Well, it looks like this holiday season’s first spyware epidemic is underway. This time around it happens to be a sneaky little critter known as Spyware.ISpyNow. On a Vista machine it manifests itself in the highly clever form of a spoofed security alert, which directs users to the page of fake security product which it claims will solve the problem. I presume the scam from there is to get panicked and desperate users to punch in their credit card numbers, which the scammers can then use for Nefarious Purposes.
So, solution. (Note: this solution is Windows Vista-specific and I don’t know if a similar solution will work on other Windows flavors.) Here’s what worked to clean up the Vista machine I’m on:
0.) First go grab Unlocker here and install it.
1.) Navigate to C:\Users\*USERNAME*\AppData\Roaming\Google. You’re looking for the file dvvm.exe (that’s two v’s, not a w: delta victor victor mike) and one associated .dll. I don’t know if they’re always in this folder or not, but that’s where I found them on this machine.
2.) Highlight both files (I don’t recall the .dll name, as I foolishly didn’t write the name down before nuking it. Sorry. ) Right click on them and select “Unlocker” from the right-click context menu. From Unlocker’s drop-down menu select “Delete” and hit ok.
3.) At this point, Unlocker should give you a message about being unable to delete them at the moment (they’re locked, but trickily enough they’re locked by a well-hidden process that Unlocker can’t see.) Unlocker, however, is smart enough to schedule them for deletion on the next reboot. Tell it to do so.
5.) You should now be clean.
6.) If you have any other info to share that might be helpful to others with this bug, please do drop it in the comments. Of particular interest might be whether this method worked for you and on what OS.
Thanks to Cedric ‘Nitch’ Collomb for his awesome Unlocker util.
List of what else I tried and how I arrived at this solution in a post to follow, if anyone’s interested.
UPDATE: forgot to include the Unlocker link. Oops! Added.