Despite all the precautions I take here to remain free of the various nasty things roaming around the net, occasionally I end up having to deal with this crap.
This time one of my kids ended up infecting his PC with a ton of ad-ware. It was placing icons on his desktop and popping up various advertisements on his screen. Since he is not the type of kid that loves tinkering with computers, he ended up telling me about it and I had to deal with the mess.
One thing that baffles the hell out of me is that how this kind of stuff could ever make a dime for any of the scumbags out there that must be profiting from this crap. What kind of moron would someone have to be to end up being bombarded with pop-up ads on their PC and actually buy something as a result? That’s the kind of stupidity I cannot even begin to comprehend, but it must be happening because these scumbags would not be doing it if they were not making money from it.
Anyway, I hauled my less-than-enthusiastic self up to my son’s room and sat down in front of his PC. A quick look confirmed that a lot of ad-ware crap had invaded his PC. He probably downloaded a free program from some website that was infected, but since he visits so many sites, he could not recall which one it may have been. Since I was interested in getting the machine cleaned up as quickly as possible, I did not care to spend a lot of time trying to figure out where he got it. These adventures consume too much time as it is.
The first thing I did was to download the latest copy of the Ultimate Boot CD and burn it to a CD. The best way to approach something like this is to use a bootable CD like this one. It’s a fabulous resource and I highly recommend it.
What makes the bootable CD so useful is that the ad-ware is not able to touch the CD. Ad-ware and other nasty programs can often spread and re-install themselves on your PC even as you are attempting to remove them. Since it is physically impossible for the PC to write to the CD, there is no way that the CD can be infected by any of the programs you are trying to remove. This gives you a “clean” environment to work from.
The Ultimate Boot CD has many useful programs included on it, including several anti-virus and anti-spyware programs which I was able to use to clean much of the ad-ware off the PC.
One key thing to remember when cleaning nasty programs off your PC is that you want to try to use as many different programs as possible. Not every program can remove every type of infection and this was certainly the case with this infection as some programs missed other problems that were picked up by others.
Something else that was confirmed for me this time was the usefulness of firewall programs. During the course of my efforts to remove all the ad-ware from my son’s PC, it was very easy for me to see that there were still infections there that none of the anti-virus or anti-spyware programs could find. Each time I would clean up some of the ad-ware and re-start the PC, the firewall would alert me about a program with a strange name that was trying to connect to another system out on the internet.
I tried quite a few of the popular and well-known tools to remove all the crap from the PC but this one program seemed quite difficult to get rid of. It seemed to be using filenames that were hidden from most normal efforts to locate it, but the firewall program would alert each and every time it tried to connect to the internet.
For those that are not familiar with firewall programs, they are similar to anti-virus programs in the way they sit quietly in the background and wait for something to happen. In this case, attempts to connect to the internet from your PC, or, from systems on the internet attempting to connect to your PC.
Most firewall programs have a “learning” function built it that allows you to tell the firewall which programs are allowed to access the internet. You simply install the firewall program and then wait for it to start alerting you to programs that are trying to communicate via the internet. Once you have informed the firewall program about all the programs on your PC that are allowed to use the internet, you should not normally see alerts from the firewall unless a new program, that it does not know about, tries to communicate via the net.
This is what makes the firewall an invaluable tool in the battle against the makers of ad-ware and other nasty programs. Another thing I should point out is that some nasty programs that are particularly nasty have functionality built into them that allows them to bypass the firewall program or actually locate the firewall program running on you PC and terminate it! Talk about scum-ware!
I have my own answer to clever programs like that which involves using an older firewall program that has not been available for quite a while. Although it is certainly not foolproof by any means, my logic is to assume that most sophisticated scum-ware that is able to bypass or terminate a firewall program is probably programmed to recognize only up-to-date, or at least fairly recent, firewall programs. It would take a massive effort to track down every firewall program from the past few years and include functionality to identify them all as part of the scum-ware program.
I’m not going to say what firewall program I am using except to reveal that it is probably at least 5 years old, is no longer available and still works just fine on the PCs in my house.
The firewall also helped my find an effective and very unexpected solution to the problem of removing the last nasty program from my son’s PC. I probably could have used one of the advanced file management programs from the Ultimate Boot CD to locate and delete the hidden program, but what I discovered with the help of the firewall program saved me a lot of time and trouble.
When the firewall program produces an alert about a program trying to communicate via the internet it provides the name and location of the program that is trying to access the internet as well as the internet IP address of the computer that the program is trying to communicate with.
Most of the time these scum-ware programs are trying to contact other computers on the internet in order to send data back to them about the web surfing habits of the PC’s owner or to grab more scum-ware programs to install.
This appeared to be the case with my son’s PC since it had at least 10 different ad-ware and trojan programs installed on it. Apparently, some of them are designed to go grab more scum-ware off the internet and install it as fast as it can.
When the firewall program alerted me to the IP address of the computer that the scum-ware program was trying to reach, I decided I would type that address into a web browser and see if I could get a site to come up. That might help me figure out who was behind this and how to get rid of it.
Sure enough, a website appeared on the screen for some low-life advertising outfit whose name escapes me now. That was not too much of a surprise, but what was surprising was a link on their page that was labeled “Uninstall.”
Hmmmmm, could this actually be a way to rid my son’s PC of the scum-ware in question? I clicked on the “Uninstall” link and was shown some instructions on how to download the uninstall program and run it to remove the scum-ware program.
I download the uninstall program and ran it on my son’s PC. It informed me that the program had been removed. I wondered if this was too good to be true. Not being too willing to trust a scum-ware purveyor, I had wondered if the “uninstall” program instead infected my son’s PC with even more scum-ware!
I re-started his PC and was surprised to see that the firewall alerts were not longer coming up on the screen. As amazing as it seemed, the scum-ware makers actually provided a way to uninstall their program. After a little investigation, I found the same to be true for one of the other scum-ware programs whose IP address I had written down a little earlier in the process.
The bottom line is that you should get yourself a firewall program and use it, if you are not doing so already. There are a few good firewall programs you can download and use for free. Just search for “free firewall” on Google or Yahoo to find one you want to try.
If you are not terribly computer-savvy, the idea of using a firewall may seem intimidating at first, but give it a try. The protection you get from it is worth learning enough about it to keep it running on your PC at all times so you will know what kinds of things may be going on behind the scenes that you might otherwise never know about.
Leave a Reply