Lately I’ve been seeing infections of rogue anti-viruses that are hiding people’s files in their”My Documents” folders, and warning them that there hard drive has critical error. Here are the tools I used to fix the problem:
Process Explorer & Autoruns from Microsoft’s Sysinternals: To identify the rogue processes, terminate it, and prevent it from running again at start-
UnHide.exe from bleepingcomputer.com: This program unhides user files and is supposed to keep system files hidden.
SuperAntiSpyware: to clean up remaining bits of malware.
AccRestore v2.0: On one system the Accessories Folder wasn’t just hidden it was deleted. I used this simple tool from Ramesh Srinivasan to fix it.
The final part is to educate users on safe browsing habits, and to offer anti-virus solutions.
I hope this has been useful in the battle against Malware.
-Nomad Computer Repair
A good read: http://billmullins.wordpress.com/2010/07/27/scareware-is-destroyware-not-just-malware/
Guess what I’m doing this weekend? That’s right, I’m already booked-up to remove malicious fake anti-virus programs from peoples computers. A problem that I’ve seen more and more in the last 18 months or so. Programs like these are often designed to trick you into paying for the removal of viruses and malware that aren’t even on your computer. Furthermore, they might disable your real anti-virus. Even if your current anti-virus recognizes one of these rogues you may still be at risk. They are craftily deployed to trick most users by with pop-up warnings like, “click here to remove infections.” The well meaning computer user wants to keep his computer virus free, and these rogues take advantage of this fear. While anti-virus, firewalls, and sandboxes help, education is key in helping people avoid these problems. Know what your AV’s user interface looks like. If in doubt, ctrl-alt-delete to kill a pop-up instead of clicking the X. And of course steer clear of the shadier sides of the web.
If you want more information on scare-ware and rogues, there are tons of websites out there that address these threats (but some of them are themselves malicious). One of my favorites is http://remove-malware.com/.
-Be careful out there-