My computer got hosed for the first time by malicious code in a webpage. I now have SurfSideKick 3 infecting the registry and continuously writing new batch files to open up new browsers and windows with more malicious code. I’ve been to a dozen websites and downloaded and installed eight or nine antivirus programs, and this file and the dll files it has created refuse to be deleted.
Is there anything I can do short of reformatting and reinstalling Windows?
Have you tried the anti-spyware programs listed in the sticky at the top of the GQ?
http://boards.straightdope.com/sdmb/showthread.php?t=260053
While most anti-virus provides some spyware protection, you’ll usually have better luck with an anti-spyware program.
That was the first place I went. And there was the part in my post about having downloaded and installed eight or nine such programs. It refuses to be deleted.
I’ve read ways that it can be removed, but as I recall they involve a very long process of manually changing your registry. When I got hit with that it was actually simpler to just wipe the system and start over.
It looks like that’s what I’m going to have to do. Oh well, I suppose it’s unavoidable. On the off chance that anyone has any other suggestions, I’m open.
The removal instructions here don’t seem to bad. Certainly much easier than reinstalling every thing.
http://www.scanspyware.net/info/SurfSideKick.htm
This claims to have a removal tool.
http://www.spywareremove.com/removeSurfSideKick.html
There seem to be a fair number of useful websites to be had if you google
surfsidekick removal
I have always felt that wiping a computer and reinstalling every thing is your very last resort.
I did some googling,
Here are some sites that have instructions that may work:
MajorGeeks forum : This one is an executable that is reputed to remove the program.
Manual removal : These are manual instructions for removing it. Note: Always backup your registry before editing it.
All but two or three of the programs I installed that I found by googling “remove SurfSideKick 3” would do a scan and find hundreds of infected processes and files, but wanted money to remove them. The free ones were unable to delete the files, because they are in use and resident in memory, even in Safe Mode. The dlls cannot be deleted manually or by deletion from the registry…nothing.
The fact is that most spyware/malware is so virus like these days, and gets it’s hooks so deep into your system, that it’s often nearly impossible to completely remove (and feel confident that it’s completely gone). Or, as is often the case, the actual removal process can hose your system.
NOTE: If you got infected by malicious code on a website, you are:
A) Running an unpatched system – not keeping up with all the monthly Windows updates.
and/or
B) Still using Internet Explorer instead of a more secure browser like Firefox or Opera.
Learn from your mistakes!
Nope, I’ve got all the patches, and I am using Netscape. This is the first time a virus has ever got through, because the firewall in my router is like Fort Knox. I don’t understand it. I have only ever used IE to get Windows Updates. I hate it for its vulnerability, and never, ever use it if I don’t have to. As that page loaded, my Norton AV window popped up, and since, the computer has been hosed.
Do you have a system restore point that you can use (last week maybe?)?
How to restore the os to a previous state.
It sucks, but there isn’t any way to make yourself 100% from this sort of thing. It all depends on how usable you want the pc to be vs how much risk is acceptable to you.
Should have said:
It sucks, but there isn’t any way to make yourself 100% safe from this sort of thing.
The first time I rebooted in Safe Mode, I went to Last Known Good Configuration (it’s Win2K), but that didn’t help. Running all the spyware scans in Safe Mode turned up hundreds of infections, and while they were able to delete hundreds of them, with the exception of the SSKbho.dll and its variants, the virus is self-replicating. Every time I rebooted , it would write dozens of new batch files to launch new browsers with more infected code. What I’ve learned from reading about it is that each time they regenerate, they have a different name and registry value. You can’t find them all, and you run the risk of destroying your OS if you delete the wrong registry key. I deleted a file that had a log that said “Wait 260 seconds. Execute. Wait 260 seconds. Execute.” It’s a giant pain in the ass.
There are plenty of “antispyware” that scan your computer for free, then ask a fee to remove anything. Even worse, they often install new spyware on your computer during the scan.
You need to go to trustworthy sources. BleepingComputer is one, and they have a page on it: How To Remove Surfsidekick 2 Or 3 And Vcclient - Spyware and Malware Removal Guides Archive. This uses hijackthis, but the instructions are clear.
Also, http://housecall.trendmicro.com does have a spyware scanner and cleaner and is trustworthy. It may not find this one, though.
Finally, use hijackthis to create a log and post it at http://www.spywareinfo.com. They should be able to see anything that shouldn’t be on your computer.
Thanks, Chuck. I printed out the instructions from your first link and will try them as soon as I get home. However, I have the suspicion that when it gets to the part about deleting Surf Sidekick 3 from Add/Remove Programs, if it’s even there, I’ll get an error messge saying the file can’t be deleted because it’s in use. If that happens, screw it, I’ll transfer everything onto DVDs and reformat.
Try unlocker at http://ccollomb.free.fr/unlocker/ it lets me delete files the OS says is in use.
Thanks, Manny, I tried it and it wouldn’t give me authorization to delete the files, even though I am the administrator. I’m backing up files now, and will have to reformat. A bunch of other things have gone wonky, although all of them are related only to internet and browser issues. The rest works and I can write discs without problem, as long as I take out the CAT-5 cable from the LAN card.