Fascinating, but Sinister Spyware

Fascinating, but Sinister Spyware

This week I’m fixing an old Toshiba laptop that was loaded with spyware. It had all these spyware:

  1. Adware BHO Generic
  2. Win32 Trojan PSW Sinowal
  3. Win32 clowsd
  4. Alexa Related
  5. Microsoft Windows Security Center Virus Override
  6. Microsoft Windows Security Center Firewall Override
  7. Microsoft Windows Security Center SP2 Update Override
  8. Microsoft Security Center _disabled
  9. PWS LDPinch IE
  10. SC Keylogger
  11. Smitfraud – C.generic
  12. Win32. Alphabet.ap
  13. Win32. BHO.je

The laptop actually had more than this but I didn’t write them down before I got rid of them. I used these three anti-spyware applications to get rid of the spyware: Ad-aware SE Personal, Spybot, and Spyware Doctor (my new favorite anti-spyware, although it’s not free.)

The fascinating spyware I love to hate, is one that places a program in the Startup. Everytime I tried to run AVG anti-virus, the spyware would start this:

HKLM…Run:[KernelFaultCheck] %systemroot%system32dumprep 0 -k

And immediately a system dump would begin with a blue screen of death and, I’d have to restart the computer without being able to run a virus scan.

The client and I decided to reinstall the operating system since she didn’t need anything on her harddrive. It’s an old laptop she uses for e-mail only. But normally I would have run all my anti-spyware tools, anti-virus (I prefer AVG), plus rootkit tools (see my rootkit post.) I like to get rid of spyware without reformatting, as most computer repair services do. They immediately reformat!!! Not Ducktoes. Ducktoes does anti-spy without data-fry!! So businesses and people can lose their spyware but keep their data. That’s what Ducktoes specializes in.