I've become very good at removing these...I'd like not to have to.
My daughter's netbook running WinXP SP3 caught a particularly nasty one "XP Antivirus 2011". It pops up the usual warning screens, but it also hacks the registry to kill file associations for .exe files. It also shuts down the firewall and turns off automatic updates.
I've saved a permanent copy of the registry fix, and have bookmarked the dll's that I need to re-register in order to start the automatic updates back up. Malwarebytes, CCleaner, Microsoft Malicious Software removal tool and Spybot S&D clean everything up.
So...here's my problem. My daughter is an artist, and likes the community Deviant art. However, many of the images are re-directing to this crapware. AVG has gotten better at stopping the sites, but it the registry hack and automatic updates shutdown still occurs. I could blacklist it in the hosts file, but there aren't any odd entries. How do I pinpoint what site I need to catch? I've got her using Firefox...are there any add ons that might help prevent this? Or any standalone tools that would help?
I've come across some message boards claiming that Google image searches are also doing this fairly often.
My last resort is to tell my daughter to stay off of Deviant Art...which I'm trying to avoid.
Any suggestions, thoughts are welcome. I'm getting good at fixing this, but every other day is kind of a pain in the ass.
This might be lack of sleep, but would Virtualbox run on a netbook? I could setup a Virtualbox running Puppy Linux so she could browse Deviant Art without fear of Windows Malware correct? Or is that too much overhead for a Netbook?
OK...I can give noscript and ad block plus a try on Firefox. She is using the most current version of Flash. I try to keep all of that up to date.
I've got no experience with these Firefox add ons however. I try to keep my installs as lean as possible. Have they been known to cause issues with legitimate Flash applications? Or do they primarily block ads?
Originally posted by cranlsn I've got no experience with these Firefox add ons however. I try to keep my installs as lean as possible. Have they been known to cause issues with legitimate Flash applications? Or do they primarily block ads?
AFAIK if the Flash applet originates from a different site or even subdomain NoScript blocks it by default. Sometimes I have to set NoScript manually to allow obviously useful non-ad Flash content.
My concern with having both ADP and NoScript running at the same time is the possibility of their combined aggressiveness blocking too much real content or slowing down Firefox.
Thanks, we'll give NoScript a shot first, as most of the research seems to point towards url hijacking for this crap.
We'll see if this helps her out. If not...I've got the removal down to an (admittedly pain in the ass) science.
Well I've got no-script in place now...so far so good...but not before the damn thing came back again. But it is definitely coming from one of two sites she visits, as I was able to browse to hell and back with no issues before that. Hopefully the NoScript catches it.
I've gone through the registry, startup, and cookies with a fine tooth comb. I'm eventually getting a Windows 7 family pack this summer to get all of the PC's on the same OS, so if it comes to a complete wipe it's not that big of deal.
If they ever find a way to trace back these things and physically hurt the parties responsible...I want a front row seat.
Bring it down to a minimum number of components to boot it. I'd try taking everything off of the system except for 1 stick of RAM, CPU, Video Card, and CD-ROM. See if you can boot it off of a bootable CD-ROM.