infected!
i was a foolio. i downloaded a keygen so i could try a program i wanted to use for free…downloaded from a suspicious site and i was dumb enough to run it. right as i clicked it i was thinking “gee, i hope this isn’t…” then i saw it open a command line prompt, do a few funky things, open up Internet Explorer and wham! we were infected. not technically a virus (b/c it’s non-destructive), but with spyware b/c it kept giving me bogus reports that my computer was infected and sending me to their bogus websites so i could pay to remove it.
it creates a very well-hidden little process (in this case, c:\windows\system32\d6bdef32.exe – a randomly generated filename) that continues to spawn new malware files. you can delete them, but they come right back.
after much annoyance, i think it’s finally gone. thanks to ediwo anti-malware, ad-aware, spybot search & destroy, hijackthis, ccleaner, and smifraudfix for helping me to diagnose & get rid of it. it was a major pain in the ass, and i even know what i’m doing.
in the end, IE is a major culprit. it’s like a permanent backdoor into your computer. there’s no easy way to disable it – if you delete it, it comes right back. i found a pretty good workaround from Quick Tip – How to disable Internet Explorer in Windows XP:
1. In IE, go to Tools>>Internet Options.
2. On the Connections tab, click the LAN Settings button.
3. In the resulting dialog box, select the following check box in the Proxy Server section: Use a Proxy Server For Your LAN (These Settings Will Not Apply To Dial-up Or VPN Connections).
4. Enter 0.0.0.0 in the Address text box.
5. Enter 80 in the Port text box, and click OK.
as if you didn’t already know (*c* knows): don’t use IE, use firefox. don’t run programs you don’t trust (or at least scan them first).