Last week I came up against a piece of malware that is still “eating my lunch.” And I don’t know where I got it.
I was researching a DNS problem I have, going through Google and reviewing various topics. So I can tell you somewhat where I went, but I got too busy too fast to identify the website culprit.
My screen starting showing pop-ups about how I have a nasty virus and need to install a product. The name of the thing goes under “Anti virus-AR,” but it could have any name, all things considered.
It began with pop-up alerts, screens to install that I could not shut down. It shut down Task Manager, told me any command I tried to run was infected, could not be closed, and redirected my browser. And started to send out spam in the bargain. My Norton Symantec crashed/was shutdown.
After reboot, it did it all again (of course). It also shut down my antivirus functions entirely. Most sites list it as “fearware,” designed to get you to their website and collect your credit card information for buying their fake product. From what I could see, it’s a bonus if they get that.
In the interests of education, I decided to try and eradicate it, instead of going to our IT Guys, who have already ragged me endlessly. It has been a painful education so far.
None of the descriptions of this particular one that I’ve read about indicate how virulent the install is. This is much MORE than just fearware. It’s a multiple trojan spambot.
This ##$$%%*** changed at least 50 files of all types, wrote over a dozen changes to my Registry, and installed over a dozen pieces of Trojan software.
Six hours later, I’m STILL not sure I’ve gotten it all out.
Part 2: Anti-malware and registry hunting