I was called to a 2003 Server yesterday, that was riddled with malware, whatever was on there was generating a lot of network traffic, so the first thing I did was disconnect it from the network.
That’s fine, but if I wanted to use my usual ‘weapon of choice’ Malwarebytes, how was I going to get the latest database installed?
Solution
WARNING: There is a note on the Malwarebytes website that discourages this procedure, as it breaks the incremental update mechanism of Malwarebytes. They recommend that you use this utility to do the job, and that it should be updated every week (though the page currently has December 2011 as the update date!) . In my case once the machine is clean, I’ll remove Malwarebytes and install Trend Worry Free on it anyway. Either way, I prefer to know for a fact I’m using the latest database.
1. Install and update Malwarebytes on a nice clean machine (In this case, my Windows 7 laptop).
2. Find out what version of Malwarebytes you are running (on the about tab).
3. Navigate to the following location, and take a copy of the rules.ref file, i.e. put a copy on a USB thumb drive.
The last time I wrote any information on Spyware was a while ago. When I wrote that article the main problem was browser hijacking – while that’s still a problem more recently the trend is towards infecting your machine with “Scareware”. This is software that pretends to be either an antivirus program or an antispyware program and tells you to either install something – or perform a scan (which installs something) or forces you to buy some useless software etc.
A lot of my clients who get infected justifiably ask “Well I’ve got up to date AV and Antispy software, how did I get infected?” The simple answer is (In most cases) because you clicked the button that said “Yes” when proper text on the button should have said “Yes, please slow my machine down and infect it horribly”. Some programmers of these Scareware applications have produced some awesome professional looking programs, that would fool even the more “Technically aware” user.
The Best form of Defense is Offence (And common sense!)….
Error Reads:Windows Title: “Windows Internet Explorer” Window Text: “This computer is under attack.They can seriously harm your private data or files, and should be healed immediately. Return to Antivir and download it secure to your PC.“
Windows Internet explorer is telling you you’re infected? How would an internet Browser know you are infected? And If you actually read the text, the grammar is terribly bad (Even by my D Grade O Level Standards!) But click anything (OK, Cancel, The Red X to close the window) you will probably drag some nastiness into your PC. Also look at the URL “http://my6-antivirus-scanner.com/” Google that (that’s search for it in Google NOT type it in the address bar!) And you will see its bogus.
I’ve got a window just like that one, what do I do?
Right Click Your Taskbar and select “Task Manager” or “Start Task Manager” > On the applications Tab select the instance of Internet Explorer > Click “End Task” > Accept any warnings > Close Task Manager. If you still worried run a full AV and Antispy scan on the machine.
Help! – I’ve been infected and now my machine tells me I’m infected all the time!
1. Before you do anything make sure you have a backup of anything important. (Your documents, emails, photos internet favorites, programs etc) just in case.
To Fix things you need to install some software. If you are so badly infected that you cannot install the software, or the infection you have specifically stops the removal tools from working, (some do!) Then reboot the PC, and Press F8 – and select Safe mode.
2. Install Malwarebytes, Let it update itself, then perform a scan, reboot and re scan, until it tells you there is no infection left.
3. Install SuperAntispyware, Let it update itself, then perform a scan, reboot and re scan, until it tells you there is no infection left.
4. When done, make sure you have good, up to date, Antivirus software, a personal firewall, (The Windows one is better than nothing). Then periodically run one of the above products.
Hang On! I’ve done that and its not worked (I’m still Infected).
The two products above are usually all you should need, if an infection gets past one, the other usually gets it. However in some cases the code writers will get something on your PC quicker than the good guys can defeat it, if that’s happened to you, you have a choice.
1. Consider reinstalling Windows (For everyone who has just rolled back in their seat, I charge £75.00 an hour for desktop work, it might take me 4-8 hours to clean a machine manually, how much is your PC worth?). And its the ONLY way to make sure you’ve got all remnants of nastiness away (You’re looking at about 4 hours work with a modern PC to rebuild it, patch it, and reinstall everything).
2. Roll your sleeves up and get on the internet, the chances of you being the first person infected are pretty slim. Download HijackThis and get the log it generates, posted in an online forum or check it online(Warning: Automated systems).
3. If you have tried everything then your last port of call should be COMBOFIX this is a VERY powerful tool and if used incorrectly can destroy Windows (hence why i’ts at the bottom of the list).
Gallery Of NastinessNote: Here’s just a few – there are tons more – If you want to send me a screenshot of anymore please do so
Security Sheild (Seen 22/12/10 – Infected by an email attachment) SecurityTool Security system Protection Control Panel WinReanimator VirusHeat Virus Protect IE Defender 2.2 VirusRay AntiVirGear SpyShredder 2.1 VirusProtect Pro Windows Security Center (No It is’nt) Spyware Protect 2009 VIRUSBUSTERS Personal AntiVirus ExtraAntivirus System Antivirus 2008 IE Antivirus 3.3 Fast AntiVirus 2009
Related Articles, References, Credits, or External Links
After cleaning an infected Windows 8 machine, I was faced with an empty Explorer.EXE window with just a warning triangle like this every time the PC booted.
Solution
It was being caused by a piece of junk that was left in the registry.
1. Press Windows Key+R > type regedit {Enter} > The registry editor will open.