*(#%&*( Malware! - The Saga Continues
 

Last night, I decided to delete all the unnecessary software from my system. This included Logitech's SetPoint software -- Logitech mice work just fine with Microsoft's default USB mouse drivers. I deleted SetPoint from Control Panel/Programs folder, i.e. using the installed undelete routine. Everything seemed to go fine and I rebooted.

This morning, my mouse started freezing; I'd also hear the Device Disconnect and Device Reconnect sound. I decided to re-install SetPoint, so I downloaded it from the Logitech website. The following weirdnesses happened:

1. I ran SetPoint directly from within Google. The SetPoint installation started, but then indicated that a "newer version of SetPoint" was installed. Odd.

2. I decided I would re-run the program. I opened my download directory (which sets on a network drive -- I don't use "My Downloads"). The SetPoint software wasn't there or, at least, it looked like it wasn't. I went back to Google right-clicked on the downloaded file and choose, "Show in Folder." There it was! Checked Explorer again, and it still didn't show.

3. I opened RegEdit and started deleting all keys that referenced SetPoint. I figured that, if worse came to worse, I could just do a system restore if I screwed up things to badly. Needless to say, there were dozens of keys that referenced SetPoint, and I started deleting them one-by-one. That is, until I came to a set of keys in LocalComputer hive. When I tried to delete them, I got a "Error -- could not delete key value" message. I opened Services to see if anything looked like a service that might be referenced by the recalcitrant key, but nothing did.

4. Hoping I had deleted enough SetPoint references to enable the software to be re-installed, I rebooted, then ran ccleaner on the registry, and had it delete all errors. I then re-installed SetPoint, it ran fine and, now, I don't seem to be having the freeze/disconnect/reconnect issues.

I can only assume that the malware I fought two weeks ago may have installed a key-logger (or else Mrs. PTravel has, once again, surfed to some malicious drive-by site). I'm going to reboot into safe mode and scan the computer again with the virus software that I have and see what it finds.

I'm getting REALLY frustrated. I have neither the time, patience nor interest to deal with this.

Sounds like you can either keep putting up with this kind of thing or just wipe the whole PC and reinstall windows.

Yeah, I was thinking that. That's a HUGE undertaking, though. I've got hundreds of things installed on this machine -- not just programs, but individually purchased and downloaded plug-ins for my music, photo and video editing software. It could take me days.

Wipe the machine. Whatever you caught isn't going to go away.

Oh, and get Mrs. PTravel a Chromebook.

Which huge undertaking would you prefer: backing up and reinstalling things once, or continually fighting the malware? I know which one I'd rather have.

Chromebook sounds like a solid choice. Or put Ubuntu Linux on a computer for your wife to use.

PTravel ... Once I ran into a particularly virulent piece of malware. I believe it was in the Virtumonde family of trojan/virus.

It actually snuck a stub of itself in the boot area of the hard drive. And it reappeared after doing a wipe/reload!!!

I ended up having to do a low level format of the laptop hard drive to get rid of it.

So, I feel your pain and wish you luck in resolving this.

The problem with a Chromebook or a Linux box is space -- we have a tiny, cramped apartment, and the only really comfortable place to sit at a computer is in second bedroom/computer room/music room/man cave. Whether I wind up wiping the computer or not (I'm going to see how it does after the safe mode scans and cleanup I did this morning), I think the best approach is a virtual machine set-up under Win7 on my primary machine. That would just require a single icon for Mrs. PTravel to click and I could even put FireFox (her browser of choice) in the start up folder. I'd give it internet access and access to a printer, only, and no file access (though maybe I'll stick a USB drive on the computer or the LAN for her to use).

My boot drive is an SSD. If I have to do a reload, I'll re-partition the drive -- I think that should handle the boot issue.

Scorched Earth Troubleshooting is in order here. Even if it isn't malware, the cruft you will remove will make it worth it. Windows is notorious for "bit-rot" and before I joined the enlightened, I would wipe and type once a year or so. It was always worth it to me.

Maybe there's already a rootkit on your machine, and the sure way to get rid of it is wipe and reinstall with a genuine disk. For me, it's faster and easier to reinstall than repeat the scan/repair cycle and hope it's clean.

I have been doing this for many years, but my approach is slightly different. I put the important work in the virtual machine and treat the physical machines as disposable platforms. If the hardware malfunctions, just transfer the virtual machine to another physical machine and resume work. Another plus is that it's easier to lock up and protect the virtual machines. There are limitations on 3D rendering, but all other tasks work just fine as on physical hardware.

I am decidedly minimalist wrt software configuration. I usually use the OS's built-in driver over SetPoint, unless I need to tweak the button functions. Fewer software means fewer vectors. This especially applies to plugins like Adobe Flash and Java. I would install them only if I really need them, and set the browser to "click to play" the plugins instead of automatic.

If the missus only uses PC to web browse, can't it be done on a tablet? Surfing Chinese web sites on a PC is risky. One wrong click and you get a new zero day exploit and root kit.

She's grown found of the 32" 1920 x 1200 display that is on my primary computer. I've tried to switch her to other machines in the past, but she won't do it. I've got a tablet for her, but she doesn't use it and wouldn't want to use for surfing.

Have you tried flushing system restore?

Woops! Disregard - misread the reference to "restore".

Second this. When malware is too deeply embedded it's easier to wipe than to be sure you got every last piece.

Why not (after you reinstall) just setup a user account for Mrs. PTravel with limited privileges. That's much simpler than getting another computer.