If your Windows wallpaper looks like this, stop what you’re doing . . . and don’t click on the "CLICK HERE TO SCAN YOUR PC FOR SPYWARE…" link! Your computer has been infected alright, but if you click on the link, your computer will become even more infected.
I recently disinfected a badly infected desktop PC that had been infected with, among other things, a trojan horse whose payload was especially pernicious and persistent. It’s called Vundo; the PC was unuseable when I first had a look at it. Internet Explorer had been hijacked, refusing to go anywhere but a few sites, including one that claimed to fix infections, but was a dispenser of even more infections. Everything executed slowly.
Phoney popups kept appearing, claiming that the computer was infected and that the user should click on the link to disinfect it. The desktop background, with a dark blue background, made a similar claim, with a link embedded in the background. I found that the PC kept trying to send packets (containing what? account information? passwords?) to an IP address that apparently exists in Russia.
It was impossible to invoke XP’s Task Manager with ctrl-alt-ESCape, and regedit.exe wouldn’t run. (Both attempts met with a message that the Administrator had disabled these functions.)
Eventually, after many hours, I cleaned the PC, but with the benefit of hindsight, I should have reinstalled Windows and started with a fresh installation. It’s becoming increasingly difficult to declare a PC clean of all infections, since if you remove one vector, it may soon become infected by another vector.
The moral of the story is that you must keep your anti-virus and anti-spyware programs up to date, as well as keep your copy of MS Windows up to date (Start -> All Programs -> Windows Update). Most importantly, bring a healthy dose of skepticism with you when you surf the web: nothing on the Internet is necessarily what it says it is. Make websites and people prove their validity before you believe them.
Visit my website: russbellew.com