We had another dry week here in the Southport area. And pretty cool at night too. But the seasonal traffic is increasing; I made the mistake of attempting to travel from Southport to my home on Oak Island on Friday about 3:30 PM and the line stretched back further than I had ever seen it - it was so bad that I was actually caught in the wrong lane - I thought the backup was traffic turning into the hotel. I just so can't wait for the start of the full tourist season!
One of my client's PCs caught a cold this past week - it was counterfeit antispyware software called SpyLocker (formerly SpyLocked or SpyDawn). My client had let her son use her PC to visit some websites and downloaded some music, but apparently that was enough to catch the problem. This nasty piece of work can spread by a trojan called ZLOB and once in your PC it takes over. Lots of new icons appear on your desktop and your web browser home and search pages area directed to their website. You will also get frequent popup windows that state that your PC is infected with spyware and that you should click to go to their website for the solution.
When you get to their website, you have to pay to download their software, which purports to be a general purpose spyware eliminator. Perhaps it does do that to some extent, but it certainly doesn't do what you primarily bought it for - to eradicate itself! Oh, it probably stops being nasty to you, but it is latent in your PC just waiting for them to think up some further mischief that you will need to continue to pay for. Your PC is hijacked and you are being blackmailed, in effect.
My first task is to get rid of the infestation, and then to reconfigure the client's PC so it doesn't happen again.
For assorted malware, I carry four tools in the BSC truck: three antispyware programs - Adaware, Spybot, and the Microsoft Malicious Software Removal Tool (MMSRT for short), and I also carry new copies of Norton Internet Security 2007. Adaware and Spybot both have free versions for personal use, and MMSRT is free from the Microsoft website. I have always been a big fan of Norton and will almost always recommend it to my clients. If needed as a component of the disinfection, I will install Norton on the client's PC. I also make sure that I have all the latest virus and spyware definition files for these programs on CD, as I may not be able to download them from the Internet if the client's PC is not functional.
I generally start my scanning for the bad guys by using Spybot. Since this takes some time, I browse the Internet for clues while Spybot is running. In this case I had to use my own notebook PC as the client's PC was a vegetable.
Since in this case I knew the name of the infection I typed in "SpyLocker" into the Google search field and the screen almost exploded with results - apparently this bad boy was very well known. But then I had to read through the resultant entries to find out what the cure was. Unfortunately, all that I found was manual disinfections (i.e. manually stopping processes, registry editing, and so on). I am capable of doing this, but always feel that if one of the real antispyware programs can do it for me, so much the better.
But I did finally find an entry that indicated that Spybot or Norton was not able as yet to fix the problem, but Adaware was. I then aborted the Spybot run, ran Adaware, and the problem was indeed eradicated. Chalk one up to Adaware, but by the time you read this I believe all the tools will have caught up, and there is now a website for eradicating SpyLocker that has its own disinfection tool.
The next step is to prevent it in the future. My client did have Norton Anti-Virus 2007 installed and as of the May 7 definition update it should have detected the problem. I will need to check with my client to see when the infestation occurred and if her definitions are being kept current via LiveUpdate.
So the lesson here is that you should have both antivirus and firewall software in your PC and up to date, and that if you use your PC for business it would be a good idea to get your children their own PCs!
(Bob Seidel is a local computer consultant in the Southport - Oak Island area. You can visit his Website at www.bobseidel.com or e-mail questions or column ideas to him at bsc@bobseidel.com. For specific inquiries, please call Bob Seidel Consulting, LLC at 278-1007.)