Hey guys, I'm doing technical support for my dear mother (I know...)
And I had a quick question.
Seems she's gone and installed herself one of thoes ever-helpful "Spyware-detection" programs that has hijacked her computer. This particular one is called "AntiVermins"
She already has Norton Anti-Virus, which picks it up and blocks it fine, but every time the computer is rebooted, the thing comes back.
So I do a little googling to find a solution to get rid of it permanantly without having to resort to a system restore, and this site called 411-spyware.com has detailed instructions on what to do, and offers an executable that will fix it for me.
Mainly, my question is: is 411-spyware a trustworthy site, and should the executable be safe to run or would I just be replacing one problem for another? If the executable isn't safe, is it's info? I don't want to go mucking about my registry without knowing for sure the person directing me is worth trusting.
Thanks!
Posts
Things like this are deep in the computer's registry and shit. You'd have to remove files manually which could take hours. Just restore it and tell her to use ONLY Adware and SPYBOT. The Microsoft Antispyware is good too so you can install that one also. Install them for her and tell her not to install any other ones.
* Spybot Search & Destroy
* Lavasoft Ad-Aware
* Prevx-1
I should qualify that last one. Prevx-1 I heard about from Dan of dansdata.com. He seems like an OK guy, but he wrote a blog post where he had spyware problems, tried everything, and finally found Prevx-1 and that worked.
I've read his articles for a few years now and he seems to value his reputation. Still, in the spirit of full disclosure, it's possible he was bought off. I've never had a computer with Prevx-1 on it suddenly develop weird infections -- but I haven't used it but for two or three weeks.
So I make no guarantees about Prevx-1, except that I trust it enough to use on family computers, and it currently seems to be not crap. Their software will detect problems for free (so it'll tell you what you have and you can look up how to clean it yourself), but they want to charge you for the removal part (but they give you 30 days free for that.)
In the long run, since VMware Server is free, if her PC is sufficiently powerful you might consider making a VMware machine and having her do all her risky Internet crap in a VM. Also consider having her run as a less priviledged user.
XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
Disable System Restore. It's nothing but a festering cesspool for malware.
Turn off System Restore and delete ALL restore points. Boot to safemode and run your spyware removers. See if the lack of running services will allow for it to be removed completely.
Boot through a live CD (BART XPE and UBoot are great for this purpose) and run your spyware removers. Running a live CD means nothing is being used from the native OS installation, thus all files are available and ready for modification.
If neither of these work, I'd suggest an FFR.