My housemate brought home a laptop from someone he works with, asking if I could remove the Sasser worm from it. Well, it turns out Sasser worm wasn’t on there – MS’s tool turned up blank, but IE was crashing regularly and strange toolbars had appeared.
Since this wasn’t my laptop, rather than setting it up for our network I burned a CD with Spybot, Ad-Aware, SpywareBlaster, CWShredder and HijackThis, along with the latest Ad-Aware reference file. I ran Ad-Aware first because it had the most recent definitions and it found… wait for it… 785 suspect items. Now while a number of those were cookies, it’s still the worst spyware infestation I’ve seen. No wonder IE was crashing so much.
Spybot S&D found a further 70 items, again mostly cookies but also a BHO that Ad-Aware missed. I’ll also run CWShredder and HijackThis to be fully sure.
I’m still unsure about one thing though. The machine had Kazaa, and I’ll have removed the spyware that kept it running. So, do I:
- Uninstall it, and say that it’s evil and that he should try something else
- Uninstall it and replace it with Kazaa lite
- Reinstall it
Your thoughts please.