Tag: antivirus

Posted on

Malicious Software Removal Tool (MSRT)

Microsoft recently reported that their Malicious Software Removal Tool (MSRT), which was included in Windows Updates on December 9, 2008, has now removed over 400,000 copies of the nefarious “Antivirus 2009”.

An Arlington, VA client was recently infected by that Antivirus 2009 malware. It has been the most pernicious malware that I have seen recently, as most users can be tricked into installing it. Many fake sites exist that you might find during a normal web search. The sites appear to be a standard Windows Control Panel page which pretends to search for and find viruses. If you click “Ok” or “Remove All” you will be infected.

It will eventually take away all administrative rights from you and ask for your credit card to update and remove the viruses. Of course, it never removes anything, but instead gives your credit card info to the bad guys to use as they wish. Your computer is also a zombie ready to do whatever they ask of it.

The problem is that the dialog boxes and alerts look just like legitimate ones that might appear from Microsoft. See the fake Antivirus 2009 alert above.

I mentioned another variant of this malware called Antivirus XP 2008 in an earlier post.

While there are other tools you could use, Microsoft’s Malicious Software Removal Tool (MSRT) is a real solution that will remove and protect the computer from this Malware. It is available as a critical update from Microsoft.

It is not always apparent how to run Microsoft’s Malicious Software Removal Tool (MSRT). If you have it installed, you can just go to Start – Run and they type mrt

Posted on

Antivirus XP 2008 Is Bogus

A recent Sterling, Virginia customer got hit by a fake warning that her computer had been infected by a virus. But it was just a pop-up browser window that, when clicked, actually installed malware on her computer. To add insult to injury, the malware installed is called Antivirus XP 2008. So you think it’s there to help you when in fact it IS the infection.

Antivirus XP 2008 shows a list of files that it claims are infected on your computer. See that the icons used are the same as those used by Windows. If you register the “anti-virus” software in an attempt to fix your computer, the bad guys will have your credit card information.

On other computers, I have seen Antivirus XP 2008 installed on the Windows Desktop background so that your wallpaper background always gave you a warning.

This has become a common computer problem. It is an easy scam to fall for because it looks very close to a real Windows warning.

This is an effective social engineering scam because people are scared of viruses and have grown accustomed to following any computer-generated prompts to remove them.

For this particular computer, I booted into Windows Safe mode and ran Malwarebyte’s Anti-malware program which is free for a couple of weeks use. Luckily the infection could be removed. In some cases, the malware can actually take over all administrator rights to the computer and rewrite the operating system to the extent that the only real alternative is to save your personal files and reinstall Windows.

Posted on

Russian Gang Hijacking PCs

This NY Times article talks about how a gang in a Russian town is using Microsoft administrative tools to infect private and government computers. A few excerpts:

The gang was identified publicly in May by Joe Stewart, director of malware research at SecureWorks, a computer security firm in Atlanta. Mr. Stewart, who has determined that the gang is based in Russia, was able to locate a central program controlling as many as 100,000 infected computers across the Internet.

The system infects PCs with a program known as Coreflood that records keystrokes and steals other information.

“The great thing about this system is that from one computer it is possible to push out updates to all machines in a corporate network at once,” Mr. Stewart said. “This is a useful tool that Microsoft has provided. However, the bad guys said, ‘We’ll just use it to roll out our Trojan to every machine in the network.’ ”

The gang then uses the passwords to access your bank account and transfer out money. Scary stuff.

This only affects Microsoft operating systems, so Macs are safe. In order to protect PCs, I suggest using:

  • hardware firewall (included in routers)
  • Windows Vista or XP with Service Pack 3 (latest)
  • Anti-virus software such as AVG Free or Avast.

If you get infected by something like this Coreflood virus, you should do a complete re-install of your system.

Posted on

Operating System re-installs installs for virus ridden computers

Infections Beyond Repair

Most people say that once a machine is infected with a virus, there is no practical way to know for sure if it is ever truly safe. You could take out the drive, attach it to a Linux machine for scans, and run all the latest tools. But this doesn’t guarantee success.

Think of it as an arms race between the virus writers and the anti-virus writers. Many viruses re-write parts of the Windows operating system. They are written specifically to sneak past popular anti-virus software, namely Norton and McAfee.

The solution, especially for machines with nasty viruses, is a clean install of the operating system. This can’t be done from within Windows. The important data should be backed up and the drive should be formatted and a clean install should be performed.

Before the old data is put back on the computer, it too should be scanned. Even documents can contain little programs (Macros) that could contain viruses.

Client Story

A recent client in Virginia had a computer that was badly infected. After the computer booted up, supposed anti-virus software popped up indicating that there were viruses. This was certainly true, but the anti-virus software was bogus. It just asked for his credit card info to fix the problems. If he had provided his credit card, I am sure that the virus would not have been removed. He would have probably just gotten many unauthorized charges.

His computer was no longer his. He had no administrator privileges. He had no “My Computer”, no CD drive, and no task manager. His system tray in the bottom right corner only had the words “VIRUS ALERT!”.

Without much hope, I initially tried Windows is Avast! 4 Home Edition.  One feature that Avast has over the previously mentioned AVG is the ability to scan Windows before booting into Windows machines.

Unfortunately, much of the operating system had been modified, so Avast could not fix it. I removed the drive, placed it in a Linux machine, backed up and scanned the important files, and then ran Darik’s Boot and Nuke to wipe the drive.

The desktop was an HP that did not come with a restore disk, so we had to purchase another copy of Windows to install.

I told the customer how many viruses use social engineering to work. Messages appear in an email or browser pop-up window and they appear legitimate so users click on them. He asked me how to tell the real pop-ups for the fake ones. Without computer experience, it is very difficult to know.

Windows Vista has made this worse. By constantly asking people to approve even small tasks, it conditions people to just click “Okay” for everything.

His computer now is up and running again. It is behind a router with a firewall and has the Firefox web browser and Avast anti-virus.  Hopefully that will keep him safe from viruses and malware. At least he can rest assured that his machine is not currently hi-jacked after a clean operating system install.

Posted on

Anti-virus Software

If you are running Windows, you should have anti-virus software. One of the best is free for personal use. It is:
AVG Anti-virus Free Edition

It includes free anti-virus updates and does a great job of finding and stopping viruses.

The only downside to AVG is that every year or so AVG comes out with an update that requires a fresh install of the new version. And on the website, you need to look for the free version. AVG does push their paid version.

When installing, you don’t need to install their browser plug-in which can needlessly slow things down. Instead, for safety, you should use Firefox when browsing the Internet.

Compared to standard anti-virus software from Norton and McAfee, AVG does both a better job finding viruses and is less resource hungry in my opinion. Often I will find a system that is completely bogged down, not by viruses but by Norton’s rediculously large Internet Security Suite of software.