Wednesday, November 11, 2009

Security Tools Malware

My parent's neighbor called me this afternoon...his computer had a virus.

There was no virus software installed.

I told him to try AVG (which makes me want to put parenthesis after it with a GROUP BY clause), scan the computer and then call me back.

He did call back, but he was unable to download the software. He kept getting messages that his computer was infected and that his credit card details were being delivered to the 'tubes. Just bring it over and I'll take a look.

I tried opening up Task Manager, no deal, Security Tools identified it as a virus. WTF?

I tried opening up a shell window. Ditto.

Here's what "Security Tool" looks like:



Hmmm...I could use the Ubuntu Live CD and try to remove it...you know, since I'm an expert and all that.

So I opened up a terminal and started poking around the file system (/media/disk). Nothing jumped out at me. So I googled and found this entry. It suggested installing AVG for Linux and then scan the Windows disk. So I did. Took about 2 hours to complete and it came back with nothing.

I gave up on trying to solve the problem with Linux. I really thought I would be cool. Oh well.

So I did some more research and found this entry on "Security Tool." It suggested downloading MalwareBytes’ Anti-Malware, but it was impossible to do anything. I then found this post on the Symantec forum which suggested opening up Task Manager as soon as you login. That seemed to work. Found the process and killed it immediately.

I then installed MalwareBytes', scanned the computer and removed the infected files. Voila! It only took about 6 hours from start to finish. I will get a free lunch out of it though...I'll take all the free I can get these days. I also updated Windows, installed Firefox and avast! so we can hopefully avoid these same issues in the future.

On a side-but-related note, I ran across an infected site last week and it looked like this:



I found it quite amusing...but probably authentic enough to fool a number of people.

Hopefully some poor soul out there will get good use out of this.

2 comments:

rnm1978 said...

hey chet,
interesting post, thanks. and kudos for fixing it too :)
any reason you installed avast instead of AVG at the end?

oraclenerd said...

I mispoke the first time is what happened. I believe I had read a recent article on AVG. All my old computers (and my wife's) used avast! We found it to be a great alternative to Norton, et. al.