The user complained about multiple popups, computer running slowly, internet home & search pages changed, etc. I knew right away I was in for a good time. Arriving at the machine, I had to disconnect it from the internet to even be able to work. I still got popups every few seconds, turning into blank IE windows after I unplugged the cable.

Luckily I had come somewhat prepared with some spyware removal tools on cd. Ad-aware, spybot, and hijackthis, among others. Found out he had 180, WhenU, mywebsearch, and a few others I don’t remember off the top of my head.

The really bad part was, everytime I tried to start a scan with Ad-Aware, the spyware software would initiate a shutdown command. I was able to counteract this by issuing the “shutdown -a” command, but I had less than 10 seconds to do so when I saw the shutdown notification appear. I had to sit in front of the machine throughout the whole scan. Scanning with all 3 tools took about an hour with reboots, then add on top of that another 2 hours of removing files and registry keys manually, as much of the spyware kept regenerating itself.

I’d say I’m 80% satisfied with the removal. You never can be sure with this spyware crap. I guess it’s nice that I get paid by the hour, but honestly something needs to be done about these sleazeballs who deliberately create nearly impossible-to-remove software. I’ve been in the computer industry for over a decade, and I keep up with it. If it takes someone like me this much trouble to remove something, where does that leave regular users?

After a previous bad infection, I decided to kill System Restore and rely on other mediums for backup. I burned DVDs of crucial files and even kept an offsite CVS server of my documents. I had one harddrive backup of the entire disk, however, stored on my shelf. The disk was identical to my current disk.

After enough random software and web-surfing, I had acquired VX2. I thought, oh well, I’ll just use Adaware. This was before there was a quality VX2 cleaner, mind you. Adaware ran, cleaned it, but on its way out, VX2 took out my LSPs.

There were enough other issues after this point that fixing it was impossible, at least for my talents. So, I decided I’d pop the other identical drive and copy over any updated documents. With a rare BIOS revision trouble on an nForce board, the computer believed the drives should be run in RAID on boot. What happened there? It started trying to force the two drives into striping, completely destroying all the data on the disks.

A series of unlikely happenings, leaving me data-less save for a lonely CVS server of documents that hadn’t been recently updated.

Would I have made the same mistakes now? Not likely.