A year or so ago, my family computer caught a nasty virus, despite the fact that I was using Norton Internet Security, with Antivrus an Antispyware protection. It was frustrating to see that there was clearly some kind of malicious code at work, but that the software that was supposed to protect me was saying “All Systems Are A-OK”.

The problem at the time was that every time you opened Internet Explorer (there’s a topic for another post!), the browser would go off to a site called “Win-Fixer”, telling us that our machine had a virus, and that Win-Fixer was a product we could purchase to fix the problem. Can you say “Extortion”?

I suspect that the virus itself was doing things to disable the antivirus/antispyware software. At some point, you can’t do anything to locate or fix the problem. This reminds me of a term I heard good friend’s father use many years ago. He was a fighter pilot in the Canadian Air Force. He told us stories about flying the old CF-100 fighter jet. If you weren’t careful, you could get to an altitude, airspeed and attitude such that almost anything you did to try to return to “normal flight” would be met by a full stall of the aircraft. They used to call it “Coffin Corner”… once you found yourself in that state, there was almost nothing you could do to get out of it. Many pilots died before they were able to identify and address the problem, and even after it was identified, many pilots still found themselves in that same situation.

With this spyware, it was very similar. There was almost nothing you could do to identify exactly what was wrong, and seemingly nothing that would be able to fix it. I was getting to the point where I was going to have to do one final backup and re-install XP all over again.

What I finally managed to find using “Google Groups” to search for posts by people with similar problems, was the Spybot forum. It turned out that even Spybot Search and Destroy could not find or fix the problem at the time either. But a noble forum poster who had a good reputation on the forum had written a dedicated program to search out and remove all artifacts of the spyware. I don’t recall the name of the virus, but it was not what the spyware said it was… just part of the whole scheme to hide all aspects of the real problem. It took the software a good 5 minutes to chug away and eventually come back to report that the problem had been fixed.

It’s not a good practice to run unauthorized software, let alone freeware off a forum, but I had nothing to lose at this point, because I was about to re-install the operating system. In the end this fix worked.

My conclusion is that the process of locating this one piece of malicious code may have been so time-consuming that even if the anti-spyware programs could do it, the scans would have taken so long that including the scan in a normal system scan would be impractical. But if that was the case, they could have at least put a notice on their site RISKS web pages to indicate this.
So, what I learned from this is that it takes more than one Antispyware product to maximize your chances of protection. I found a good analysis on a “show notes” section of the TV show “Call for Help” by Leo Laporte. As a result of doing a search on “Spyware” I now use Microsoft Windows Defender, Spybot Search and Destroy, and Lavasoft’s Ad-aware.

I know that even these three products will not fully protect my system from every threat, so I still have to be careful of which sites I go to and what software I download, so I can avoid the Coffin Corner syndrome again.