coneblog

So I’m locked in a death-struggle with evil Adware which is rendering my Spouse’s laptop virtually unusable. Time to do some research:

Adware is defined thus: While not necessarily malware, adware is considered to go beyond the reasonable advertising that one might expect from freeware or shareware. Typically a separate program that is installed at the same time as a shareware or similar program, adware will usually continue to generate advertising even when the user is not running the originally desired program.

“Go beyond reasonable advertising”? I’ll say. Screwing up your machine, and maliciously designing the code to be virtually impossible to remove. There must be a special place in Coder Hell for people who write these – having to find the un-findable bug in ten million lines of Assembler…but I digress.

I take this battle to the next level – I download Spybot from downloads.com, install it, and run it. It finds 33 items – mostly modified registry entries, with some bogus entries, some files, and some cookies. Not to many files, as knowing the approximate time of infection, I went on a file witch-hunt thru Windows/temp, programs/common and windows/system, and deleted a bunch of stuff.

By the way, interrogation of the Home user community revealed that the probable cause of infection was a download of song lyrics from a music site.

Upon reboot, however, the machine was not clean. The toolbar was gone, as was the bogus homepage, but after a few minutes unwanted popups began appearing, without Internet Explorer running. Time for Ad-aware, step two.

Downloaded it, installed it, ran the update process, ran the scan. It, too, found 30 or so items, registry entries and a few files and cookies. While I’m at it, I check the IE security settings and the Trend Micro firewall settings, and match them to the recommended settings. I enter the most persistent pop-up IP address into the restricted sites in IE tools/security tab.

Weary, short 4 billable hours, and extremely annoyed, I reboot, open up IE and wait. So far so good – the normal homepage comes up well behaved. I leave it and come back in 20 minutes. And there it is – a new IE window attempting to access the prohibited site. It can’t get there, but it is trying, with a blank window. 20 minutes later, the machine is in the process of freezing thru “resources are extremely low”.

It is still in there – trapped, wounded, but still making trouble – I can see its beady little red eyes. And I’m staring at the screen – glassy-eyed – like a coder with too little sleep.