Every working day, and I mean every working day, we see computers completely buried in malware and PUPs. Today, we’re going to show you a typical day in our lives when some poor soul, whose hard drive was only 2 months old came to us to have us check over their computer. Keep in mind they had a local tech install a new hard drive and reinstall Windows less than 2 months prior to our repair session with this customer.
The local repair shop installed a brand new hard drive, and re-installed Windows (Windows 7 Home Premium 64-bit) and installed the following security software on it:
- Microsoft Security Essentials
- Spyware Blaster
All were updated to the most recent versions.
It didn’t take us long to see the tip of the ice berg – here is a screen shot of a list PUP/Malware processes running on that PC (and this is only some of them):
The first 9 processes listed were all Mindspark PUPs/Malware. Mindspark was fomerly known as FunWebProducts until almost everyone got wise to them and recognized their name. As they say — a rose is a rose by any other name is still a rose – and a skunk by any other name is still a skunk.
The PUPs and Malware on this computer had hijacked the Internet connection so that all Internet traffic was being routed through a proxy server own by a malware company. The traffic flowing through malware proxy could be analyzed and used for very purposes – most all of them nefarious.
Above: You can see that “Use a proxy server…” was checked and “Automatically detect settings ” which is the default Windows networking setting, was unchecked. It should be illegal to change someone’s network settings so that information can be stolen and routed through a proxy server – but apparently it’s not. This person’s internet connection was hijacked by malware and she was not ever aware of it. How long it had been hijacked we couldn’t tell but all her web traffic flowed through the malware proxy for as long as her connection was hijacked. We reset her internet connection back to normal.
The Internet Explorer browser had by hijacked by Taplika – it’s search and home page changed by the malware/PUP distributor Taplika. We removed Tablika hijacker and changed the home page to one of her choice.
Above you can see the Windows Configuration Tool (MSCONFIG) showing the list of startup programs. I started to manually uncheck them to keep them from starting with Windows, I was down to the DailyBibleGuide PUP/Malware when I stopped and took this screen shot. (It’s sinking pretty low when you start using someone religious faith to induce them to install malware/PUPs – but apparently nothing is too low for Mindspark.) Then, of course, I unchecked them as well as all the other malware/PUPs were starting when Windows booted. Above you can see 12 of the 17 malware programs that were starting with Windows – all using resources continuously in the background.
After manually removing dozens of PUPs and malware programs, we installed Emsisoft and ran an additional scan – we found remnants of 14 hidden files. Emsisoft got rid of 12 of them quickly and removed the other 2 at reboot.
As we have have written may times before, there isn’t any one-click fix for computer repairs. This computer a new hard drive installed and a new Windows installation, and the tech who installed the hard drive decided to protect this computer with Malwarebytes, Microsoft Security Essentials and Spyware Blaster, and you can see the result. In less than two months this computer was full of malware, and even though it was essentially less than 2 months old, it was already full of malware.
It’s really important that you are careful installing software – that you pay attention where you download from and that you pay attention during installation. And it’s really important that you use a security program that not only protects you from viruses and Trojans, but just a importantly protects you from the things you’re going to encounter almost every day – malware, rogues, and PUPs. We recommend Emsisoft – it’s the best in our opinion. But not even Emsisoft can give you carte blanche to roam the Internet without fear and download and install software indiscriminately.
Your safety and your computer’s performance depend on you and the decisions you make. No software program, not even a bank of them can protect you all the time from everything. Emsisoft can help you keep your computer clean and free from PUPS, malware, viruses, rogues and Trojans better than any other security software anywhere – but you have to be alert too.
It took us over an hour of digging around on this lady’s computer to get rid of all the malware and PUPs on it. But one of the great parts of our job is when we see how happy folks are when their computer is clean and working as it should again. That’s the best part of our job!