Scumware, plain and simple.

ByMike McBride Reading Time: 1 minute

One of my users got hit with spyware today. It seems they went to a website that used either an ActiveX or popup javascript to drop an .exe file in their Temp folder at 8:59AM. This .exe then went to work and by 10AM his PC was infected with eZula, eXact search, WhenUsearch, MaxSpeed, Bargain Buddy, and about 10 other spyware/adware programs. I was able to get it clean after a few hours of work, I think, thanks to a combination of a lot of Googling, AdAware, Spybot Search and Destroy, and the background info provided by TrendMicro on the original culprit, WinWildApp, which in turn helped me find the file and process that was restarting itself and downloading new stuff as soon as I tried to put it back on the internet!

Now I have to figure out what IE or other setting let this f#$%^r get downloaded in the first place, and how that setting got overlooked or changed. Needless to say, I am not a happy camper!

By the way, the fact that one of the very first popup ads these wonderful little programs brought up on his PC was a warning that he had been infected with spyware and a link to a cleaner made me even angrier!

Share with your friends!
LinkedInBlueskyMastodonThreadsRedditBuffer

Similar Posts

  • Since it came up..

    ByMike McBride Reading Time: 1 minute

    Only because some one asked, let me reiterate that if you look way down there on the bottom left-hand side of the page, you’ll see a link to the Creative Commons. If you follow the link, you can get a look at the simple “licensing” structure I have in place for this blog and what…

  • More interesting things

    ByMike McBride Reading Time: 1 minute

    Seen at Geek News Central, Zoomr, an on-line photo-sharing service similar to Flickr is giving away free pro accounts to bloggers. That’s actually not a bad idea to generate some Buzz, especially when Flickr has really become the market leader and beaten you to that Buzz. When that’s the case, you definitely have to get…

  • Response

    ByMike McBride Reading Time: 2 minutes

    Bryan, over at BlendMart had this to say in response to one of our discussions about patching and firewalls and what not: “On a side note… to the folks commenting at Life of a one-man IT department, just because all your ports are closed and you don’t have Internet facing servers on your network is…

  • Hardware afterall

    ByMike McBride Reading Time: 1 minute

    Turns out the laptop is a hardware issue afterall, only not with the mouse or the touchpad, seems to be a motherboard issue. Compaq is picking it up this afternoon and taking it in to be fixed under warranty. Thank God for warranties, I didn’t really want to replace the motherboard myself, too many other…

  • RSS Digest

    ByMike McBride Reading Time: 1 minute

    You remember I told you about RSS Digest the other day, right? That’s the service I used to get those nice little lists of the latest posts from my other blogs on the right-hand side of the screen. Well yesterday they announced beta support for Atom feeds as well. (No permalinks, but it’s on the…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)