My computer kept trying to install something called “WinAntispyware2007” and I kept denying it.
But somehow this program got in there anyway…and I can’t delete it, can’t uninstall it. I can get rid of certain elements, but others are somehow protected.
Now, I had a really hard time uninstalling a virus program that I had bought and installed myself (Norton, I think it was) when it was working against my Windows program. But this one is really persistent, and it got through my firewall and actually changed my protection settings.
It seems to enter computers mostly via outdated Java platforms.
Here you can find detailed removal instructions (lavasoft site). It is directed for a specific user, as you can see, but the instructions seem to be general enough. Basically, it requires updating your Java, and running HiJackThis.
You probably clicked on a link that took you to a site that installed it without your knowledge. Your browser has permission to pass through your firewall, so everything you visit has your permission as far as your firewall is concerned.
What I am trying to figure out is–what changed? I got this firewall, and for two years I had no popups and no attacks from malware. Suddenly yesterday everything changed. All sorts of popups, and now this “antispyware” thing that’s taken over my computer.
So what happened? If I knew, I’d feel more competent to remedy the situation.
(This is on my Windows XP machine. I am currently using the Mac, which is clean. That’s the only recommendation for the Mac so far, otherwise I hate it.)
A firewall offers scant protection from spyware. It usually enters through infected programs that are downloaded (music sharing, screen savers, animated cursors, gambling, porn; just about anything that seems really cool *and * free) or by clicking on a link to website that runs an Activex program on an unpatched PC to install the malware.
As far as getting rid of it, you probably have a new variant of the Vundo trojan. There is no silver bullet that will remove it cleanly and easily. Try going over to the Bleeping Computer forum and post a HijackThis scan log. Do not delete anything in the log, it is not all spyware, and you could render your PC into a doorstop if you delete the wrong thing. They can analyze it and recommend detailed removal instructions.