My step-son Matthew brought over his girlfriends laptop for cleaning up. It seemed to have a large number of windows popping up and mading her life impossible when using the computer. Scanning showed no viruses (yay), however using Ad-Aware it had 377 trojans and spyware. I purged and rebooted and it went down to 159. I used Spybot and got the number down a bit. Unfortunately the pieces left were very nasty (about 37). They hooked so tight into the OS that it was impossible to remove with anything that I could use. As fast as I removed pieces they re-appeared. Some of them denied me access and I was using the admin id! Part of them hid from the system somehow and didn't show up on the list of active tasks. Safe mode is absolutely useless. The spyware (SSK.EXE was one) still runs. What use is safe mode when crap is allowed to run. I went to command line mode and when I tried to delete the programs it told me that it was running... in safe mode! I want a mode that goes line by line and asks me permission to run!
I got desperate and tried a few Linux distros that had HPFS support. Unfortunately I could not get the RW option to work on her drive. It looks like she will have to use Knoppix to backup her data to CD and then wipe the drive and do a clean install.
The only thing she did was to click on one of the files Matthew downloaded before they scanned it. It took over her machine so fast and thoroughly that it is not funny.
Microsoft why do you allow your OS to do this? Why can't you set things up that a normal user cannot totally screw up the OS? I understand that users don't want to have an 'admin' id and a normal one, but, at least force a few more screens asking if they are sure and then ensure that it is a real person keying in the reply and not a program.
Upside is that I now have two people who may now listen to me about Linux. They can keep windows for the stuff that isn't on Linux, but, use Linux for everything else and they won't get screwed over as bad by the next Windows virus/trojan.
As for the trojan and spyware makers, YOU ARE SCUM! Any moron can wreak havoc on a machine and own it. Try something difficult, make a useful program that the user can uninstall when they don't want it.
Matthew is backing up the laptop and will be re-imaging the machine again. This time he plans on turning up the security to a higher level. Namely dis-allowing a normal id admin functions, up-to-date virus scanner and several free sypware scanners. I also gave them a copy of Knoppix just in case.