One of the worst things about being a “tech guy” to non-technical people is that you are constantly bombarded with questions or favors and you feel obliged to give in a large amount of the time.  It’s even worse when the knowledge of your “skill” is spread to friends and neighbors of your friends whom you don’t even know.  Most of the time, especially recently (being unemployed), I don’t so much mind helping out but people definitely take advantage.

This happened today.  My dad’s friend calls me to let me know that his “brand new computer” is popping up the message “Application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?”  Followed by ads for a $70 product and his computer unable to do anything but display that message.  I offered to Google for him and print out the information but I knew he wanted me to make a house call, and 45 minutes later I was there, armed with 20 minutes worth of Googling.

Here’s how to fix your problem if you have it, since there really isn’t a good resource on Google.  But I’m also going to rant.  Also, if you stumble across this post because you’re having this problem and this solution doesn’t work for you, please move along.

  1. Boot into safe mode
  2. Launch Internet Explorer
    • Of course you only go to trusted websites and read e-mails from people you know.  Yet, here I am trying to fix your machine.
  3. Remove the fake proxy from IE
    • On the machine I was fixing, it was connecting to localhost:5555
    • If you actually do use a proxy to connect to the Internet, replace the fake proxy with the correct information.  If you don’t know what a proxy is, you probably don’t use one!
  4. Run ComboFix
    • Really all you need to do is remove %userprofile%\Local Settings\Application Settings<random 4-6><different_random>.exe but you probably have other malware and ComboFix will take care of some of it.
  5. Reboot and read the rest of my post
    • Your problem is solved for now, but a proper anti-virus tool will remove orphaned files from this malware (once they get updated).

There are a few things I think every Windows user ought to be required to know and do before they can use their machines.  This would eliminate over 50% of tech support calls, reducing the need to outsource tech support to India, increasing the number of US jobs.  There, I just solved the “jobs crisis” for a lot less.

  • Don’t use Internet Explorer (use Firefox or Chrome instead)
    • You wouldn’t take tour of the White House from the bum who sleeps out on the National Mall, this is no different.
  • Turn on Windows Automatic Updates and Windows Firewall
    • Microsoft actually tries to do a decent job trying to protect you when they can, but most users don’t let them.
  • Download and automatically update nightly one respectable antivirus package (for free!)
    • People get sucked into the Symantec/McAfee scheme and then don’t want to or won’t pay for updates.  Get a free product that works just as well, if not better and consuming less computer resources, than the commercial software.
  • Know how to boot into Safe Mode and other special modes
    • A lot of malware can easily be deleted in malware, yet you’ll pay Geek Squad a minimum of $50 to do something you can do/prevent yourself.
  • Read what your computer is telling you.  Ignorance is not bliss for Windows.
    • Did your McAfee subscription expire and so you’re not receiving virus definition updates?
    • Are you visit a website that “may harm your computer?”
    • Do you know who wrote the software you’re installing, read the EULA, and realize it’s also installing 3 other programs?
  • Google is your friend
    • 98% of the time, you’re not the first person to have a computer problem.  It’s probably been answered on at least 5 discussion board very thoroughly and given a few good keywords, Google will lead you right to it.  Microsoft’s knowledge base is also a pretty good resource.

There was a (+5 Insightful) comment on Slashdot earlier that I think is spot on.  It went a little something like:

Anti-virus::Washing your hands, Software Patches::Regular doctor visits, Shady porn sites::Cheap hookers, Clicking random links::Sharing needles, Downloading unknown programs::trusting random person with your SSN

And for the last time, computer science != {malware removal, free MS Office, $10 websites, …}, but most of us will be happy to help you if we can.