My **LUCKY DAY**

bratkinson

No longer a newbie, moving up!
Joined
Dec 4, 2011
Messages
1,643
Reaction score
318
Location
Western MA
Can others edit my Photos
Photos OK to edit
BLASTED FREEWARE!!!!!

I have been using the Free Studio downloading programs for several years now for downloading stuff off Youtube as, too often, Youtube stuff gets wiped out. Whether it's a copyright violation or contractual obligation of Youtube or if the originator or owner of a video wants to delete it, it's gone. I still want to hear the music I wanted. So, I learned to simply download what I wanted.

I've used the Free Youtube to MP3 version in the past, and downloaded a new one a couple days ago. But I discovered it didn't do anything at that time. So I kicked it off and it decided it wanted some 'download control' software over and above the free download software. So, not paying any attention, I clicked yes to a couple of their 'free' software in addition to the download control software. Once I realized my mistake and clicked NO to a couple of other 'freebies' and it started downloading, I realized my mistake and tried to cancel it via the 3 finger salute method. It took several tries, but it cancelled.

Unfortunately, it DID get a couple of next to impossible to remove software programs...Gorilla <something> and a couple of others. Using the standard Windows 7 software uninstaller, it refused to remove itself unless it downloaded some other .exe file. They must think I'm stupid. So I tried Windows Registry clean up program I use, and it wanted me to pay $5.95 for the 2014 version...no options to keep using the old one. I decided NO multiple times and could not get back to the 2013 version.

OK...it's off to Safe Mode as I can't cancel the running Gorilla tasks with the 3 finger salute, either. GOTCHYA NOW!!! So, under safe mode, I deleted all Gorilla folders, then went to REGEDIT and removed every directory that had a reference to it. I then emptied the trash basket and rebooted. IT'S BAAAACKKK!!!

Oh, and it changed my Internet Explorer to use some proxy rather than 'automatically detect the internet connection' option in IE. These viruses/spyware are getting smarter by the day!

SO, I pulled the rabbit from the hat...my ace in the hole...my on-site cloned SSD (identical to 'running' SSD) that I created about a week ago. I exported the Outlook files, re-copied over My Documents, Favorites, and Pictures folder to the 1TB hard drive I have running (also cloned about a week ago), then shut down and swapped SSDs. GOTCHYA THIS TIME FOR SURE!!!

Once more, my using standalone clone software rather than RAID which only works for hardware failures saved the day! It took all of about 5 minutes to be back to where I was before I foolishly didn't pay attention to the 'optional garbage' being offered for a good product download.

Yes, I'm computer savvy. In my opinion, RAID would not have saved the day as the virus/spyware would have installed itself to the backup RAID drive as well. OK, so if my SSD crashes I won't have an instant recovery with my 'clone backup' method and I may lose some number of weeks/months of My Documents and program installation/updates. To me, having that clone copy pre-installation was better than gold.

I could have try recovery using windows archived registry copy(ies), but couldn't remember how. Closing in on becoming older than dirt gets more problematic every day!
 

robbins.photo

Yup, It's The Zoo Guy
Supporting Member
Joined
Oct 3, 2013
Messages
11,518
Reaction score
4,788
Location
Louisville, Nebraksa - United States
Can others edit my Photos
Photos OK to edit
BLASTED FREEWARE!!!!!

I have been using the Free Studio downloading programs for several years now for downloading stuff off Youtube as, too often, Youtube stuff gets wiped out. Whether it's a copyright violation or contractual obligation of Youtube or if the originator or owner of a video wants to delete it, it's gone. I still want to hear the music I wanted. So, I learned to simply download what I wanted.

I've used the Free Youtube to MP3 version in the past, and downloaded a new one a couple days ago. But I discovered it didn't do anything at that time. So I kicked it off and it decided it wanted some 'download control' software over and above the free download software. So, not paying any attention, I clicked yes to a couple of their 'free' software in addition to the download control software. Once I realized my mistake and clicked NO to a couple of other 'freebies' and it started downloading, I realized my mistake and tried to cancel it via the 3 finger salute method. It took several tries, but it cancelled.

Unfortunately, it DID get a couple of next to impossible to remove software programs...Gorilla <something> and a couple of others. Using the standard Windows 7 software uninstaller, it refused to remove itself unless it downloaded some other .exe file. They must think I'm stupid. So I tried Windows Registry clean up program I use, and it wanted me to pay $5.95 for the 2014 version...no options to keep using the old one. I decided NO multiple times and could not get back to the 2013 version.

OK...it's off to Safe Mode as I can't cancel the running Gorilla tasks with the 3 finger salute, either. GOTCHYA NOW!!! So, under safe mode, I deleted all Gorilla folders, then went to REGEDIT and removed every directory that had a reference to it. I then emptied the trash basket and rebooted. IT'S BAAAACKKK!!!

Oh, and it changed my Internet Explorer to use some proxy rather than 'automatically detect the internet connection' option in IE. These viruses/spyware are getting smarter by the day!

SO, I pulled the rabbit from the hat...my ace in the hole...my on-site cloned SSD (identical to 'running' SSD) that I created about a week ago. I exported the Outlook files, re-copied over My Documents, Favorites, and Pictures folder to the 1TB hard drive I have running (also cloned about a week ago), then shut down and swapped SSDs. GOTCHYA THIS TIME FOR SURE!!!

Once more, my using standalone clone software rather than RAID which only works for hardware failures saved the day! It took all of about 5 minutes to be back to where I was before I foolishly didn't pay attention to the 'optional garbage' being offered for a good product download.

Yes, I'm computer savvy. In my opinion, RAID would not have saved the day as the virus/spyware would have installed itself to the backup RAID drive as well. OK, so if my SSD crashes I won't have an instant recovery with my 'clone backup' method and I may lose some number of weeks/months of My Documents and program installation/updates. To me, having that clone copy pre-installation was better than gold.

I could have try recovery using windows archived registry copy(ies), but couldn't remember how. Closing in on becoming older than dirt gets more problematic every day!

You'll find a lot of programs like that generally start with windows. Windows has a little known utility that is probably one of the most useful features in most versions of windows but they don't really advertise it, it's called MSConfig. If you open command prompt and type msconfig or type it into the run line of the start menu it will bring up this very handy utility.

Click on the startup tab (stay away from the services tab - you can actually do some damage with that one) and this will give you a list of all of the programs that start with windows and where they are located on the drive. It's very handy for finding annoyware like the ones you describe above - and if you remove the checkmark in front of the program or utility it will no longer start when windows starts. If you accidentally uncheck something you need, you can always go in and put the checkmark back in and then it will start with windows again.
 
OP
bratkinson

bratkinson

No longer a newbie, moving up!
Joined
Dec 4, 2011
Messages
1,643
Reaction score
318
Location
Western MA
Can others edit my Photos
Photos OK to edit
For virus removal, MSCONFIG doesn't cut it. Virii and spyware alike put 3-5 tasks embedded in the startup that they each verify that the other modules are present and running. If not present, they 'put them back' and continue their infection. I've removed many virii from infected computers that friends don't have a clue what happened the 'hard way'. Even with wiping every occurrence that I could find from the registry via regedit, there must have been one or two that put it back. Obviously, they have some obscured, non-obvious names within the registry.

What I forgot to look for was my 'shows all 200+ (or more) tasks that take place at Windows startup. Yes, there's tons of startup tasks that run and then terminate or leave other services running, etc. I might have been able to catch it that way. But my recovery clone SSD saved the day and made it easier than going through about 30 screens worth of startup tasks for Win 7 and determining what can and cannot stay.
 

robbins.photo

Yup, It's The Zoo Guy
Supporting Member
Joined
Oct 3, 2013
Messages
11,518
Reaction score
4,788
Location
Louisville, Nebraksa - United States
Can others edit my Photos
Photos OK to edit
For virus removal, MSCONFIG doesn't cut it. Virii and spyware alike put 3-5 tasks embedded in the startup that they each verify that the other modules are present and running. If not present, they 'put them back' and continue their infection. I've removed many virii from infected computers that friends don't have a clue what happened the 'hard way'. Even with wiping every occurrence that I could find from the registry via regedit, there must have been one or two that put it back. Obviously, they have some obscured, non-obvious names within the registry.

What I forgot to look for was my 'shows all 200+ (or more) tasks that take place at Windows startup. Yes, there's tons of startup tasks that run and then terminate or leave other services running, etc. I might have been able to catch it that way. But my recovery clone SSD saved the day and made it easier than going through about 30 screens worth of startup tasks for Win 7 and determining what can and cannot stay.

Well no, it was never intended as a virus removal utility, but it does work well for most annoyware.
 

Most reactions

ClickASnap
Top