More and more computers these days get infected with adware and malware programs. A customer recently brought his laptop in that had the Finding Discount program installed. This program is malicious and I would consider it a PUP (Potentially Unwanted Program). It will change your search engines, bring up messages about your computer being infected, and slow down your computer. Here is a step by step process on how to remove this software.
The computer that was infected was running Windows 8.1. However, the removal process should be similar for those who are running Windows 7, Windows 8, or Windows 10.
Step One: Go to Control Panel > Programs > Uninstall a Program. Locate Finding Discount and click Uninstall.
Step Two: When you click Uninstall you will get redirected to a webpage. It will probably look similar to the one below.This is when it gets interesting. Normally, you can click uninstall on a program and it will just remove itself. But this program proves to be quite tricky.
Step Three: Just ignore the message it is proclaiming. . . it is bogus. Scroll to the bottom of the webpage and enter the uninstall characters they provide.
Step Four: A small download will start called FindingDiscountUninstaller.exe from uninstall.finding.discount. Click Run once it is finished downloading. Continue reading
Some more new malware that is hitting computers today. Thankfully there is a tool that can remove this one (or at least in my case). This blog post is about the Poweliks virus. You can find more detailed information about this virus on a couple other sites. I have the links at the bottom of the article.
The G DATA SecurityLabs have analyzed persistent malware which resides in the registry only and therefore does not create any file on the infected system. An overview of this mechanism was firstly described quite recently in the KernelMode.info forum. The analyzed sample is dropped by a Microsoft Word document which exploits the vulnerability described in CVE-2012-0158. The document was reported to be found as an attachment of fake Canada Post and/or USPS email which claims to hold information about ordered items for the recipient of the spam.
I connected to a customer’s computer the other day. The laptop’s CPU usage was near 100% and had all kinds of crazy processes running. One process in particular was named inobbcrsb.exe. This process was posing as a Google Chrome process. Also fixmapi.exe and msfeedssync.exe were using up an incredible amount of processing power.
First off download Process Explorer. You can see way more information on what is exactly happening with the processes on your computer. I knew inobbcrsb.exe had to be no good! I right-clicked on the process tree and suspended the process. I checked the path where this executable was Continue reading
I ran into this ransomware for the first time the other month. While a customer was browsing the Internet with Google Chrome, she got the following pop-up in her browser.
She knew it wasn’t legit so she decided to just close out of the browser. When she tried to close out of Google Chrome, this window popped up. Continue reading
In the recent past I received an email from someone that was wondering what he should do about the following pop-up.
Microsoft Antivirus has found critical process activity on your PC. You need to clean your computer to prevent the system breakage.
Before I got a chance to email him back, he hit OK on that pop-up. He then received this pop-up.
Take note of the misspelling of the word, might.
I quickly emailed him back and told him that it was a fake anti-virus message. If he would have clicked clean computer, he would probably have gotten infected. I told him to run a full scan with his antivirus software. Thankfully, he wasn’t infected.
I decided I would have a little fun with this virus. I have a virtual machine for technical purposes, so I decided I would try to infect my virtual machine with this virus. I found the website that was infected. Continue reading