Once again, my son KC made a right mess of an innocent attempt to do something on my computer. He wanted to download songs on the free, and wanted to use one of those "free-don't tell anyone" sites. I had had it downloaded in the past, only uninstalling it because they got clever in blocking you from burning to CD, so I figured, "No harm, go ahead."
Ooops.
Because somehow (and I don't exactly know how), it brought along a "pc backup" site (which popped up when I returned to the computer), a "speed up my pc" site, and had two separate (and different) shortcuts to the download site on my desktop. At this point, I had no idea the extent of the problem until I opened up Google Chrome (my unwillingly downloaded backup browser) and instead of the Google home screen with our bookmarks on it, I got a blank search site headlined "Astromenda".
First thing, go back to my IE browser- which is now asking me if I want it to be the default browser. WTH? I check the "yes, you idiot" option and search Astromenda. First site I find offers a free "Astromenda remover" to download. So I start it- and it says, this will take aproximately 20 minutes to load. At this point, I went on Facebook and messaged KC (something to the extent of, "You can get your music at Best Buy like the rest of us from now on"), come back, and stop the download, saying, "the heck with this, just uninstall the garbage." Four programs had to be uninstalled. Away they went, tried again.
Still There.
So I got on settings, made sure the home pages were what they were supposed to be. The URL for Astromenda is about 50,000 characters long, took me two minutes to totally erase it and put in Google.com.
Still there.
So I said, "Screw this, just do a system restore back to yesterday."
Still there.
By this time my already elevated blood pressure is reaching the tips of my longest remaining hairs, and Scrappy is trying desperately to calm me down. I searched some more on how to remove the damnable thing, and found there were three things yet I would have to do. Because, you see, Astromenda not only installs itself, but independently changes your settings. Even after uninstalling, it would bring up two pages on Google Chrome: one in behind was the original home screen I should have been getting, the second over the top of it was the Astromenda home page. On IE, believe it or not, IE fended it off. It tried to gain access by shutting down the Google toolbar (one of the main reasons I cling so stubbornly to IE), but the computer would always ask, and I'd say yes, I want it. Then it would slow the Google homepage to a crawl loading, though everything else came up just fine.
So anyway, this next site tells me I had to go to Tools- Extensions- and put whatever I found labeled Astromenda there in the "trashcan". Then I had to go to settings and redo what I thought I had done earlier, because it had just gone right back in where I spent the 2 minutes erasing it. Finally, after changing all these settings, I had to get on advanced settings and have Google Chrome reset to its default settings. Then go back and tell everyone who the proper default browser was.
Ding dong, the beast was dead.
So basically, the Google toolbar kept IE safe; but since Google Chrome DOESN'T OFFER the GOOGLE TOOLBAR, it got hijacked fairly easily. The next time the spies from Mountain View, CA, come by, I hope they read this and answer me one question: Why can't we use YOUR toolbar on YOUR browser? I might actually use Chrome for more than the ever-growing list of things the Google Empire won't let IE do IF I could have my Google toolbar- and if I didn't have to raise the zoom on EVERY individual page on Chrome (where on IE, one setting fits all).
Okay, so that rant over, I caution you to avoid Astromenda, it is a hard weed to pull. I am told (but since I was too smart to use it...) that every time you try to search something on it, it takes you to a series of ads first. And here is a word for advertisers slimy enough to use Astromenda- if I ever find out you are an Astromenda customer, you will be CUT FLAT OFF. And I will warn everyone who reads this blog. And I will share anyone's Astromenda horror stories on my blog. Which is published to Facebook, BTW. Think about that before setting up clicks for some slimy scam site, okay?
ouch.. that is good to know.. last time I messed up I had to call in Danny T. to bail me out.
ReplyDeleteI was beginning to wonder if I would...
DeleteYikes...yeah, I've done that once or twice. Luckily my nerd husband gets me out of trouble :-)
ReplyDeleteYeah, thanks to KC I've learned how to identify scam Abobe updaters and to remove porn toolbars.
DeleteThis was interesting and funny and what can I say I think you have more patience than I do
ReplyDeleteWell, it's me or nobody.
DeleteI use Webroot and Malwarebytes, and I've given up tap dancing on land mines. :)
ReplyDeleteEvery site you go to recommends Malwarebytes, and I used it to clean up the leftovers.
DeleteHuh?
ReplyDeleteBoils down to one thing- if you want to download something free, go to the app's own homepage. KC clicked on the first thing he saw- it was something called appcenter.com, and on their site they bundle other crap into your download. Astromenda was one of those things.
DeleteI'll modify Jo-Anne's statement a tad: you have a LOT more patience than I do. Ahhhh, remember the good old days before the internet. Hmm, but then again, I wouldn't be "talking" to you.
ReplyDeleteThere's always the bright spot of having something to yell at my kid about.
DeleteChris:
ReplyDeleteWell, I know what I do when I say "oops"...
:)
Still, the way these dang things work these days, I don't believe the ones that created them know everything about them...
That Astromenda sounds like a DEFINITE site to slap a security block upon... (and thankfully, I can banish that site in the IE settings thingy
I also run both AVG (free) and Malwarebytes...
"They shall not pass"...shades of Gandalf!
(need a bloody WIZARD to figure some of this crap out).
Glad it worked out for you, brother.
Stay safe (and bug-free) up there.
As you see from previous answers, the rest of the story involved Malwarebytes and staying away from "sponsored pages". The really bad thing is that one of the things that bundle with Astromenda is Kapersky AV- which, of course is our soon to be replaced AV here.
Delete