At 10 am Big Steve called me in a panic about some kind of virus that had hijacked his computer. As luck would have it I had installed logmein on that computer so I was able to quickly log into his Vista PC and see what was going on.
Sure enough, something had replaced his Internet Explorer homepage and wouldn't let us change the home page back. Plus, he kept getting pop-ups saying he had viruses along with offers to buy software that would fix it. It was the old break-it and then sell software to fix it scam.
1) When opening IE, the browser starts at about:blank, but they quickly switches to "asafetystep.com" along with a pseudo pop-up telling us we have the W32.Myzor.FK@yf virus.
2) Bubbles open in the system tray waying we have a trojan horse.
3) Clicking on the bubble open a window asking us to buy software.
4) OS = Windows Vista
5) 2 Programs; isfmm.exe and isfvm.exe (I think) are running on the PC. If I kick either process, it starts again.
6) The 2 above programs are in C:/Program Files/Video-add ons/ and I cannot deletet them.
7) I cannot delete any IE add-ons.
8) I see an IE toolbar called "security toolbar 7.1" that I can't get rid of.
Step 1. Steve's Norton Antivirus had expired a long time ago so we renewed his subscription to Nortion 360 and did a full scan. This found and fixed 2 "issues" but didn't solve our problem. Worse yet, in the checkout process while buying Norton 360 it tricked Steve into buying something called "Extended Download Service" for $9.99. I don't know what that is, but I know he didn't need it.
Step 2. Installed SpyBot Search & Destroy from www.cnet.com. Ran it and it deleted a couple of dozen pieced of spyware. But this didn't solve the problem.
Step 3. Downloaded hijackthis from http://www.merijn.org/ and ran it as administrator by right clicking on the executable and selecting Run as Administrator. In the output tool I deleted all entries with ifmm and ifvm in it. Rebooted and all was well.
Step 4. Deleted the directory C:/Program Files/video Add-ons/ and emptied the Recycle Bin.
All in all it was about 3 hours effort. I tried other things that didn't work and had to reboot about a couple dozen times. I only logged the steps that seems to have some value.
The lesson learned is don't download stuff you arent familiar with, keep antivirus/spyware programs up to date and hijackthis is a great tool.