Computery badness

It’s the logic board that’s shot, not the power supply. I’m not sure why Apple doesn’t call it a motherboard like the rest of the world – uh, scratch that. I do.

It’ll cost $708 after taxes to repair. That’s still less expensive than buying a comparable used iMac off eBay, but a lot more than a $160 power supply.

Child Three is in Ontario somewhere or possibly LaSalle. Regardless, I can use his Windows 7 computer and his superchunky gaming keyboard while he’s gone. It practically sounds like a typewriter.

Upon opening Chrome on the boy’s computer, I was besieged by ads and in-page dialogue pop-ups. He had adware/malware infecting his system and this was not an easy problem to solve.

Some of it was branded as from the YTubeAdsRemover extension but when I opened Chrome’s extensions page, I got a message that it was “Installed by enterprise policy” and there was no way to disable it there.

It also doesn’t show up in Windows’ “Uninstall or change a program” panel (snappy name, that). What does show up there are some suspicious programs. I deleted those but it didn’t solve the problem.

A Google search leads to a number of dubious choices, especially when this insidious adware is planting false links.

After a couple of false starts, I found one thing that did work – maybe two.

The first thing I did was download and run Junkware Removal Tool, which a few reputable sources recommended. It did this:

~~~ Services
Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack

~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\addonsframework.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\buttonsite.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthost.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software \installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes \Toolbar.CT3309762
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1c3e43b0-c3b0-468d-a56b-13748674893a}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}

~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\magnipic"
Successfully deleted: [Folder] "C:\Program Files (x86)\movies toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\ Programs\optimizer pro v3.2"

I’m sure that rid the computer of all sorts of crap, but it didn’t solve the YTubeAdsRemover problem.

This Malware Tips page, however suspicious it seems, did. Thank you, Stelian Pilici.

I stopped at Step 4. Step 5 is downloading more software to make sure there’s nothing else left and that was a step I wasn’t willing to take. I figured if the problem had not been fixed, I’d know. So far, so good.

2 thoughts on “Computery badness

  1. I spent most of my time in Tiny Town (I’m back in Basementville) working on the Old Man’s computer. Then his wife wanted me to work on hers and hook her up to FB. What a flippin’ nightmare FB was (and I hate Vista and her computer is from the late 1980s, like your musical taste). I mean, they have to call you to confirm your identity? Whateves. The old people are happy, regardless, and I got some roses pruned and one cat captured, groomed, and caged for the ride over the mountains.

    Don’t stop at Step Five. I’ve been using Malwarebytes for years and it is very effective. I don’t know anything about Hitman (just Hit Girl), so I would stop with MWB.

    This may seem like a dumb question, but did you install an AdBlocker? I switched the Old Man to Chrome and blocked ads because they are very deceptive (particularly to 85-year-olds) and he kept downloading stupid shit that was supposed to speed up his laptop. Yeah. Right.

Leave a Reply

Your email address will not be published.