Recently I was asked by a friend to rid his Windows XP machine of a particularly annoying virus/malware. It faked the Windows Security Center and was constantly displaying annoying pop-ups. It sat in the system tray and would not go away. It disabled your ability to change the desktop background and also disallowed you from accessing the task manager. Anytime you clicked on it the virus would open Internet Explorer and try to make you download some other virus.
I searched around the Internet for a while trying to see if people had several problems. After trying a bunch of different solutions I decided I should just investigate the problem by myself. First I checked in the usual places such as msconfig and in the Run folder in the registry to see if it had added any entries there. That didn’t turn out to be very fruitful. I loaded up TRK and ran the AVG Scanner and the BitDefender Scanner and both of them came up with some minor entries, but not the actual problem virus. Eventually, in a moment of desperation I cleared out all of the IE Temporary Folders. As it turns out the virus had installed itself in there. I imagine it was activating itself through the “Active Desktop” feature of Windows which is why they didn’t want you changing the background.
As I would find out getting rid of the virus was the “easy” part. After that was gone I spent another hour trying to make it so you could change the background again. Everything I read said it was real easy… you just click the “Web” tab under “Customize Desktop” which was under the tab for changing the desktop background. Well… this virus had removed that tab altogether. I then followed several guides to try and get the tab back. No luck >_<. Eventually I resorted to a System Restore, which I actually hate, but that ended up solving the problem. Though it rolled back my installation of Spybot S&D which was a bit of a pain, but I figured it worthwhile to reinstall it since this person said they didn’t want to use Firefox.
This sort of experience is what makes me love Linux that much more… 🙂 . I have been a Gentoo user for a little over 4 years now and I will take a broken package problem over an annoying virus any day!