Category Archives: Malware

Malware never sleeps

Posted on by
Reply

Malware and Trojans and Viruses, oh my!

Oh geez, again? This crap is really annoying.

So I just launched a new web presence for Engineer LLC (my new encompassing venture for business). I set up a WordPress blog on the site. So I was checking out the “official” themes on the “official” WordPress website a bit later and I saw one that looked interesting. Curious to see more I selected the hyperlink for the theme Author…

!!! AHHHRGH !!! Malware Attack !!! AHHHRG !!!

Malware

Luckily, Microsoft Security Essentials trapped it right away. However, it had apparently left the tentacles. Next day… OK the computer starts fine, but wait there’s more! Now my browsers (all of them) keep getting the home page hijacked to some Spanish language Movie website? Gimme a break!

(Update 01/07/2012) The annoyance took a bit of work to get rid of, but now it’s gone. While the anti malware stuff caught and killed the threats immediately, it left behind 2 executables in the temporary and program data folders, set to run on startup and lurk until a browser was run. Then the registry was overwritten with the offending url over and over again. Narrowing it down was a hassle. Shut down all the browser add-ons, nope. Run msconfig and deselect all suspected interlopers and possibly compromised legit apps. OK that stopped it. reactivate the browser add-ons one by one, nothing there. Delete the startup items that are not recognizable and enable the suspected legit apps. Restart again and it’s still OK. OK then it was one or more of those unrecognizable .exe files. Stinky malware…

Trojan infections… People, get a life.

Posted on by
2

Most of you who know me well are aware that I am what many describe as a “White Hat Hacker” (although I perfer to envision myself as a “Clean and Green Tech Wizard” maybe I should get one of those White Wizard hats).  The White Hat speaks to the fact that I do not tolerate evil in computing, and will crush it when given the opportunity.

One of the organizations for which I manage IT has had a couple of run-ins with recent variants of the Vundo worm/Trojan.FakeAV/Fraudware blended threat.  Where do people find the time to cook up this elaborate crimeware?  These crooks suck!

The latest one that I had to kill came up with this “Windows Police Pro” fraudware…

Fraudware

Even if you dont fall for this crap, it still costs individuals and businesses huge.  This example took over 4 hours to completely remove working remotely.  That’s $$$

The annoyance keeps getting more tenacious as it  evolves.  This time I had to halt “PolicePro” and remove it from the startup list to gain the abilty to install the MalwareBytes rootkit removal tool (an excellent product). The next restart triggered a more obnoxious version calling itself “Security Tool” which attempted to disable the system tools.  Yawn,  all that did was cost my client more money for another 30 minutes of my work.  Well at least part of the name describes the perpetrators.  TOOL!

In case you didn’t know.  The fraudware attempts to convince the user to proceed with the promise of removing a number of malware threats that it allegedly discovers.  The unsuspecting user will then be prompted to spend money to “purchase” the functional version.  In reality the “purchase” does nothing except transfer funds to the criminals, who also sell your stolen identity information for more money.

In the meantime, and until the ROOTKIT that prevents removal is exorcised from your computer you will be plagued by this menace indefinitely while it renders your computer useless.

Message to the perpetrator(s) : TOOL!