Saturday, July 03, 2004

Kill all spyware makers!

Well, the title says it all doesn't it? Yesterday I received a panicked phone call from Mel saying my computer wasn't working right. Something about an error with winlogon.exe after a reboot.

"Great" thinks I. Sounded like either my computer was close to dying, or a nasty piece of spyware had installed itself.

Thankfully my machine sits behind a transparent proxy on my LAN, so I could go back through the logs and find out exactly what had been installed. I found it was a nasty piece of crap from look2me.com, which judging from my squid logs, tries to push info out to their server at regular intervals after it is installed. Anyway, I proceeded to google for a fix. Which I found and used, fixing the problem. Strangely, the 'fix' was in fact a look2me.com provided uninstaller. The uninstaller was the only part of the whole thing that actually worked.

The mystery still remains, HOW did it download itself and install itself on my PC. XP is fully patched and up to date. The firewall my box sits behind is very restrictive, and we don't use IE for browsing. I'm stumped.

I've got a theory, it could be bunnies...

No comments: