Wednesday, August 15, 2012

Malware removal

I got an urgent email from one of my friends yesterday morning. His PC was infected with the same malware that I had. He needed help. He had read that I had successfully removed the malware from my own PC so he requested my help.

What is this malware?

This is a type of malware referred to as "scareware". Once infected, your PC will keep displaying a "security" program. The program "scans" your computer like an anti-virus program and reports many infections. You are encouraged to "sign" up for the "registered version by paying an fee (you need to use your credit card). Not only will you have been fleeced, your credit card details are now with the originator of the malware and you can expect to see many unauthorised transactions using your card in your next statement.

In reality, the infections are fictitious and the program does nothing even when you have paid (it just stops reporting infections).

I was surprised to see how well designed the whole scam was. Look at the picture below.

It looks like a real legitimate anti-virus or security program. The user interface design is so well done, I suspect this is a most lucrative scam for the attacker. The victim will feel helpless because the program intercepts keystrokes and mouse clicks so that the victim will not be able to do anything, not even shutting down the computer.  I can see how many will in desperation, fall into the trap of paying up, just to get back their machine.

How do you get infected?

The most common way is you went to a site which has this malware inserted into the web-site. Then you clicked on a link or some popup that appeared and you got hit.

There have been reports that just "driving by" i.e just visiting a site without doing anything can get you infected. That is just scary.

The attackers are also very smart. Security programs detect infected sites through the malicious software's "signature". Now the attackers keep changing the signature (sometimes up to several times a day) to defeat the security. So no matter how careful you are, you can get infected.


The method I used on my own computer is very fast but quite risky for those not conversant with computers and operating systems and I do not recommend it. For my friend's PC I used a different, more traditional method but it took me three hours.

First download Windows Defender Offline from this site.  You need to be running a genuine Windows operating system otherwise you are out of luck. There are other ways to get Windows Defender, use your creativity.

Once you have the executable, get a blank CD ready and run the setup program. Just follow the instructions and you should have a bootable CD at the end.

Insert the CD into the infected PC's cdrom. Now you need to go into your PC's setup area and this differs from PC to PC but using tapping the ESC or DEL key works for most PCs. In the bootup option, choose to boot from the CDROM. Then let the PC boot using the CD that you have created. Windows Defender will start.

Choose the full system scan. This will take a while, be prepared to wait at least an hour.

Once the scan has been completed, click the Clean PC button. You should now be free from the malware (and possibly other viruses as well).

Remove the cd from your drive and reboot your machine as normal and check if you have gotten your life back.

This is just a quick summary of how to remove this malware. Google "live security platinum removal" if you want more info.


Post a Comment