Windows security virus

How do I turn my PC on??
Post Reply
User avatar
Ostrich
1337+
Posts: 1829
Joined: Thu Feb 16, 2006 11:56 am
Location: covered in feathers

Windows security virus

Post by Ostrich » Mon Apr 25, 2011 1:47 pm

Woah. Quiet subforum is quiet.

Anywho, I spent most of Saturday and Sunday cleaning a nasty little virus off both my computers. Thank goodness it didn't spread to the external drive (all my documents/pictures/whatever). It's known as the Windows security virus because that's exactly what it looks like when it executes on your system. It:

- Closes down and disables all browsers.
- Closes down your antivirus software.
- Masquerades as the native Windows antivirus program, warning you that there's multiple viruses on your machine.
- Runs as a random set of letters + .exe. So something like "abc.exe". If you try to give it the three finger salute it'll simply pop up again with a different set of letters. This is due to the registry changes it made.
- Pops up numerous warning/security breach/PUTER GONNA BLOW messages.

If you click on any of the "yes please fix my system" buttons it'll allow IE to pop up with a form. You can enter your credit card to "subscribe" to this fake software.

At its heart I believe it's a keylogger. Hence the credit card/personal info request. This made it past McAfee and Windows (real) Security Center. McAfee didn't detect any problems, and the Security Center wasn't allowed to run once the virus was in place. It was installed through an ad server. And yes, I run FlashBlock.

The only way I was able to get rid of it was to do a system restore. Assuming you have system restore enabled on your machine:

1. Go under Start -> Accessories -> System Tools.
2. Right click on System Restore and select Run as Administrator. (The virus won't let you run it otherwise.)
3. The wizard should at least a couple of dates/times to choose from. Pick one that's closest to your current time but before the virus installed.
4. Click OK.
5. Wait. Depending on how far back you're restoring this might take some time.

System Restore basically pulls all your registry data back. Doing a System Restore will NOT affect your files. It will, however, uninstall any legit software you may have gotten between now and then.
:>---O==={
Time falls away, but these small hours
These little wonders still remain

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest