My old laptop was hosed. Couple weeks ago I noticed something strange going on, particularly sometimes it will pop up IE windows when I have not clicked on anything. The situation got worse, when I tried to do a system restore on XP, reboot, and a “Spyware Protect 2009” program automaticlaly started up. This user interface very much like a Microsoft anti-virus program. Then it says my laptop was infected with all kinds of programs: such as LdPinch key logger blah blah blah.
Hmm, being a software engineer, I know something fishy is going on there. So I stopped the process and googled “Spyware Protect 2009”, and here is some information (one and 411-Spyware.com). Looking through task manager, I found sysguard.exe. Killed the process. Delete the sysguard.exe.
I don’t know how my laptop got infected with sysguard. Restoring XP appears to be the direct cause, but I think another reason could be I was using uusee (a Chinese online TV program), so I went ahead and un-install it too (sorry no bias against my home country, but there are too many spyware/adware going on in some Chinese web sites).
Mission not complete yet
Did all this, plus running the virus scan software. Looked at .\Windows and .\Program Files for suspicous files. Looked at Registry for suspicous entries. But I am still seeing the stupid adware such as “atdmt” and “yieldmanager” (specificclick, doubleclick) cookie in the “Temporary Internet Files” directory. For now, I am going to use Firefox, while continuing monitor the situation. I would be careful NOT do any online banking on my old laptop for now.
The war against Spyware is to be continued…of course, the nuclear option, as always: backup files, format the hard drive, do a clean install.