If you're not familiar with WhatTheTech.com, read on...
My granddaughter was at the house over the weekend, and came to get me because of a message on my wife's computer. Turns out she got a popup from one of those freakin' places that say "Your computer is infected". She hit "No", but turns out the entire page was a picture with a link to install the stuff. I can't remember why it wasn't installing, maybe because of other protection I had, but I stopped that, and after a bit of work got rid of a couple windows from the place.
So then I was concerned about what else may have been installed and why was she getting popups, so I checked the normal suspects in the registry for startup stuff and didn't find anything odd.
But yet the popups shouldn't have happened, so I looked at the Add-Ons in IE, and found some weirdly-named BHOs such as xxystuKk.dll ... now that's just wrong... so I disabled them, rebooted IE and most were back. So now it was time for Spybot Search and Destroy.
SDD needed an update which wouldn't install, so that was bad. I was finally able to get the old version to run and it found about 8 things and removed all but 1. I found a removal tool for the last one, and it appeared to all work, but I was still getting popups and the weird names were still in the BHO list. Time for WhattheTech!
I think this is the 3rd time I've needed the services of these guys. Once for a brand-new machine that caught something prior to getting a Windows update, and once on my wife's old machine probably for the same reason this one happened.
Even having been there before, I checked out the "before posting" message and ran the backup for the registry. I then downloaded a fresh HijackThis and produced a log, opened a new thread, posted my log and waited.
Actually that's the hard part... waiting. There are only so many folks that volunteer to be trained to help, and there are tons of folks logging in and needing help. And you need to wait, because the folks helping look for posts with 0 responses. If you try to ping your own post, it will make it look like you're being helped by someone, and you'll have to go to some other extreme to get it looked at. It wasn't until I got up at 5:20 this morning that I found a message waiting from "RatHat". That started a 3-hour back-and-forth of 6 instruction/response sequences that you can see in my post.
I hung around waiting to go to work to get to the point that he asked for a new HJT log because that's usually the end of it. I got one more message after I got to work, but it looks like it's mostly cleanup and one more virus check just to be sure, for sure. I'll do those tonight.
Bottom-line... if you need to get rid of a virus or some malware, checkout What The Tech, and go to the forums to get yourself a login and get help... they know what they're doing!
Thanks WhatTheTech!
Technorati Tags: 
Productivity 
WhattheTech
posted @ Monday, January 12, 2009 10:32 AM