Over the past month, myself and several acquaintances of mine – all with ThinkPads have been infected with a similar trojan/spyware infection. This trojan constantly opens up windows telling the user that the machine has been compromised and opens up an IE window directing the user to order a particular virus scan program.
For the most part, the trojan is more of a nuisance than a critical problem – the computer will still function despite the annoying prompts. However my infection was severely worse in that the trojan disabled control panel, task manager, and even locked me out of editing the registry. This meant that I couldn’t remove the trojan either with an anti-virus program or manually.
When I was first infected with the trojan, I needed to pay someone to recover data and reinstall the machine. The second time – yes it happened twice – I was able to handle it myself, though the process was still time consuming. If you’re having trouble with your thinkpad, here are my suggestions for the homemade nuclear option:
1. Backup Data Files: Fortunately I recently purchased an external hard drive (I can officially recommend the Lacie Rugged line). As far as I can tell the trojan will not be transmitted through an external backup of data files.
1a. Backup Installation Files: If you have “must have” programs on your machine, it’s sometimes useful to save the installation files so that you don’t need to spend time redownloading everything. Furthermore, if you’re using a free anti-virus or spyware program, you’ll probably want the latest versions installed immediately as well. Even with the trojan, you should still be able to download the exe files and backup to your hard drive.
2. Reboot Computer, Press F11 While Rebooting: This will effectively wipe your machine to the system defaults from when you first got the computer. Yes, you will need to reinstall all programs but you’ll also find your computer will work faster.
Like I said, this solution time consuming and it’s technically not really a “fix” in that you’re wiping your machine and starting over. However, I can say that it works and you can do this without paying anyone.
As a final aside, I should hope that none of my Loyal Readers are gullible enough to shell out the $50 to purchase the advertised anti-virus program. The techie who fixed my computer said that there were people who did get the program, and surprise surprise, it didn’t help.