WHEN MALWARE REALLY GRIPS YOUR SYSTEM
While trolling some of Microsoft’s XP newsgroups looking for someone to help, I came across the following horror story:
When I start my PC, a window appears:
Your Windows is corrupted with spyware virus.
You must patch your pc urgently to protect yourself.
Private info is accessed by ports:– 8080
– 3128You can patch your PC for free only now and delete all spyware viruses.
Click OK to choose and download free spyware removal using AntiSPY.
When I connect to the internet, a different window appears:
WARNING!
—- YOUR PC WILL NOT BOOT NEXT TIME WITHOUT URGENT PATCHING —-
Our analysis shows that your PC is infected with spy software.
You have been infected with ‘___winSterHJK v.2011.’
Your PC is now accessed through ports:– 3128
– 8080Your private information is in danger.
Patch your PC immediately for free.
No money, no credit card, all downloads are CNET certificated.
We’re the team of volunteers helping to fight with spyware.Click OK to choose and download free spyware removal using AntiSPY.
Then new page opens, its address is:
http://www.hotoffers.info/a0002/warning/danger.html
Beside this warnings, I cannot change the address of my home page in IE other
than: http://www.hotoffers.info/I’m using Windows XP Professional, SP1 with all updates.
I even tried install SP2, but no changes.Thank you for any reply.
When you’ve lost control of your computer as this fellow has, there are only two things to try. The first I’ll describe below. The second is to reformat your hard disk(s) and reinstall the operating system and all your programs. The second is apt to be painful, with a permanent loss of data unless you regularly back up your important data. I’ve discussed this in previous columns.
Here was my advice.
1) Download the following two items…
Create a file on your C disk, say C:\\SysCleanPackage. Download the SysClean Package to that folder. The name of the file is SysClean.com.
Now download Latest Trend Pattern File.
Download lpt341.zip (or whatever) to the same folder.
Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.
2) The third item you need is a spyware remover. If you’ve been taking my recommendations you’ll have SpySweeper on your system. When you buy Webroot SpySweeper you pay $29.95 for a year’s subscription. This not only allows you to update the ‘fingerprints’ but the versions of SpySweeper as well. The latest version is 3.5.
Make sure you update the ‘fingerprints’.
If you don’t have a spyware remover, download Adaware SE (free personal version v1.05), and update its definitions.
3) With these three programs in place, now go to Disable System Restore .
The instructions couldn’t be clearer.. You’ll be prompted to reboot your system. Do so. When Windows is up again,
Using both the Trend Sysclean utility and your spyware remover, perform a Full Scan of your platform and clean/delete any infectors/parasites found. (A few cycles may be needed).
Restart your PC and perform a “final” Full Scan of your platform using both the Trend Sysclean utility and your spyware remover.
Now re-enable System Restore and re-apply any System Restore preferences (e.g. HD space to use suggested 400 ~ 600MB).
Reboot your PC. You’re back in business.
Dennis Turner