MalwareBytes.org's Anti-Malware was next up, and while it found hundreds more things wrong with the system, it still hadn't resolved the s.exe appearance. Doing a manual file search on the system revealed a "s.exe" in the Windows\Prefetch folder, but deleting that didn't fix it, since the exe started up again on the next boot. This was evidently a dummy file, put there to throw novices off the scent.
Finally, Avast! was installed, and virtually right away freaked out with virus warnings. A scan was started, and it found malicious processes running in memory that couldn't be removed except by a boot-time scan, and so it was ordered, set to move all malicious items to the "chest," Avast!'s version of quarantine.
While I was coaching my friend on the phone through all of this, I went to ProtectionReads.com on a whim to see what exactly it was, and right away Avast! alerts flooded my screen and blocked the site on from displaying, citing at least three immediate infections one's system would acquire by simply opening the page. I suggested my friend change the passwords to any websites he logged into on that laptop when he next got to a clean machine.
Finally, after the boot-time scan, the system seemed to be back to normal. The last step was to run RegScrubXP to get any remaining potentially bad registry entries out of the system, and to make sure the fat (null entries) was trimmed along with it.
It is still amazing to me that people can accumulate this much malware and have no clue it's even happening. Having reliable, thorough, real-time monitoring security software and learning what to click/not click is growing more important every day. If you opt not to get the programs mentioned in this article (all of which are free), I advise you to get something equivalent, keep it up to date, and use it regularly.
![Bitdefender Internet Security 2009 2Yr/3Pc [OLD VERSION]](http://ecx.images-amazon.com/images/I/51c8XcJ4LnL._SL120_.jpg)
Article comments
1 - Mike Duncan
Mark,
I would very much like to provide you with a complimentary SUPERAntiSpyware Pro license for your use/evaluation. Please let me know if you are interested and where I may send a license to.
Also, our labs have had a tremendous amount of experience dealing with the issue mentioned in your 3/21/09 blog. I am happy to put you in touch with them if you'd like.
Thank you very much,
Mike
SUPERAntiSpyware
2 - PP
Great Article! I will try to spread it around "Beware of this hostage-ware" from...