Most of you who know me well are aware that I am what many describe as a “White Hat Hacker” (although I perfer to envision myself as a “Clean and Green Tech Wizard” maybe I should get one of those White Wizard hats). The White Hat speaks to the fact that I do not tolerate evil in computing, and will crush it when given the opportunity.
One of the organizations for which I manage IT has had a couple of run-ins with recent variants of the Vundo worm/Trojan.FakeAV/Fraudware blended threat. Where do people find the time to cook up this elaborate crimeware? These crooks suck!
The latest one that I had to kill came up with this “Windows Police Pro” fraudware…
Even if you dont fall for this crap, it still costs individuals and businesses huge. This example took over 4 hours to completely remove working remotely. That’s $$$
The annoyance keeps getting more tenacious as it evolves. This time I had to halt “PolicePro” and remove it from the startup list to gain the abilty to install the MalwareBytes rootkit removal tool (an excellent product). The next restart triggered a more obnoxious version calling itself “Security Tool” which attempted to disable the system tools. Yawn, all that did was cost my client more money for another 30 minutes of my work. Well at least part of the name describes the perpetrators. TOOL!
In case you didn’t know. The fraudware attempts to convince the user to proceed with the promise of removing a number of malware threats that it allegedly discovers. The unsuspecting user will then be prompted to spend money to “purchase” the functional version. In reality the “purchase” does nothing except transfer funds to the criminals, who also sell your stolen identity information for more money.
In the meantime, and until the ROOTKIT that prevents removal is exorcised from your computer you will be plagued by this menace indefinitely while it renders your computer useless.
Message to the perpetrator(s) : TOOL!
I had to spend most of two days removing a group of popups, trojans, backdoors, keyloggers or who knows what after my son followed a link looking for information about a FACEBOOK APP!!!
Some nasty individual(s) taking advantage of innocent people. It took many pieces of software to remove everything in waves of counterattack. I used (in no particular order) SuperAntiSpyware, MalwareBytes, McAfee security suite, SDFix, ATF Cleaner, Flash Disinfector, and SmitFraudFix.
When the link was originally clicked it redirected to some site and a popup warning of a virus was clicked in an attempt to close it and it started downloading numerous attacks. Fortunately I walked right up and shut the browser down, but too late.
After everything was cleaned I changed all passwords. Everything has been cool since.
There ought to be a law!
My wife nearly got hit by it just a few minutes ago. She got a “suspect site” warning from the IE8 browser, shut it down, and still almost inadvertently downloaded. She was about to press the cancel button on the ominous “You are still infected!” pop under window which would have downloaded the worm no doubt, but she had called me over to see the message and I closed it with alt-F4. It appears to have halted prior to download, lucky! It didn’t shut down the legit AV software and I was able to install MalwareBytes without any trouble. Of course, we won’t be sure until a series of scans, a restart and repeat scans are complete.
Happy Holidays (you stinkin’ Grinches)!