November 29, 2021

Thank Bill for System Restore Points

If you’re like me you barely noticed the system restore point feature of windows XP – unless of course you noticed the amount of space it took up and turned it off.

Last night I was very thankful that this computer came with it enabled by default.

When somebody asked me if they could use my computer to check their MySpace I thought nothing of it. After all my default browser is FireFox, I have Avast Anti Virus, and Spybot Search & Destroy. I’ve even got every Windows update – including Windows Defender. What could possibly happen?

The worst spyware I’ve ever seen happened, that’s what.

Somehow my friend managed to start IE (which is hard on my computer since it’s not the default browser, and not on the desktop or taskbar) and visit her MySpace page.

Next thing I know, I was looking at ads for blacksingles.com, arcade software, and spyware removers every 30 seconds. I even had something in my system tray called “windows spyware something or other”

All of a sudden it started going crazy. It said some spyware was being installed would I like to block it. It then presented me with 2 buttons: Allow this spyware or buy the full version of this software to block it. There was no way to close this alert. The close and exit parts of it’s menus were restricted to paying customers, and killing it’s process didn’t accomplish anything. They were forcing me to pay to not get their spyware!! What a concept!

A quick run of spybot found 34 NEW things installed. 34!!

It removed all but 2. That’s where the ingeniousness came in.

This particular piece of spyware did a few creative things:

1.) It renamed itself to a random string every time my PC booted.
2.) It got involved in the boot process early so it was already running when anti virus programs tried to boot prior to windows.
3.) It didn’t leave a trace in win.ini, or any other part of the msconfig utility.
4.) It didn’t add anything in the Run or RunOnce sections of the registry.

After 3 hours of looking at affiliate pop ups I was about to look for my windows CD. Before I did that I looked at the properties of my computer (because I couldn’t remember if this was XP pro or home… I know my laptop is one and my PC is the other) when I saw the restore points.

Thank God they were enabled! 10 minutes later and I was good to go. Just in case I now lock my computer every time I leave the room – both at home and at work.

About Ryan Jones

Ryan Jones is an SEO from Detroit. By day he works as a manager of SEO & Analytics at SapientNitro where his team performs SEO for Fortune500 clients. By night he's either playing hockey or attempting to take over the world with his own websites - which he would have already succeeded in doing had it not been for those meddling kids and their dog. The views expressed here have not been paid for and belong only to Ryan, not any of his employers or clients. Follow Ryan on Twitter at: @RyanJones, add him on Google+ or visit his personal website: www.RyanMJones.com