What to do when it all goes wrong. Part 1

September 13, 2007 at 6:52 pm (Knowledge, Security, Tech)

The most common computer repair problem I face.

I repair computers from home (among other things), to make extra money. Time and time again I run into the same problems. One problem, however, has become epidemic. No, I’m not talking about StormWorm, *shudder*. that’s a tale for another day. No, I’m talking about Rouge Anti-Spyware.

“Warning! Potential Spyware Operation!”

Reads the small pop up window.
If you have ever seen this, or one of the many variants of it: “Your computer could be infected with spyware,”
“Please download Blah to get rid of this problem,”
or my favorite: “Files are being copied to the internet!”
Then you too have dealt with the dreaded scareware. Fixing this problem can seem beyond your means, but maybe I can help. If you live in the Lincoln area, please visit my computer repair website to fix this problem.
Just kidding.

“But how do I fix it?”

Today I am going to show you how to fix this problem. It might even get it’s own category. I hope you have a few minutes. You also might want to (temporarily?) bookmark this page, as you will have to reboot your computer. Or, if you have access to another computer that you can keep this page open to, just work off of that. I will be noting when you should copy certain steps to notepad, to run offline. I will also assume that the infection has stripped you of administrator rights, and walkthough the steps to regain them. If you still have all rights (you can freely move files, you have access to your control panel, you can add and remove programs), just ignore those steps.

More stuff to put on your computer (sorry!).

The first thing you will want to do is download a few programs. These bits of software are going to help us deal with the infection. Do not install any of the software yet. Go ahead and download them wherever you want, but i recommend your desktop, to keep track of them.
(More tools can be found at SpywareInfo. Great forums for fixing infection problems)
1. SmitFraudFix. Can be found here and here.
2. Spybot-S&D.
3. AVG Anti-Spyware.
4. AVG Anti-Virus.
5. Ad_Aware.
6. HiJackThis. Download the installer file.

Running (your friend) HiJackThis

Ok, all done? Good, now on to the fun stuff.

  • Go to “Start” –> “My Computer” –> “Local Disk C:”
  • Now right-click on the folder and select “New” –> “Folder”, name the folder “HJT”, and press enter.
  • Double click on the HiJackThis installer. Click “browse,” select “Local Disk” –> “HJT” and click “OK.” Now click install.
  • Click “Do a system scan and save a logfile.” The program will open a window with a lot of information in it. Don’t worry about this for now. A text window will also pop up. Click “File” –> “Save As” and save it in the “HTJ” folder.
  • Close that program.

That was to save exactly what is running on the computer right now. In case these instructions fail for you, we will be making logs of our activities, to find out what went wrong. The SpywareInfo forums can help you out from there.

Fraud? It can be fixed!

Now to run SmitFraudFix. Open this page in another tab or window. Copy down the instructions in the first post to notepad. Save this to the desktop as “SmitNotes” or whatever. Just remember what you save it as.
Next, get ready for your first of many reboots. Don’t do this yet. Your going to want to restart you computer in safe mode. If you already know how to do that, go ahead and start, running SmitFraudFix in safe mode, following the instructions you copied to notepad. If don’t know how to restart in safe mode, whoa man, this is not going to be fun for you. 😛 It’s ok, I’ll help. If you want the hard way, but the way that will help you learn: Google it. Otherwise instructions for restarting in safe mode are here. After you are done running SmitFraudFix, go to “What to do when it all goes wrong. Part 2”.


1 Comment

  1. kaose said,

    I’ll be finishing this article if someone requests it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: