Malware Minute: Malware Now Imitates PC Utilities
December 21, 2010 by The Pit Crew in Malware Minute
About The Pit Crew
PC Pitstop's Pit Crew is committed to providing you with the information you need to keep your PC running like new.
Loading ...
Rob Cheng
Steve Hogan
Lyle Schuknecht
Steve Bass
Harry McCracken
Chris Pirillo
Bill Pytlovany
John Dodge
Leo Notenboom
Bob Rankin
Windows Secrets
GFI VIPRE
Windows Talk
Powerpoint Tips
Techlicious
Make Tech Easier
Dave's Computer Tips
Burn World
Excel Tips
Windows Observer
Ask Dave Taylor
Word Tips
Tips4PC
Windows Club
Windows Guides
PCTechBytes
Everything Microsoft
Terry Stockdale
This is what I did to remove HDD malware…. go to Windows Defender. Once there there is a drop-down button for other options. One of them allows you to see what is running on your PC. It shows running program details (such as where the program is on your hard drive). Look for the HDD program and Copy the Directory location into memory (high light the text, right click, Copy).
Use windows explorer to traverse to that directory (or paste directory into windows explorer from memory) and delete the malware .exe file that running. If the delete attempt fails due to being “in use”, you will need to go to Windows Tasks Manager and kill (right click, End Process) any process that look suspect. This kill the program that is currently running. Don’t worry about killing a legitimate program, as this only “stops” the current instance in memory from running.
Again, don’t remember what process name I shut down this way, but believe it had HDD in the Name or the Description. Once you killed the HDD running process, go back and re-attempt the .exe delete.
For my wife’s laptop, it was a give-away because it was running under “C:UserNameApplication DataTemp” where no legitimate program would install and run from.
Hope this helps.
I use Avira antivirus – free for personal use. It does a good job. I think you can download from CNet site. However, I combine that with ZoneAlarm Firewall (also free), AdAware (free version) and Threatfire (free version). Sometimes I think it takes longer to boot but they work well together and I’m safe.
I got rid of this virus easy(Not being big headed), simply do a CTRL-ALT-DELETE and then goto the File menu and Run, type in explorer and it starts the rest of your system. From here you can get rid of this bugger of a virus/malware/whatever.
Hope this helps someone else else out there, this almost drove me mad until I tried the simple approach(Remember to use Malwarebytes, Spybot and RegEdit to delete the bugger from the Run section
If anyone wants any more detailed info, then just ask and I’ll write up a step by step guide
I use Malwarebytes., a free download, which so far Has always removed all Worms, Trojans ect. I run a complete scan daily. Additionally I have AVG 8.5 anti-virus a free download It does a very good job an all viruses but does not detect most Malware and Trojans I also installed Windows defender and windows firewall. I check for updates daily on all my anti-virus.You can pay for anti-virus tools but why when excellent ones are available free. Any time I see one of these rogues or any thing suspect I start a Malwarebytes’ scan. So far this method has kept my computer free from infections. I am on the web about 4-6 hrs. daily. Brenda the people that design these rogues and try to harm other people’s computers are mentally sick degenerates.
Why does apple or mac computer not have PC PITSOP. It is an awesome windows application?
Agreed. Malwarebytes rules. SuperAntispyware works well also, I’m constantly removing junk off our office computers because the other guys can’t keep their hands clean
I too was able to remove a fake Disk Defragmentor by using Malwarebytes. The system was like new again.
Hmmm, large rectangle with a broken link pic in the corner hardly inspires confidence…
My PC got infected last week with System Tool Essentials 2011. It would not allow me to open any applications. I was finally able to boot up in “safe”mode to a earlier date and then run my CA antivirus program. After several daily scans I finally remove all malware and virus’(I think) I knew better but somehow I let it in.
I have found a free website from microsoft that does a great job at cleaning your computer, plus it wont clean anything that may stop a program from working….here is a link http://onecare.live.com/site/en-us/default.htm
its from microsoft and they now offer it for Vista and Win7…..ITS A ACTIVE X program so you dony have to install a program on your computer, you use in from your browser while on the web…I fix and build computers an I use it regurly…..great utility
This is nothing new. And it’s actually quite easy to remove the rogues without paying for it or reformatting. First download Malwarebytes and Advanced System Care. Also download Rkill. Boot into Safe mode with networking. First run Rkill to kill known malware processes. Install Malwarebytes and update if you have an internet connection. Scan and remove whatever it finds. Install ASC. Scan and remove any remaining spyware and fix registry errors. Reboot normally and install a good Antivirus Program (anything but Norton, Mcafee, or CA – resource hogs). I prefer AVG or Avast.
I got a laptop in today from a user that had a “Disk Defragmenter” on it. The computer wasn’t completely overrun and I was able to install Malwarebytes and remove all the trojans.
I’ve found that having Microsoft’s Auto Updates enabled along with using their Security Essentials and letting the monthly Malicious Removal do it’s thing I have managed to avoid malware so far. I would highly recommend such policies for others.
Yes. I found out the hard way also about 2 yrs. ago. I have only had my own comp. for 3 yrs. I knew very little about security. It was a Co. Lap Top. I applied for any security system , that was “Free”-Wrong-They put all kinds of viruses & advertizers into my computor.
Then I purchased Norton 360-Now it tells me if it is safe to open.
Anti-virus software is reactionary. Thus, the black hats are always one step ahead of the white hats. I have read that it can take up to one month for a large company, such as Norton, to counteract one new virus. Hundreds of new malware emerge everyday.
@Brenda: People use malware and viruses for a variety of purposes. Someone once said, “Data, that isn’t backed up, isn’t important.” If you frequently backup your data, you can easily reinstall Windows without having to pay a technician.
i too have run across this several times both by myself and other family’s computers. these thing should be illegal. they are hard to get rid of, but i have done it several times. people whom make these what i call “extortion” programs should be procecuted in some way.
Acronis allows you to restore windows before the faulty Windows loads. Works very well.
Jim
The solution that I use, if you have a PC that is infected with malicious software is to connect another computer to your home network (either wirelessly or wired) and use a program called “Remote Process Explorer” available from LizardSystems.
Using the uninfected computer, open “Remote Process Explorer” and add the computer with the infection to the list of computers. “Remote Process Explorer” will allow you when the location of any processes that are running and allow you to kill the process. The majority of malicious processes are using running from a location in your user profile or from the “Program Files” directory and usually has a randomly created name to it. Before killing any processes that you are not sure about, use the Internet on the uninfected computer to research the name.
After you kill the malicious processes on the infected computer, attempt to run the portable version of CCleaner on the machine. In CCleaner go to “Tools -> Start Up” and “disable” (not necessarily “delete”) the entries that are malicious. I recommend not deleting because if it is a legitimate process and you delete it, you will have to recreate the entry and CCleaner doesn’t support that.
After using CCleaner, reboot the computer and see what happens. If you are satisfied with what happens when you login, download, install, and run Malwarebytes.
This is what I do on a regular basis with computers at work, computers that I work with on the side.
Good luck!
This is not new. I was hit with it five years ago and it got so bad I ended up replacing my then five year old computer. Real copies of anti-virus and anti-spyware eventually did clean it out, however, so that computer has become a spare. Recently, I in Tokyo and my brother in Maine were hit by another variant again within a two week period of each other. Powering down IMMEDIATELY got rid of mine long enough to run Spybot and McAfee and my computer has been clean since. My brother was not so quick and his became more entrenched with each boot up. However, a program offered by HOWTOGEEK.COM got rid of his malware and he has been running fine ever since. There are numerous sites online that give free utilities to rid this malware. Google “get rid of fake antivirus” to find them.
This happened to me when I went to a website I have visited for 10 years. The only way I could get rid of the harassing malware was by going to safe mode and running Malwarebyte’s Anti-Malware which I had already installed some time before. It’s a great application that ferrets out some of the most difficult malware and bots.
Why is PCPitStop taking ads for PCMatic? What a scam that is!! I know someone who fell for that and finally gave up and got a new machine.
DC, of course there are ads for Pitstop products….we are at their site! I first learned about their reliabilty & trustworthiness form a Microsoft technician. Since then, several more technicians from other places have told me they were to be trusted.
Get VIPER and you’ll have the best anti-virus and anti spyware protection. To that add malewarebytes for the best ant-malware protection then sit back and enjoy.
Surprised you did not correct Brenda’s advice about shutting down your pc immediately–I was told by a reputable anti-virus company rep that you should NEVER EVER shut down your pc if you have a virus–CLEAN THE VIRUS FIRST–even if you have to telephone your anti-virus company support–because if you shut the pc down you run a pretty solid chance of writing the virus to the hard drive and may not be able to restart at all
@DC,
Many of these self-install, even if you have very high security enabled on your computer. In addition, I have a great A/V program, also use Spyware Blaster, Ad-Aware, Spybot, and a dozen other anti-spyware/malware programs on my system.
@Brenda,
I agree. I have avoided this problem most of the time because I did immediately power down as soon as I realized what was happening. If I waited a couple of seconds, it was too late.
@Sherrie,
Best hope it that you have backed up all of your personal files recently; something that should be done very often.
You can try using a Bootable CD and see if that works. If not, best case scenario is that you can find someone who can either get Windows back up, or at least recover any files/documents you don’t want to lose.
Just ran OverDrive and came out Bottom 32%, not bad for an Outta the box HP from Wally World. PCPitstop was the first site on the net after I set it up after loosing My Beast in Katrina. a1203W model was like leaving the Caddie and driving away in a Kia, not that thats a bad thing. heheheh was going to say V/W but they cost as much as a Caddie today.
The other day I clicked on something for information and immediately my virus scan software started alerting me and blocking the downloads. I quickly closed the website link did a full scan and everything seemed to have been stopped and qurantined. I’m using Microsoft Security Essentials and running a scan every night. So far I’ve been running this the past 8 months or so and everything seems fine.
Hahaha Ran Both those before doing a defrag and coming on line to read this page. Yeahhhh I admit whipping out the credit card and listening to its screams were justified. LOL
This happened to me twice. The first time I restored the PC using an external drive and Acronis software. The second time I hit the off button quickly. Then brought the PC up in safe mode.Then restored with Windows Restore to a previous day.Then downloaded and ran the free version of Malwarebytes. That removed the damaging trogens.
These rogues have been out there for a while! General rule of thumb do your research before installing anything that claims to repair errors for whatever! Oh and I like the subtle PCMatic and Optimize 3.0 adds on the side and top of this post (Hint Hint!):)
I sovled my Experiments of On-Line Scans with the purchase of a 1T External Drive I use as Back-up C:.
Quarterly I Format the internal C: and do a transfer from the External Drive. I look at the labor cost saving from the Tech Shop, it pays for itself in 6 months.
Hi i always use the free software spybot to clean and then protect my computer from future problems, it is best to clean in safe mode first time if your computer has a lot of problems
most of these viruses that cripple your system can be easily fixed with a simple vista exe fix run the program it cripples the virus so that you can run exe files such as malwarebytes and superantispyware or just your regular antivirus. i search for new viruses every day on my crash box to learn how to remove them my local computer shop even comes to me when they have a bug they cant remove..if you see the virus start to scan or even the program starting it is too late and shutting off your computer will only help aid in the program taking over your machine.
To Sherrie. This has happened to me too but fortunately I had my system backed up on an external hard drive which was disconnected from my computer. This is important otherwise both the computer and backup become contaminated with the same virus. Make sure that the external drive (USB) has the complete operating system not just your documents and files and then you can format your ‘C’ drive (cleans everything off it) and reinstall everything again. Disconnect from the internet while you do this. Reconnect and install ‘Microsoft Security Essentials’ (free app from Microsoft)
To fix this problem download malwarebytes and superanti spyware it will take care of the problem.Also if it wont let you on I downloaded iobit secuity 360 it let me run it and took care of the problem these jerks have nothing else better to do than to wreak havoc on your pc.Hope this helps.Also one last thing if this fake virus comes up on your pc dont click anything just shut down your pc
This is really nothing new. The hardest viruses to get rid of are the ones that act like they scan your computer for viruses then offer to get rid of them for 39.95 and use up all of your comps resorses, disable the restore, and pretty much you gotta reload evevything.
Also the malware types are getting very clever. So do not close a pop up window that claims to want to scan your PC or something like this with the red X in the upper right hand corner. This causes the executable to run. Instead hit control alt delete to start task manager and close it that way. then run scans with your antispyware and antivirus software
Some of my older friends were taken in by these fake PC utilities pop-up virus warnings. By the time they called me to help, their PCs were “locked”. The answer is to perform a BIOS “safe mode” boot and then a system restore. Nothing elso works. When these malware pop-ups appear, they can be defeated by immediately performing a right click on the system tray program “utility” icon and then clicking “close”.
Too easy. Insert the restore disc and wipe the computer, and stay off the porn sites. The only time I ever have an issue is surfing for porn. Better be prepared to lose some data, unless your PC is like my emachines with PC angel, at least it saves your old files. Truth hurts, I know.
I had a friend who had that same problem. Luckily, I was able to boot his computer through safe mode and was able to get the malware of his computer. The best way to avoid is research and go to the website that has the program. Usually, it is the best way to go. Mostly, no one wants to buy McAfee or Norton subscription at the end of a 30 days free trial or already using the programs for a year. I used Microsoft Security Essentials and Malware-Anti Malware. You can also use AVG and Avast.
The last time I saw one of these scams my bro-in-law had it…all I did was ran a restore back to the last backup date which was 2 days and this took care of it. I would say this would work for them all…dont quote me tho, just as long as you have this feature ON…most people turn it off to save disk space…you got your work cut out for you if its off.
I usually use another PC to google the software and normally find a fix for it. PCMatic and Malwarebytes ( http://www.malwarebytes.org/ )are both excellent to help resolve issues also.
I have been a victim of this even though I’m a techie and have antivirus et al software (don’t know how it did not get caught.) Anyways, you generally can boot but it goes to the same “site” to get you to pay for cleaning your computer. I wish a hacker would hack that site. But you should create a bootdisk (AVG free allows this) reboot and run tools such as malwarebytes to clean your machine. I was able to do this even though I had failed to create a boot disk previous to the infection. should work for you
If your PC infected, I advise going to http://www.malwarebytes.org They are among the very best at keeping malware off your computer.
I got hit with the one that rode in on the ITUNES update. WHat I did was remove the hard drive from the tower and put it in my hard drive docking station (great to have-$23 on Amazon) then using my laptop scanned the infected hard drive using the Microsoft Security Essentials-then it distroyed the virus (malware)-I put the hard drive back in the desktop and the computer worked fine.
There are a few you tube videos that give you step by step instructions on how to remove the malware and get your computer back. I was able to follow the prompts and restore my computer and it only cost me my time….
Sherrie, I haven’t seen one that prevented a reboot. The creators of this malware want you to send them money for their “AntiMalware”, so it’s in their best interest to make sure your computer stays running.
I come across it frequently. With XP, you have to “End Task” from Task Manager (Ctrl-Alt-Del) because any mouse click within the dialog box prompts the download. Windows 7 will close your browser window.
Avast will prevent it from making big changes (but won’t always stop the script / redirect) and Mawarebytes does the best job of getting rid of anything leftover.
I have learned from paying twice this year to get virus off my computer. If you see anything that says it will fix something wrong with your computer even if it says it is Microsoft(which I trusted last time) hit the power button as soon as you can, I mean A.S.A.P. and hope when you power back up you caught it in time. This virus speaders are very smart also I learned that they pay for cookies when you do scans and lookups. Just get a very good virus protection that will not let these things come thru. I am currently looking for that.
Last time this happened to me I had to take my and get it fixed and of course I had to pay. I don’t understand how this can make someone happy to hurt other people’s things.
So lets say you get this HDD fake malware…how do you get rid of it when your computer won’t let you do anything? Then when you reboot your computer it no longer will log into windows…not in safe mode, or using last known good login. What now?