Last week at work, I was looking up a world map, and found a couple sites through Google, clicked around a bit, didn’t think much of it. Until a couple minutes later, when popup windows started appearing every 15 seconds on my screen. I had been hit with adware. I still don’t have any idea what I did that nailed me, but it had happened. It installed all sorts of crap on my machine, put crap in my bookmarks, installed an extra toolbar into Internet Explorer, etc.
The particular spyware that infested my machine was “VirtualBouncer” and “Ad Destroyer”, which, ironically, purport to be adware fighting tools themselves. Fortunately, once I was able to identify the name of my problem, Google came to my rescue. I found this page, which listed several adware fighting tools, and the techniques that they used to finally fight off the spyware.
It ended up taking close to eight hours to mostly rid my machine of this crap (I actually came in over the weekend to clean things up because I felt guilty about using company time for my mistake). It took a long time mostly because each time I ran one of the adware cleanup tools, it would take twenty minutes as it scanned through all the registry settings and files and things. Finally, it would declare my hard drive clean. And then I’d reboot, and the adware would have reconstituted itself. Repeat a lot of frustrating times.
So I’m putting this entry up to remind myself of what I did, in case it ever happens again, and also to help anybody else that gets inflicted with this crap.
Tools that ended up being useful:
- Trend Micro Anti-Spyware did a decent job of cleaning up most stuff. I initially tried Ad-aware, as the first page recommended, but it didn’t successfully clean my hard drive. When Google found that Trend Micro had a page specifically on Ad Destroyer, I tried that one and it seemed to work better. But it didn’t catch everything.
- SpyBot Search and Destroy was also helpful. Its scan was, again, kind of useless, because it failed to root things out. But if you switch to the advanced menu, the tools it provides are good for tracking things down, in particular the startup cleanup, the BHO (Browser Help Object) cleanup, and the ActiveX object cleanup (bits of adware had been installed in all of those places).
- ZoneAlarm was very helpful for figuring things out. I just set all the settings to high. Then when I booted my computer, I wrote down all the things trying to access the net, and tracked them down in the startup files and deleted them.
- I switched to Firefox as my browser instead of Internet Explorer, which I should have done a long time ago. I use Mozilla exclusively at home, but hadn’t bothered to update my work computer.
- I installed Absolute Startup, but it was not as helpful as SpyBot Search and Destroy at cleaning up startup stuff. But its interface for real-time monitoring of whether the startup configuration has been changed is better.
- I installed Spyware Blaster, but I don’t know if it has done anything for me.
After all that, I still don’t think my work computer is clean. I noticed that ZoneAlarm kept on getting a request from “WinNT Logon Application” to access the net when I booted up, but I kept on denying it because I was skeptical since I run Windows XP. But after my system had seemed clean with no popups for a couple days this week, I let the suspicious WinNt Logon through to see what would happen. And, boom, I was re-infested. Fortunately, by then I knew exactly how to clean up after myself, and I had all the tools installed, so it only took twenty minutes or so to fix it. But it demonstrates that it’s still hiding in my startup someplace, despite running at least four different spyware removal programs in an attempt to clean up my drive.
Anyway. It was an incredibly frustrating experience. I work with computers, and it still took me eight hours to clean up my drive; I can’t imagine what a typical user would have done. This stuff is evil. So, beware. Switch to Firefox, don’t click on things, and if you do, there’s some tools above that may help.