Oh man, I recently had to clean up a relative's laptop that was infected with this among other things. I've spent the last week or so on it (unfortunately, I'm busy so I couldn't spend a contiguous amount of time, otherwise I'd have been done faster). Obviously they weren't running any anti-virus programs at all (didn't know there were some good free ones out there, but thought Antivirus 2009 was a legit free one and they installed that to "fix" a problem with a virus obtained through an email attachment).
Unfortunately, re-format/re-install wasn't an option in this case, so I had to hunker down and try to clean it. I think I've cleaned it out as none of the scans I've run recently bring up anything anymore, but here's what I did (all with free tools) in case people were curious:
- Download the Avira off-line scanner from here (requires a CD-R to burn to):
http://www.free-av.com/en/tools/12/a...ue_system.html
What this does is allow you to boot to the CD, load a version of the anti-virus scanner to memory and scan the hard drive outside of Windows. This is a good thing to do as some viruses make it very difficult to perform a scan while in Windows, and many anti-virus software make it difficult to update their definitions in safe mode. Avira updates the CD image several times a day with new definitions, so the resulting scanner is usually up-to-date.
- Installed a free (and legit) anti-virus program and scanned the system at runtime a few times. I prefer Avira personally because according to some benchmark articles I read, it usually had the best detection rates out of all the free ones. However, in my case, I installed Avira, did a couple of complete scans, uninstalled it, and then installed Avast since that program seems less intrusive (the free version of Avira has a nag screen everytime you update the definitions) and for kicks, did a scan with that (Avira seemed to get it all as Avast turned up nothing after). You can get the stuff here:
Avira:
http://www.free-av.com/en/download/1...antivirus.html
Avast:
http://www.avast.com/eng/download-avast-home.html
I love Avira, but if I had to pay for a product, I'd probably get NOD32 as some of the benchmark articles I read indicated that it had the best single detection rate out of all of the products, even beating out Norton's offerings. However, I'm a cheapskate, so I run the free version of Avast on my Windows machines since it seems to do a good enough job on detecting stuff at runtime.
- Installed Spybot Search & Destroy and scanned with that. This program seemed to find a lot of the registry entries and some other crap that may or may not have been assosciated with the original problem:
http://safer-networking.org
The "Immunize" function of Spybot is great as well. Basically, what it does is kind of what ken0042 suggested above with blacklisting a lot of sites (among other things). It does it automatically when you press the giant "Immunize" button (and then the little "Immunize" button on the next screen
), and if you're dilligent in ensuring the program and its definitions are up-to-date (usually, once a week is good enough), you can preempt a lot of those certain kinds of browser vulnerabilities.
After I did the above, I even tried a scan with Windows Defender, but that brought up nothing so I'm fairly certain most of the file and registry crap is gone. I ran Hijack This just for kicks, and removed some entries regarding missing files and stuff I wasn't certain about (don't really recommend this if you don't know what you're doing as you may seriously impair Internet Explorer) because according to my relative, this computer has been having "issues" since mid-Nov and Antivirus 2009 may have been one problem in a long list of them.
Once I had a usable system again (the thing would choke connecting to the internet once I logged in; the only way I could really do anything was in Safe Mode), I used Windows Update to update to the Service Pack 3 and grab all the other updates since then.
Since I had an old copy of ZoneAlarm lying around (a software firewall product), I installed that, put all the settings on high and started to use and profile the machine for a few days. Nothing out of the ordinary seemed to be trying to call home, so I figure I got most of it out. Thing seems to run faster too now
Finally, I installed a copy of Firefox 3 (
http://mozilla.com) and made it be the default web browser. I also installed the
AdBlock Plus extension which prevents a lot of those pesky ads from being displayed in the first place (including all those fake anti-virus ones) and has an added side effect of making pages load faster since it doesn't have to download all of that crap. On a side note, I'm really impressed with this extension and its ability to block ads. You don't even notice anything wrong or off and it makes pages so much cleaner to look at. I was skeptical at first, but now I'm a convert. Highly recommended.
Anyways, bad people prey on those who are unware about such things, so I hope this helps and just wanted to let people know that there are indeed free, legitimate programs out there that you can use to protect yourself.
