I don't know how common this problem is out there right now, but I work in IT at a college campus and we have had a rash of Sidefind.
It's a very nasty little bugger and is usually accompanied by 180search, webrebates, and IST slotch bar.
We get calls to remove spyware constantly, but a few weeks ago things started going wrong. A worker went out to remove spyware and came back in carrying a crapped out machine. He said the spybot S&D removed a bunch of stuff, but was unable to remove one called sidefind. He accessed add/remove programs and clicked on sidefind to remove it. As soon as he clicked on the remove button the machine restarted itself. When it came back up Windows 98 appeared not to load. Instead the screen gave the message that windows needed the product key code to begin installation.
He thought he somehow screwed up, brought the machine in and we reimaged it. The next machine to go down didn't even make it through spybot S&D's entire scan before it hit sidefind, restarted itself and asked for the product key. We reimaged it. We ended up reimaging about 6 machines which sucks because we weren't able to save any personal data off of them since we could not access windows.
Now I am hear to tell you, we have finally found a fix to prevent reinstalling windows and losing everything. It didn't sit right that a virus could uninstall you operating system. We knew that the screen asking for the product key was probably a false screen that the virus was placing there in order to gather key codes. We blitzed out a few machines before we were able to solve the problem. If this happens to you, don't reinstall windows.
Restart your pc and as it is coming back up hit the F8 key like you would to boot into safe mode. Instead of safe mode, choose command prompt only. At the command prompt type in scanreg and restore a backup copy of your registry. I recommend choosing the oldest copy.
Then restart pc like normal and it should come up just like it was before it freaked out. Then you can work on getting rid of the spyware in your normal fashion.
It's a very nasty little bugger and is usually accompanied by 180search, webrebates, and IST slotch bar.
We get calls to remove spyware constantly, but a few weeks ago things started going wrong. A worker went out to remove spyware and came back in carrying a crapped out machine. He said the spybot S&D removed a bunch of stuff, but was unable to remove one called sidefind. He accessed add/remove programs and clicked on sidefind to remove it. As soon as he clicked on the remove button the machine restarted itself. When it came back up Windows 98 appeared not to load. Instead the screen gave the message that windows needed the product key code to begin installation.
He thought he somehow screwed up, brought the machine in and we reimaged it. The next machine to go down didn't even make it through spybot S&D's entire scan before it hit sidefind, restarted itself and asked for the product key. We reimaged it. We ended up reimaging about 6 machines which sucks because we weren't able to save any personal data off of them since we could not access windows.
Now I am hear to tell you, we have finally found a fix to prevent reinstalling windows and losing everything. It didn't sit right that a virus could uninstall you operating system. We knew that the screen asking for the product key was probably a false screen that the virus was placing there in order to gather key codes. We blitzed out a few machines before we were able to solve the problem. If this happens to you, don't reinstall windows.
Restart your pc and as it is coming back up hit the F8 key like you would to boot into safe mode. Instead of safe mode, choose command prompt only. At the command prompt type in scanreg and restore a backup copy of your registry. I recommend choosing the oldest copy.
Then restart pc like normal and it should come up just like it was before it freaked out. Then you can work on getting rid of the spyware in your normal fashion.
