4/11/2011

Once More Into The Breach...

On Saturday I came to the aid of a damsel in distress.

Today, it was doing battle with a computer virus.

It appears one of the computers at our small business had problems with bogus virus warnings popping up. Something called XP Anti-virus 2011 kept warning us about all kinds of trojans, keyloggers, and other sundry malware on the computer in question, advising us the only way to rid ourselves of them was to subscribe (and pay for) a copy of this XP Anti-virus 2011. It looked as if it was from Microsoft, even displaying a replica of the Windows Security Center app. But what this supposed anti-virus program was doing was trying to extort cash from gullible computer owners in order to shut it up...until the next time they wanted money.

One of the side effects of this virus was disabling some of our regularly used programs, including one that allows us to track our customers patronage and generate business statistics for use in making projections for the coming months and quarters.

This virus was so persistent and well ingrained that our standard anti-virus app, which shall remain nameless, didn't even touch it. And from what I understand many of the other anti-virus suites were just as vulnerable.

It took quite a bit of research to figure out how to get rid of it, including how to shut it down so the programs capable of purging it from our system would run. A number of third-party programs used to shut down malware processes, including one of my favorites called Rkill had no effect on it at all.

In the end I had to kill the process by creating a file that would prevent the virus from starting when the computer rebooted. I found that file here (I used Method 2).

Once the virus was disabled, I downloaded and installed one of the freeware applications capable of purging it from the system and repairing the registry. (I used Malwarebytes Anti-Malware application.)

All in all it took almost 2 hours to get rid of the virus, with the longest part trying to disable the virus long enough to allow installation of the program used to purge it.

From reading some of the forums, it appears this nasty little beast installs itself by a number of means, including links on fake e-mails. Probably one of the more common fake e-mails is one supposedly from UPS, FedEx or some other parcel delivery service informing you of a package enroute to you. The e-mail includes a link to 'track' your package, but when you click on it it downloads and installs the virus while your web browser shows you some kind of message saying the server is busy or has timed out.

And so it went for me today.