A friend of mine had a serious computer issue today. His machine would not even boot to XP – he was getting the great “Please insert Original XP disk and select ‘r’ for repair”. Well since this machine runs his finance (web browsing for banking) and also his quicken, he needs this thing to work.
After making an image of his machine and then booting to my favorite Knoppix flavor, I backed up all critical data and started to play. After a few file renaming on the /system/config/system files I was able to get XP running again. Once I had the box up, all the crazy stuff started.
when you opened a browser all it did was go to http://here4search.com I did not realize that this is on heck of a great spy ware (hi-jack) application. After some great google searching I found a few articles that explain how to kill this thing off.
Before I started on the above process I went out and did the usual (downloaded firefox) browsed with that instead of getting tons of pop up’s. Tried to run windows update (I guess the hi jack program stops that) .Downloaded Ad-Aware, that did not find the program. I even downloaded the new MS Spyware program.
My favorite part of the night was when I started Ad-Aware the system decided that it was going to be shut down remotely via rpc…. This happened twice during an Ad-Aware scan.
To be continued ……