Search This Blog

Sunday, January 2, 2011

Question of the Day: Get rid of the fake antivirus software/ System Tool Virus/Malware (Windows)?

I'm not going to claim to be an expert (nor do I play one on TV), and when one of these sorts of things slipped through all of my layers of protection/malware/antivirus, I had to manually remove it. Anyhow, one of my friends has been struggling to get rid of this and posted a plea for help, so here are my recommendations. If you're on a computer that is not yours, then you should probably talk to the owners, your IT, etc, mmkay? ;-)

The key symptoms: messages that your computer is infected (and you need to buy a product to get rid of it). However, these tricks should work with just about any piece of malware out there. First course of action should always be your antivirus/malware software, but if you can't get to that or it doesn't work, there are other options. If you have this particular nasty bug, you can not get to your antivirus software nor can you get out on the net.

You'll need to save any needed files from 'the net on a flash drive or disk, to use on the infected computer. As a security precaution, if you can unplug your modem or shut down network access to the infected computer, that would probably be wise, in my opinion.

Once you've gotten rid of this nasty bug, it would be wise to make a new System Restore point.

So, here are some suggestions, IF you can't get to your antivirus/malware software:
  • Use a removal tool from the web
  • System restore or force last successful installation (builtin windows features)
  • Use backup discs or original installation discs
  • Use HijackThis and manually remove + cleanup

Removal Tools
System Restore
System Restore is an easy to use & built in feature of Windows XP, Vista & 7. The point of a System Restore in Windows is restore your system back to a point prior to whatever problem is happening. It can be used when upgrades fail, malware/viruses which can't be treated by malware/antivirus programs, etc.
Windows *should* be making restore points automatically; however, if you do not see a restore point listed, then obviously you can't use this. ;-)

Note: You will lose some changes in software, drivers, etc that were upgraded or added after the rollback. You won't (or shouldn't!) lose Word documents, e-mail settings and messages, anything stored in My Documents, My Pictures, or My Music folders either. If you do a System Restore, just make sure to check for windows, virus protection and other program upgrades. Hopefully, you should have several restore points to choose from.

You will need to work in the Safe Mode on the infected computer
XP instructions:

Windows 7 and Vista instructions:

Don't forget to rerun your virus scan; check for upgrades and make a new restore point.

Last Known Good Configuration feature
XP instructions:

Vista instructions:

Windows 7 instructions

*this may or may not work for this kind of malware, but it's really not going to hurt to try it!

Backup discs or reload from original installation discs
Depending on what your comfort level is with manually editing the registry (see below), you may prefer to reload a clean copy from your backup discs (or drive) or even reload from the original installation discs/files.
That's kind of up to you. Reloading from the backup discs will mean that anything you've added since those files will be lost. Reinstalling from the original installation will take your PC back to the "just out of the box" state.

Manually delete it and clean up registry
How to use Hijack this to get rid of it; more manual, but will not lose anything other than the malware (if you do it correctly!) The later half of this post focuses on Hijack This and is excellent step by step.

I love hijack this and have used it several times to help clean up my registry, but if you screw up your registry it can be alot of work to fix it. So, be careful. ;-)

No comments: