Some more new malware that is hitting computers today. Thankfully there is a tool that can remove this one (or at least in my case). This blog post is about the Poweliks virus. You can find more detailed information about this virus on a couple other sites. I have the links at the bottom of the article.
The G DATA SecurityLabs have analyzed persistent malware which resides in the registry only and therefore does not create any file on the infected system. An overview of this mechanism was firstly described quite recently in the KernelMode.info forum. The analyzed sample is dropped by a Microsoft Word document which exploits the vulnerability described in CVE-2012-0158. The document was reported to be found as an attachment of fake Canada Post and/or USPS email which claims to hold information about ordered items for the recipient of the spam.
I connected to a customer’s computer the other day. The laptop’s CPU usage was near 100% and had all kinds of crazy processes running. One process in particular was named inobbcrsb.exe. This process was posing as a Google Chrome process. Also fixmapi.exe and msfeedssync.exe were using up an incredible amount of processing power.
First off download Process Explorer. You can see way more information on what is exactly happening with the processes on your computer. I knew inobbcrsb.exe had to be no good! I right-clicked on the process tree and suspended the process. I checked the path where this executable was Continue reading
In the recent past I received an email from someone that was wondering what he should do about the following pop-up.
Microsoft Antivirus has found critical process activity on your PC. You need to clean your computer to prevent the system breakage.
Before I got a chance to email him back, he hit OK on that pop-up. He then received this pop-up.
Take note of the misspelling of the word, might.
I quickly emailed him back and told him that it was a fake anti-virus message. If he would have clicked clean computer, he would probably have gotten infected. I told him to run a full scan with his antivirus software. Thankfully, he wasn’t infected.
I decided I would have a little fun with this virus. I have a virtual machine for technical purposes, so I decided I would try to infect my virtual machine with this virus. I found the website that was infected. Continue reading
Monday Morning: Today I visited a customer that was infected with the “Antivirus Security Pro” virus. Our customer was using Windows Intune for antivirus protection on a Windows 7 computer. Here are a couple screenshots of the virus. It tries to pose as a legit antivirus program, when in fact it is infecting your PC. It then tries to make you pay for the antivirus software to fix all of “the problems” it is finding.
One of our customers contacted us today about the ‘The United States Department of Justice’ virus their computer got. This is the pop-up that came up, and would prevent them from doing anything.
Here are the steps I used to remove this virus.
Step One: Download Autoruns to a flash drive.
Many people panic when they see this virus.
This virus pops up with a dialogue box saying that your computer has been locked because you were viewing adult material that potentially breaches the Obscene Publications Act in the U.S., your computer contains images of child abuse, and so on. This virus holds your computer ransom till you send them money through MoneyPak. (When they get the money they won’t unlock it!) Here are the REAL instructions for removing this nasty virus.