Wichita Computer Support Tip for 6 June 2011
My last post asked the question ‘Is there Malware on my Computer?‘ Who knew that it would be a prophetic article? This weekend even the seasoned computer tech fell victim to this common curse. With current antivirus protection and good practices, even veterans contract these dreaded parasites.
Without any prompting, my computer contracted a malware infection over the weekend and required a little bit of advanced removal to fix. Let’s look at some real-life examples in pictures and descriptions. If you see anything like this on your own machine, call a professional. The removal was not simple and anything but easy.
For background, I was surfing the Internet and visited a page professing to have a tool I needed for stress-testing a network (read hacking) to determine if there were any security issues. Once the page loaded, Internet Explorer 9 shut down and restarted on its own. Within moments, I was presented with this popup:
It took a double-take to realize that this was not a message from the operating system. It looks a lot like the Action Center in Windows 7. I closed out the message box, already fearing I had trouble. Another popup followed:
It looks legitimate, but again is not. These are my files, all right, but none of them are infected with a virus (except this virus!) I spent a moment capturing these screens though I knew that I had to get moving on getting it removed. This screen was followed by this one:
The Register button would have offered me complete removal, probably at the low price of $89.00.
I went to my trusty applications (Malwarebytes, SuperAntiSpyware) and neither of the two would run. I rebooted to safe mode, to just be presented the same popups. System restore had been disabled. I eventually downloaded another application (Combofix) from another computer and ran it on the infected machine. Several scans later and a half-dozen reboots and I was clean. The programs installed included downloaders, which are nice little malware applications designed to install even more malware on your machine.
If you see messages like the ones above, give us a call at Proper Technology Solutions at (316) 337-5628. Though the first two tools above are easy enough for most users, I don’t recommend ComboFix for non-advanced users. The longer these problems exist on your computer or network, the harder they are to remove.