Some deals are too good to be true, and yet we still fall for them. Take, for instance, Zangdo.com. To make money and get your instant USD25 from them, all you have to do is to install their supposedly spyware- and adware-free Zangdo Buddy software. They even put in a link to SafeVendor to make their claim that Zangdo Buddy is spyware-free. Nice, I thought, so I went on ahead and installed it.

So imagine my frustration when, as soon as my installation was done, I opened up my default Firefox browser and find that all the AdSense ads I see in any web site I see were transformed to adverts by iTotalFind.com. At first I thought that all the blogs were hijacked, but I soon found out that I only see this happening through my Firefox browser and not my IE (Zangdo.com automatically opens up my default browser as soon as I was done installing). Not only that, even though I installed a popup blocker, every time I use Firefox and double-click on a web site or click on a link, a pop-up still appears and opens up iGoogle of all places.

Luckily, Castle Corps has a wiki on how to remove spywares and malwares, and so I followed the step-by-step instructions on how to remove them. I installed HijackThis, Spybot Search & Destroy, CCleaner and AVG Anti-Spyware (all very good and very free) to remove the iTotalFind problem as well as any other hidden malwares. I even re-installed Firefox just to be sure.

When I opened back Firefox, the problem was still there. I almost surrendered and was close to submitting my HijackThis log, when I saw two peculiar entries in the log, both with an IP address starting with 64, and has Google AdSense URL string attached to both of the log entries. I selected these two and got HijackThis to fix them. I reopened my Firefox and surfed some AdSense-filled blogs, and gave out a sigh of relief that my predicament was over.

All this happened yesterday in the span of 3 hours. HijackThis is the bomb!