Virus on my sons PC

There is an ongoing trend of pop-up webpages that attempt to simulate anti-virus programs. The nasty thing about these is what they do to a system.

If you click anyplace on the screen you have the potential of installing software. If you have Vista or Windows 7 you will get a window asking if you really want to install. Windows XP, it just does it, unless your system has anti-malware that is up to snuff.

Best way to get out of this if you don't? Bring up the task manager, and stop the process. In some cases you have to stop the Explorer.exe process itself! I am fairly hands off PC guy at home. I will give instruction but I am loathe to have my kids rely on anyone directly intervening.

When my kids wanted a CD burner, I pointed them were they could find pricing and features. After one was purchased I left it up to them to install. My daughter built her first PC from parts I had secured, I did have to step in on some of the more perplexing bits. All in all it has been a pretty good policy. I have been big on having backups on flash drives and saving big documents often.

So last night my son described what could only be a Trojan style virus as pictured above. A quick visual and assurance that he had not clicked anyplace on the window, had me issue instructions.

Reboot your computer into safe mode. You do this by spamming the F8 key.

Run a virus scan while in safe mode. Fix\Repair\Delete the bad mojo.

Run the cleaner software after that.

Reboot and see the results in Regular mode.

He did (there was some questioning around the F8 key working as it should). Upon Reboot the malware re-asserted its alpha dog status. It quickly became apparent that it wanted to take me on. To which I say "BRING IT!"

Hard shut down (holding the power button for around 10 seconds).

Reboot and spam the F8 key (hitting it over and over until the DOS text looking screen comes up)

Boot into safe mode. Pull up the Registry and start looking for the installation tracks.

HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Security 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform “Desktop Security 2010″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Desktop Security 2010″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “SecurityCenter”

Google the offending item and see that it is a nasty one. Further it looks like it installed a bunch of other random crap as well as infected the System Restore file. Ugh...

Pull out the batman utility belt (my flashdrive). Webroot spysweeper, CCleaner, Revo Uninstaller. Then some followup dective work shows me that AVG and Defender are compromised. Further they have not been updated in quite some time.

Which means a Dad lecture about safe computing to follow...

Uninstall the offending programs, reboot to safe mode + networking and install the latest version, update and scan. Suprise it actually finds some hidden nasties as well.

Windows update and grab the security updates and one final scan. "This house is clean"

A reboot and nary a sign of the nasty. I re-started system restore and started gathering my copious piles of notes, graphs and charts for the lecture...