Friday, September 7, 2007

Getting rid of false spyware remover messages

I don't know which is more annoying: trying to drive along the beautiful beaches in Chapters 7 (Highway 17), 8 (Sandtraps), and 9 (Nova Prospekt) of Half Life 2 without getting attacked by the persistent and aggressive antlions that infected the earth after being transported from Xen by the portal storms or trying to do your homework on your PC without being attacked by persistent popup messages telling you your system has been infected and needs YET ANOTHER spyware cleaner!

In the case of Half-Life 2, even going into God mode doesn't restore your tranquility -- the antlions can't kill you anymore, but they still pester you until you go crazy! (BTW - to enter God mode you need to bring up the console and enter cheat mode. Instructions are here: In the case of using your computer for *serious* work, even having an anti-virus like Avira or programs like "AdAware" "Spyware Blaster", "Spybot - Search and Destroy" don't seem to help. All they do is make trying to fix your computer FEEL like you are playing a video game, searching for and destroying malware as though it was a nest of antlions.

The problem with trying to eradicate malware from your computer is that it can take up every bit as much time as a detailed first-person-shooter, but with none of the cool graphics.

For the past two days my computer hasn't given me much leisure time, let alone peace of mind, as every two minutes or less a false "security message" pops up on my screen telling me that "windows has detected an internet attack attempt" or that "Trojan.W32.Looksky has been detected on your computer". A little red x appears down at on the right on my task bar, and occasionally the entire screen goes horribly red with a message that my security has been compromised. Scary stuff. Forget even trying to get serious real work done -- you can't even play Resident Evil 4 because just as you are about to shoot the infectious parasite that has emerged from the back of your nemesis in the boss battle, a popup parasite telling you your PCs security has been compromised emerges from the background process and kills the game! The metaphorical implications are chilling!

The Parasite Popup takes you to a website that promises a cure. Be warned: IT IS A TRAP!

The "solution" is supposed to be that if I pay attention to these "security alerts" and click on them, whatever "munificent" protector (the great and terrible Oz?) is running behind the curtain will take me to the website of a benign company whose software will "automatically" clean my system of the infection. It will try todownload "cleansurf" or "spyaxe" or some other "helpful" program.

Turns out its a scam! The only thing threatening my computer is the supposed spyware cleaning software company itself! And the more you do battle with the infection by means of their tools, the more infected your system gets. I'll take antlions any day over this nightmare!

So what to do?

For the time being my problem seems solved thanks to a retired IT director who goes by the handle
"MFDnNC MFDnNC is offline Distinguished Member" from Piedmont North Carolina (that's the NC) who posts his valuable advice for the rest of us in the big wide world on Tech Support Guy forum:

MFDnNC suggested using SDFix.exe. Here are his instructions:

Download and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
· Restart your computer
· After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
· Instead of Windows loading as normal, the Advanced Options Menu should appear;
· Select the first option, to run Windows in Safe Mode, then press Enter.
· Choose your usual account.
· Open the extracted SDFix folder and double click RunThis.bat to start the script.
· Type Y to begin the cleanup process.
· It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
· Press any Key and it will restart the PC.
· When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
· Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
· Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

I did what he says, and it seems to have worked! Hurrah! Thanks to MFDnNC's advice my computer seems to be malware free at this moment! Still, I'm nervous... will it happen again? How long will this halcyon period last?

I feel like
Robert Neville in Richard Matheson's "I am Legend" , "the last man on earth" waiting for night to fall and for the zombie vampires to attack again. For now, the infection is "cured", but my computer still feels a lot like London in Twenty Eight Weeks Later -- someone on the inside (it could be your loving wife!) could be an infected carrier. Oh, she may appear healthy enough, but in her blood the parasite stirs...

We will see how long it is before the plague of popups and security alerts begins again...

For now though, it is back to hunting antlions... (I know what you are thinking: "Get a life!" ... well, at least a half-life!)

(P.S. Other sites that may help you if you have similar problems are:


Juan said...

Hey, thanks. This one was the only quick and effective solution to this thing that I could find.

T.H. Culhane said...

You are welcome Juan. I have also benefited from people kind enough to pass on what they have discovered in their blogs and like to "pay it forward". As dependent as we are on our computers I find malware to be as frightening as a zombie plague. I guess our computers need immune systems and doctors and everything else... seems they are becoming more like living creatures every day!