title: SDFix: A Magic Bullet for Virus Infected Windows link: https://onemoretech.wordpress.com/2008/03/28/sdfix-a-magic-bullet-for-virus-infected-windows/ author: lembobro description: post_id: 549 created: 2008/03/28 06:39:58 created_gmt: 2008/03/28 06:39:58 comment_status: open post_name: sdfix-a-magic-bullet-for-virus-infected-windows status: publish post_type: post

SDFix: A Magic Bullet for Virus Infected Windows

Even when I am on Windows, I don’t use IE much, so it’s rare that I get a virus on any of the machines I run.

Unfortunately, even the most diligent practitioners of “safe computing” get hit sometimes. Which is what happened to me today.

The trojan that ensconced itself on my work laptop was particularly annoying, installing an “anti-spyware” and “privacy protection” toolbar in IE and continuously popping up a window warning that my machine had been infected. It also made some fictitious spyware vendor URL my homepage.

After messing around with it for a couple of hours, I threw the machine in its bag and called it a day.

It wasn’t until around midnight that I decided to tackle the problem again. After tabbing through IE’s options I was able to find three suspiciously named add-ons, that led me to do some spelunking in the registry and filesystem. Eventually, I was able to clean up a bunch of bad stuff, but the main trojan (masquerading as a friendly anti-spyware app) was still banging away.

Some Googling around led me to a download link for Andy Manchesta’s SDFix. It turns out that the utility is really a combining of several top drawer apps that very specifically target some especially nasty infectious softwares. The instructions looked pretty straightforward, so I decided to give it a go.

Not since the days of the first free version of F-PROT have I seen a utility work so thoroughly and completely to remove a particularly bad infection. Within no more than a half hour Andy’s creation had done its work, only leaving me to deal with a manual change of my home page from the fake spyware vendor’s URL to my company’s website.

All in all, not a bad ending to what could have been a really annoying story.

Copyright 2004-2019 Phil Lembo