The request seemed like a routine home user workstation setup for one of our clients. I needed to configure her personal computer and VoIP phone for access to the company network. I would configure a modem and router to setup a home network for the user. After confirming that the home user had all the required equipment I was ready to start. I attempted to remotely access her computer through Internet Explorer. This is when the problems began.
MrFreeze: New Home Page
The user said her Internet Explorer home page had recently changed to “MyFreeze.com”, and she hadn’t changed it. At the time, I didn’t think it was a problem. I figured a family member might have changed it, in that it was a personal home computer.
My attempts to access the computer were blocked, and the errors were not normal. Now, I started to wonder about the “MyFreeze.com” site. I did a quick search and found ”MyFreeze.com” to be the newest version of a browser hijacker, malware or spyware. A well-known version is “CoolWebSearch (CWS)” or “Morwill Search”.
Browser Hijacker: Malware or Spyware
A very good definition of a “browser hijacker” comes from Wikipedia. It is “a form of malware or spyware that replaces the existing internet browser home page , error page, or search page with its own. These are generally used to force hits to a particular website and allow the collection of information from the hijacked computer.”
Having to remove this hijacker remotely with the help of an end user with minimal technical computer knowledge made troubleshooting extremely difficult. I asked the user a few questions. Were there any anti-virus programs on the computer? “I don’t know.” How old is the computer? “Three years.” When was the last time computer was serviced or had a virus scan? “I don’t think it has every been serviced or had a virus scan before.”
MyFreeze Removal Difficult
I was faced with a browser hijacker active on the computer, and I needed to use the browser to configure a modem and router. Without antivirus programs or a special tool called CWShredder, created to specifically remove hijacker malware, removal becomes very technical. It requires accessing the Windows Registry for total removal, and I didn’t feel comfortable enough with this user to access the registry.
A lesson learned here… before attempting to work remotely on a personal computer, make sure there is an antivirus or antispyware program installed on the computer and make sure the user has run the program before remote support begins.
Remote Computer Support, Miami to Jupiter
Don’t waste an entire day trying to remove spyware or a virus. Many times, if you don’t know what you’re doing, you could cause collateral damage beyond the initial infection. Call DedicatedIT today, 561-491-5725, for all your computer support needs.
We first advise our customers to use the Add/Remove Programs (Programs and Features in Vista) to uninstall our applications. In the event other software has altered the installed files, we recommend they delete the My.Freeze folders from their C:\Program Files. After a system reboot, this usually resolves the issue.