Ryan Jones Blog – dotCULT.com Ryan Jones Blogs About Internet Culture, Marketing, SEO, & Social Media

June 19, 2007

Thank Bill for System Restore Points

Filed under: Main — Ryan Jones @ 6:45 pm

If you’re like me you barely noticed the system restore point feature of windows XP – unless of course you noticed the amount of space it took up and turned it off.

Last night I was very thankful that this computer came with it enabled by default.

When somebody asked me if they could use my computer to check their MySpace I thought nothing of it. After all my default browser is FireFox, I have Avast Anti Virus, and Spybot Search & Destroy. I’ve even got every Windows update – including Windows Defender. What could possibly happen?

The worst spyware I’ve ever seen happened, that’s what.

Somehow my friend managed to start IE (which is hard on my computer since it’s not the default browser, and not on the desktop or taskbar) and visit her MySpace page.

Next thing I know, I was looking at ads for blacksingles.com, arcade software, and spyware removers every 30 seconds. I even had something in my system tray called “windows spyware something or other”

All of a sudden it started going crazy. It said some spyware was being installed would I like to block it. It then presented me with 2 buttons: Allow this spyware or buy the full version of this software to block it. There was no way to close this alert. The close and exit parts of it’s menus were restricted to paying customers, and killing it’s process didn’t accomplish anything. They were forcing me to pay to not get their spyware!! What a concept!

A quick run of spybot found 34 NEW things installed. 34!!

It removed all but 2. That’s where the ingeniousness came in.

This particular piece of spyware did a few creative things:

1.) It renamed itself to a random string every time my PC booted.
2.) It got involved in the boot process early so it was already running when anti virus programs tried to boot prior to windows.
3.) It didn’t leave a trace in win.ini, or any other part of the msconfig utility.
4.) It didn’t add anything in the Run or RunOnce sections of the registry.

After 3 hours of looking at affiliate pop ups I was about to look for my windows CD. Before I did that I looked at the properties of my computer (because I couldn’t remember if this was XP pro or home… I know my laptop, like that huawei laptop, is one and my PC is the other) when I saw the restore points.

Thank God they were enabled! 10 minutes later and I was good to go. Just in case I now lock my computer every time I leave the room – both at home and at work.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress