Exorcising a possessed PC

Got your own spyware horror story?

Our local church's youth director called to say his computer was doing strange things, popping up ads and redirecting the browser to Web sites he had never seen. Three of us try to keep his computer up-to-date for him, and one of the others went to take a look. He found a number of spyware components and discovered the browser was redirecting to adult Web sites. After trying to remove some of this, he cleared the browsing history. (Unfortunately, he forgot to print out the log so we never found where the problem originated.)

It seems someone had entered the youth director's office when he was off for a few days and visited several gaming and porn sites. We suspect some of the youth, but have no idea who specifically.

My counterpart did the best he could, but the problem steadily got worse. A friend and I ran a combination of Spybot - Search & Destroy, Ad-Aware, Webroot Spy Sweeper, AVG Anti-Virus, Trend Micro HouseCall, Pandascan, Norton AntiVirus, HijackThis, and everything else we could find. One scan revealed about 3,000 problems. We ran the same scans in safe mode, and I even reran the same scans in various orders.

The computer continued to lock or redirect when opening Internet Explorer--the only browser the rather un-computer-literate youth director knows how to use. Firefox seemed to have better results, but the problems continued. Some of the stuff was just plain nasty, including pop-ups for some stomach-turning porn sites. The poor guy couldn't get any work done, and no matter what programs we tried, the problem escalated. The spyware even began opening IE and trying to access Web sites when we launched our antispyware programs. It was as if opening one of those programs triggered the problems.

We tried System Restore to no avail. We thought of calling the Catholic church down the road for an exorcism, but the preacher wasn't amused.

After three weeks of battling with this and dealing with wounded pride over not being able to gain any advantage over the invaders, we finally burned all his critical files to disc and reformatted the machine. It still hangs up at strange times, but at least it's workable. I sure hope I never find out who used his computer inappropriately.

-James
Louisiana, U.S.A.

Reply from the Download.com editors:

Whatever programs the youngsters acquired by visiting adult sites definitely brought the devil directly to your church's doorstep. Many of the nastier pieces of spyware on the Web are engineered to detect the presence of antispyware programs and react to them in one way or another. A reformat is never fun, but after weeks of fighting a particularly fierce invader, sometimes it's better to cut your losses and bring the system back to square one.

We hope the preacher has learned the importance of password-protecting his computer (or at least not letting kids in the youth group use it). Alternatively, Download.com's Parental Filters subcategory is full of applications that let adults block sites by name, content, and keywords; many will also let you disable Web-browsing programs entirely. Younger children and teenagers often underestimate malware or are ignorant of it altogether, so before they hop online, it's always a good idea to educate them about potential threats and set some clear ground rules.