-Foreigner
Its 2010, and the same scum who have brought you Antivirus 2007, 2008, 2009 variants are pleased to bring you a whole list of rouge variants for 2010 to a PC near you.
Right off the bat, Avast! and AVG will not detect this (yet).
So to begin, here are a few samples what to look out for in case you are infected:
The "Rogue Shield", this is a new icon that appears in your systray:
Anti-virus 2010:
Internet Security 2010:
Vista Antivirus Pro 2010:
Windows 7 Internet Security 2010:
Symptoms:
A process called 'av.exe' will attempt will want to access the network. IF your firewall detects this and prompts you for access, deny it.
Everything you attempt to launch, will be informed its infected, and bogus scanners will pop up and pretend to scan your PC and results will go through the roof. Its the Rouge software using "scareware" tactics into getting you to purchase the full version (btw the registered version is bogus, it will not remove anything, it is a scam, do not purchase or provide ANY info or credit card info!)
Okay, Your Infected, take a deep breath and here's how to fix:
updated: 20100308
01. Disconnect your PC from the network (unplug the network cable from the back)
02. Reboot into safe mode (Press [F8] before the Windows logo displays and after post).
03. On another "Clean PC" download the following files:
Malware Bytes:
http://www.filehippo.com/download_malwarebytes_anti_malware
Malware Bytes Def File:
http://mbam.malwarebytes.org/database/mbam-rules.exe
EXEFIX - XP (you will use this later if needed):
http://www.winhelponline.com/exefix_xp.com
04. Copy both files from above to a USB drive.
05. Plug the USB drive into the infected system,
06. Install Malware Bytes program first, do not allow it to reboot your computer.
07. Install the malwarebytes def update (double click "mbam-rules.exe" and click [Next] through the install until it finishes).
08. Run Mwalware Bytes, if program does not load, you may need to rename the .exe to something different (aka 1234.exe), then attempt to execute the newly renamed file.
09. Once in Malware bytes, click on [Scan] and and allow to scan your system.
10. Wait for Malware Bytes to finish, and click [Remove Selected]
11. Wait for Malware Bytes to attempt to remove the infection(s).
12. Malware Bytes will then state it needs to reboot the PC, allow it to do so at this time.
13. When you reboot go back into 'Safe Mode' (press [F8] before Windows logo).
If you are running XP, you may find you can not double click on MB's icon to start it up and peform another scan. XP may warn that it can not open '.exe' files and gives you a list of programs to choose from. Click [Cancel].
Now go back to your USB drive, and double click on 'exefix_xp.com' and click [Ok]. This will fix the registry issue that our "2010" variaent broke when it installed.
You will now be able to launch MB and perform another scan to assure things are clean.
Once clean go on to step 16.
16. Reboot, and allow to come up in "Normal" mode.
17. Review the system for any "2010" pop-ups, and assure the bogus "2010" shield is not in your system tray (see atop of doc for "Rogue Shield").
18. Launch Malware Bytes and do another scan and allow it to clean up and reboot your PC if needed.
19. After running Mawlare Bytes and getting an "all clear" its time to install and or update Spybot Search & Destroy to get "a second opinion".
Filehippo: Spybot Search & Destroy
http://www.filehippo.com/download_spybot_search_destroy/
Spybot Search & Destroy: Def Updates:
http://www.spybotupdates.biz/updates/files/spybotsd_includes.exe
If you have SS&D installed, then just manually run the updates above, and run a scan.
If you do not have SS&D installed, run through this official tutorial from SS&D's site:
http://www.safer-networking.org/en/tutorial/index.html
In additional to this, you may want to download and run "Ccelaner" to clean up all your temp spaces from anything that may still be around from your infection.
CCLeaner
http://www.piriform.com/ccleaner/download/slim
0 comments:
Post a Comment