I had what was apparently a pretty bad infestation of spyware crud on my Win XP box. Aurora, Limewire, some other stuff. I couldn’t clean it out myself, gave up, and got a referral on a local tech guru.

He showed up, took one look, and said he had to take the system to the shop or I wouldn’t like the bill. I let him, and he brought it back clean two days later, with a bill for $180. Seems clean, and he added some blocking on installs, and updated my patches.

Was this pretty typical? I lost days here. Bill wasn’t bad, considering.
_________________
Joe

OK, so I’m still learning all this %$#!!

Typical? Sounds quite reasonable. Could have been much more expensive. You lost days, but saved money, because the tech didn’t attempt to clean the system in your office. If he had, he would have run a series of cleanup programs, some taking 15+ minutes to run while he attempted to look like he was doing something. For some items in the autoplays, he would have needed access to another computer to do searches for identification and for more specific removal tools that take out single programs–Aurora is one of those, that the general-purpose tools don’t take out.

Overall, it’s much easier to do this back at the shop, with reference materials handy, another PC for patch downloads, a high-speed internet connection for patch updates, and most important, the ability to walk away while the scans run, because you really do have to run multiple tools to clean up the mess. Onsite, you probably would have had to feed him lunch. Maybe dinner. Rented a room. Offsite, he could keep working on other projects, and not bill by the hour while he did other things.

Did another spyware cleanup today. User reported that a spyware cleanup tool appeared immediately after running Windows Update. Guess: the update process changes some Internet Explorer settings back to defaults (known), and at that point, a third-party toolbar sitting in the “c:\winnt\downloaded program files” was able to run a delayed install.

Moral of the story: Empty the downloaded program files before running Windows Update. Easy method: use Drive Cleanup, from My Computer, Control Panel, right-click on the drive, choose Properties, Tools (tab), and Drive Cleanup. Or just navigate to the folder and wipe out the contents manually.

Yes, indeed. Very clever, these spyware authors. Working on a cleanup, found a spyware component, turned out to be part of Aurora, that the usual cleanup tools could find, but only could remove on restart. Restarted, and amazingly, it’s gone. Only not; it has a new name. Seems this one randomly renames itself on shutdown, so the only way to delete that file is to cut power, restart in safe mode, and delete it. Got Aurora? (It pops up ad messages with ‘Aurora’ on the task bar.) Don’t do it–there are also some other self-repair features involved in Aurora, and it’s not enough just to get that file. Do a Google search for ABIremover.zip and the instructions that go with it.

On the same system, found viruses galore, mostly trojans. And Bube, and Home Search Assistant, and a few other self-healing malware delights. Truly a combo platter. Took multiple passes to turn the doorstop into a computer again.