1/3/05

Spyware/Adware Removal Disables XP Pro

When my daughter came him from college for Christmas break, she brought her Windows XP Professional computer with her. She also brought some problems.

The computer worked find at school. But, when she installed it on our network, the first thing she noticed was she had no network connectivity. She could "see" other computers on the home network -- the "network neighborhood -- but could not "get out." Neither could she connect via TCP/IP to other systems on the home network. Having just recently dealt with similar symptoms on a Windows 98 system at home, I suspected spyware. Sure enough, when I installed both SpySweeper and SpyBot Search & Destroy, they reported numerous problems. I cleaned up the problems, and ... well, it was still broken. Remembering what I had just recently done with the '98 box, I tried to remove TCP/IP from the system. But, this is impossible (as far as I am able to tell) under XP. It is "an integral part of the system" and cannot be removed.

To make a long story short, I fiddled with the registry, and promptly broke things worse. Now, networking was completely broken. All I wanted to do was to reinstall the networking components of Windows. Simple, no? Simple under UNIX. Not in XP. It looked like all I could do was to reinstall Windows XP, and the only way to reinstall is to first format the partition. All her CDs of installed software were back at college. I saw that as an absolute last resort. (Although, with the working CDRW drive, I could have copied off her personal files and settings.) My friend Rick (back at DEC, when all else failed, we'd get him to lay hands on a seemingly dead computer to bring it back to life) offered to play with if if I dropped it off. I was reluctant to make the drive to Northern Virginia. I hated more to take up his valuable time (of which he gave a lot when I was struggling with the '98 system).

Another friend, Peter, came by with his family on New Year's Day. He inquired after my daughter's machine. I said, "Still dead... want to take a look before dinner?" After fiddling around until "Dinner!" was called, he made a suggestion: import good registry entries from my working XP Pro machine. A week ago I had run a program Rick found that claimed to add good registry entries to replace broken ones. I am not sure what entries the program replaced. I replaced, exporting from my registry and importing onto hers, (from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\) tcpip, dhcp, winsock, and winsock2. For good measure, I again uninstalled the network adapter from the hardware profile (using device manager).

The result: it works.

Today, I made these recommendations:
  1. Use Firefox, not IE. (Penn State recommends getting away from IE. I told her to keep it around for those web pages that only work with IE, but make Firefox her default browser.
  2. While she's getting away from dangerous programs, I suggested a move to Thunderbird. She can easily import her Outlook Excess settings and wind up with a better, safer e-mail client.
  3. Do not download anything (with the exception of Thunderbird and Firefox) until a spyware tools is installed.
  4. Install a spyware tool. There are a bunch. Well-regarded, among others, is Ad-Aware 6 and SpyBot Search & Destroy.
Spyware is a hot topic. My friend Dave Piscitello hyperbolically calls it your worst nightmare." Well, I can think of worse, but it is a terrible problem. As I mentioned, I had a similar problem with another computer and spyware that I discuss here. The guys at WatchGuard warn, "Marketscore walks like spyware and quacks like spyware."

No comments: