Tuesday, December 27, 2011

Adventures in Malware Removal

Yesterday -- Christmas day -- my sister's computer contracted a rather serious case of malware that took me over an hour to neutralize. It's a nasty little program that goes by various names depending on your operating system, usually some combination of "XP/Vista/Win 7 Antispyware/Antivirus/Security 2012". This program is very well designed to look like the official Microsoft Security panel (at least on XP, which my sister has), so much so that when it first appeared even I, naturally suspicious as I am, was almost fooled. Ironically, it was the program's own strenuous self-preservation efforts that alerted me, as it will block any browser you open from accessing the Internet. (At least, it will block Internet Explorer and Firefox, which were the only ones I was able to test, though I suspect it would block others as well.)

Like many malware programs out there, XP Security 2012 (the name that appeared for my sister, and which I'll use for simplicity) poses as a virus scanner, then pretends to scan your computer and locate a bunch of bad stuff, which it promises to remove upon upgrading to the paid version. At best, such programs simply take your money; at worst, they can actually infect you with the very viruses they claim to remove. These programs work by looking very official, and XP Security 2012 takes it up a notch by blocking your Internet access, making it hard for you to check online for a solution.

Luckily, one solution is simply to restore your computer to an earlier backup point. By going to System Restore (found under Start Menu --> Programs --> Accessories), you can restore you computer to an earlier point (after which I would recommend clearing your browser cache of temporary downloads; the file seems to get onto your computer by posing as some sort of legitimate download. In this case I think it may have been a phony Adobe update.). This method may not work if your restore point doesn't go back far enough, although since the program seems to activate immediately on installation (or at least very soon), you would likely need a restore point just a few days ago to work.

I actually found and used a program from the anti-virus group Malwarebytes Anti-malware, although given the rigamarole I had to go through to get it working I wish I'd found the restore point solution earlier (XP Security 2012 can block programs with the .exe extension that it feels are a threat, so you need to change the extension on the Malwarebytes installer to .com, run it to install the anti-virus program, then change its extension to .com in order to run it and remove the malware. Luckily, it works very well)

Here's hoping that your own Christmas was less eventful! Merry Christmas everyone! Mele Kalikimaka kākou!

1 comment:

Think I said something interesting or insightful? Let me know what you thought! Or even just drop in and say "hi" once in a while - I always enjoy reading comments.