Cavalcade of Spots 2

An acquaintance of mine called me for help with her Win 8.1 computer; it had gotten really slow since New Year’s Day.

When I got there, I found the kind of Windows malware mess that you read about on rabidly partisan Linux websites–adware and pop-ups just flooding in, a true cavalcade of spots. It took me three and a half hours to wrestle that puppy into submission.

I started by removing about a dozen questionable programs in Windows–>Control Panel–>Programs and Features. If she told me she had not installed the program, it was gone. One of them, YTDownloader, fought removal tenaciously.

I scanned with Spybot S&D and Malwarebytes, which rounded up dozens of suspects. (A good part of the three and a half hours was waiting for the scans to finish.)

The worst item, though, was www-searching.com (don’t go there), which had hijacked her Windows Internet Exploder. You can read about it here. It had a particularly nasty trick: It changed the Internet Explorer “Tools–>Internet Options–>Advanced–>Connection” settings to use a proxy and made itself the proxy server. When I tried to change the connection settings to not use a proxy, this bad boy changed them back as soon as I “Okayed” the change. I finally got rid of it following the instructions at the “you can read about here” link above.

Along the way, I also installed a “hosts” file. It’s great passive protection.

I’ve seen a worse infestation only once, about 15 years ago, when my neighbors got cable internet for the first time and hooked it up to a Windows box with no anti-virus or firewall installed. This time, the odds are that my acquaintance inadvertently installed some innocent-looking program which dragged all this stuff along with it.