Tag Archives: Malware

Instructions to Remove the Malicious Finding Discount Program

More and more computers these days get infected with adware and malware programs. A customer recently brought his laptop in that had the Finding Discount program installed. This program is malicious and I would consider it a PUP (Potentially Unwanted Program). It will change your search engines, bring up messages about your computer being infected, and slow down your computer. Here is a step by step process on how to remove this software.

The computer that was infected was running Windows 8.1. However, the removal process should be similar for those who are running Windows 7, Windows 8, or Windows 10.

Step One: Go to Control Panel > Programs > Uninstall a Program. Locate Finding Discount and click Uninstall.Finding Discount Under Programs

Step Two: When you click Uninstall you will get redirected to a webpage. It will probably look similar to the one below.This is when it gets interesting. Normally, you can click uninstall on a program and it will just remove itself. But this program proves to be quite tricky.Finding Discount Webpage

 

Step Three: Just ignore the message it is proclaiming. . . it is bogus. Scroll to the bottom of the webpage and enter the uninstall characters they provide.

Finding Discount Uninstall Code

Step Four: A small download will start called FindingDiscountUninstaller.exe from uninstall.finding.discount. Click Run once it is finished downloading. Continue reading

Tips to Identify and Remove Poweliks Virus

Some more new malware that is hitting computers today. Thankfully there is a tool that can remove this one (or at least in my case). This blog post is about the Poweliks virus. You can find more detailed information about this virus on a couple other sites. I have the links at the bottom of the article.

The G DATA SecurityLabs have analyzed persistent malware which resides in the registry only and therefore does not create any file on the infected system. An overview of this mechanism was firstly described quite recently in the KernelMode.info forum. The analyzed sample is dropped by a Microsoft Word document which exploits the vulnerability described in CVE-2012-0158. The document was reported to be found as an attachment of fake Canada Post and/or USPS email which claims to hold information about ordered items for the recipient of the spam.

Source

I connected to a customer’s computer the other day. The laptop’s CPU usage was near 100% and had all kinds of crazy processes running. One process in particular was named inobbcrsb.exe. inobbcrsb.exe virusThis process was posing as a Google Chrome process. Also fixmapi.exe and msfeedssync.exe were using up an incredible amount of processing power.

First off download Process Explorer. You can see way more information on what is exactly happening with the processes on your computer. I knew inobbcrsb.exe had to be no good! I right-clicked on the process tree and suspended the process.Inobbcrsb.exe Posing as Google Chrome I checked the path where this executable was Continue reading

How to Remove Google Chrome Ransomware

I ran into this ransomware for the first time the other month. While a customer was browsing the Internet with Google Chrome, she got the following pop-up in her browser.

image

She knew it wasn’t legit so she decided to just close out of the browser. When she tried to close out of Google Chrome, this window popped up. Continue reading

Clean Computer to Prevent System Breakage – Windows Accelerator Pro Virus

In the recent past I received an email from someone that was wondering what he should do about the following pop-up.

SystemBreakage

Microsoft Antivirus has found critical process activity on your PC. You need to clean your computer to prevent the system breakage.

Before I got a chance to email him back, he hit OK on that pop-up. He then received this pop-up.

FakeAVmessage

Take note of the misspelling of the word, might.

I quickly emailed him back and told him that it was a fake anti-virus message. If he would have clicked clean computer, he would probably have gotten infected. I told him to run a full scan with his antivirus software. Thankfully, he wasn’t infected.

I decided I would have a little fun with this virus. I have a virtual machine for technical purposes, so I decided I would try to infect my virtual machine with this virus. I found the website that was infected.  Continue reading