Scumware, plain and simple.

One of my users got hit with spyware today. It seems they went to a website that used either an ActiveX or popup javascript to drop an .exe file in their Temp folder at 8:59AM. This .exe then went to work and by 10AM his PC was infected with eZula, eXact search, WhenUsearch, MaxSpeed, Bargain Buddy, and about 10 other spyware/adware programs. I was able to get it clean after a few hours of work, I think, thanks to a combination of a lot of Googling, AdAware, Spybot Search and Destroy, and the background info provided by TrendMicro on the original culprit, WinWildApp, which in turn helped me find the file and process that was restarting itself and downloading new stuff as soon as I tried to put it back on the internet!

Now I have to figure out what IE or other setting let this f#$%^r get downloaded in the first place, and how that setting got overlooked or changed. Needless to say, I am not a happy camper!

By the way, the fact that one of the very first popup ads these wonderful little programs brought up on his PC was a warning that he had been infected with spyware and a link to a cleaner made me even angrier!

Similar Posts

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.