In a fix
Got your own spyware horror story?
In my early Internet days, I used to think I was pretty savvy. I never opened an e-mail attachment if I didn't know the sender, always left my e-mail on the server instead of downloading my mail, and never went online without fully updating my firewall and antivirus programs. I used to tell people that a dialog box asking if you wanted to continue should be treated with suspicion, as yes is not always the right answer. You can see what's coming, right?
One day, I got a box asking me if I want to install "WinFixer." I clicked no, and instantly lost control of my mouse and keyboard. It was a button-swap trap, with no pointing to yes. Good thing I know about the power switch on the back of the tower, although I do not use it lightly.
This is where my paranoia came in handy. I have a CD of free antivirus programs, firewalls, and spyware removers that I burned for this kind of emergency. I update it with removal tools from places such as Symantec, Bit Defender, and others. This makes it easy to boot into Safe mode by holding down F8 (XP), then run the CD. It'll rip out the nasties in no time, as long as you keep it current. I also keep a floppy made with my old copy of Me for when Fdisk or Format C: are looking good and nothing else works.
I got the same message asking me to install "WinFixer" again not long after cleaning out my system. I clicked the x in the upper-right corner this time instead of a button in the dialog box. WinFixer was not installed, although I expect this loophole will be closed by the hackers soon. If WinFixer appears a third time, I plan to hit the hard-reset button, press F8 (XP), and run my emergency CD.
The moral of the story? I am the system admin of my PCs, and like the Linux guys say, never log in as Root or Administrator. The damage to my user account I can handle, but in root the baddies can see the master boot record (MBR)! Ouch.
Reply from the Download.com editors:
Three cheers for paranoia! Letting caution and your healthy fear of spyware lead you to create a recovery disc does take some effort, but taking the time to make one can save you a lot of headache in the long run.
WinFixer is one of those underhanded, rogue antispyware apps that creeps in via drive-by installations and through ActiveX controls. WinFixer first installs unwanted files, then attempts to scare you into purchasing its antivirus software as a cure. It looks like Pete here got a variant where clicking either button in the dialog box wrested away his control.
If you think you may have been compromised by WinFixer, Symantec has a list of the files and registry keys WinFixer installs. Knowing which files to look for will make the cleanup process smoother.
WinAntivirus and ErrorSafe are also linked to WinFixer, so keep a close eye out for other antispyware impersonators. As a general rule, it's safe to assume that any dialog box for a program you did not install yourself, and especially one claiming to have detected spyware, is itself spyware. It's a sure sign to update your antispyware definitions and start scrubbing.
See how CNET rates six of the most popular antivirus apps.
Most recent horror stories
| 5/31/06 | Uninvited guest |
| 5/24/06 | All in the family | 5/17/06 | Night of the living dead |
| 5/11/06 | Smiles turned upside down |
| 5/3/06 | Silent assassin |
| 4/26/06 | Code breaker |
| 4/19/06 | Hijacked by the man-in-the-middle |
| 4/12/06 | Blitzkrieg! |
| 4/5/06 | Registry cleaning error? |
| 3/29/06 | A Trojan stole my Web sites |
| 3/22/06 | Playing with firewalls |
| 3/15/06 | My brother's keeper |
| 3/8/06 | Roaches of the virtual world |
| 3/1/06 | Time to switch your OS |
*No purchase necessary; click for full details.
