This is what happens when you don't update your security software.:rolleyes: Mom's landlord asked me to have a look at his Pc as it was "running slow and probably has a virus" So up I go on Saturday afternoon with my bag of tricks.
While they did have Norton, Spybot S&D, and Ad-Aware installed, it was all well out of date. I tried to uninstall Norton so I could put on AVG but I kept getting an error about removing a registry key. Thinking this might be virus related I went to install Ewido only to find I didn't have the latest version and the updates I downloaded wouldn't install. :doh: So I started a scan with McAfee's Stinger while I went back home to get the latest version of Ewido.
The Stinger picked up one virus. I got Ewido installed and started a scan.
Ewido found several references to the CoolWebSearch hijack so I stopped the scan I was running after about 100 infections and ran CWShredder a few times to clean that up. Then another scan with Ewido. This time I let it run all the way through and it found 1275 infected objects :yikes: :yikes: :faint:
Cleaned all that up and then went to work on removing Norton. Seems the uninstaller was having trouble removing the toolbar from IE. First I tried disabling the toolbar, no go. Then I tracked down the key in the registry and tried to delete it manually. Here I got a message telling me I was denied permission. 💡
So you can set permissions on registry items like on files. Very interesting. And when I checked there it was set to deny any changes to BHOs. It took me a bit of fiddling to get the permissions set right, but as soon as I fixed that Norton uninstalled without a hitch.
So Norton off, AVG free on, and another virus zapped. Then Ad-Aware – another 100 or so nasties.
By the time I got to Spybot S&D it was nearly 9pm and for some reason the scan was going slower than a wet week. Usually Spybot is one of the quicker scans, so I decided to call it a night and just left it running.
The next day when I got back I found the reason for the slow response. 1100 problems, including 1001 CWS infected DLLs. Spybot fixed everything except for one stubborn file that refused to delete even running a scan on startup. So I used the file delete tool in HijackThis.
One final scan with the latest updates of Ewido revealed that I hadn't completely fixed the registry problems from the previous day. CWS had left three BHO entries in the registry that refused to be cleaned. Back into the registry, more changing of permissions back to what they should be, and I was finally done.
For good measure I installed SP2, and cleaned up and defragged the hard disk.
Not a bad (2)days work if I do say so myself.:spock:
PS When I feel up to it I'll link to all the tools I used. in the meantime there's always Google.