my biggest pet peeve’s. After showing you everything that is wrong, it allows you to click the Remove button only to tell you that you have to pay them if you want them removed. It’s a great business plan, but also incredibly frustrating. And you don’t really know if it got all of the badness or just most of it. So, I did lots of digging and reading and did the manual removal process for each of the infections and finally came out the other end virus free… well… according to two free virus scanners and two ad scanners.

I now fully believe that 95% of the viruses virus infection and execution are caused by the windows registry. It’s infinitely deep and there is no way to keep it under control. I’ll probably reinstall my machine again and then try to find some kind of registry lockdown tool which tells me when something is trying to change the registry. Perhaps this is what the Vista Allow/Disallow dialogs are all about, but I’ll believe it when I see it, and my laptop computer isn’t running that so I’ll have to find a confirm/deny registry change tool for XP.