Malware I hate it with a passion! The new malware coming out these days is extremely smart. Recently, I had the opportunity or maybe misfortune of having to try to remove some malware.
The customer contacted us and said his laptop had been running very slowly the past week or two. He told us the process, explorer.exe was hogging a lot of memory, sometimes up to 4 gigabytes of it! I connected and began troubleshooting his problem and soon came to the conclusion that malware was definitely the culprit for making his laptop run slowly. I will list my steps and what I tried, bear with me if I’m kind of scattered. I went down a lot of dead-end streets before killing the malware.
Step One: Download Process Explorer and Process Monitor. These tools were immensely helpful in identifying what processes were using up memory and processor.
I ran Processor Explorer and soon saw the parent Explorer.exe process had a sub process hiding underneath it called Explorer.exe. Continue reading
I ran into this ransomware for the first time the other month. While a customer was browsing the Internet with Google Chrome, she got the following pop-up in her browser.
She knew it wasn’t legit so she decided to just close out of the browser. When she tried to close out of Google Chrome, this window popped up. Continue reading
In the recent past I received an email from someone that was wondering what he should do about the following pop-up.
Microsoft Antivirus has found critical process activity on your PC. You need to clean your computer to prevent the system breakage.
Before I got a chance to email him back, he hit OK on that pop-up. He then received this pop-up.
Take note of the misspelling of the word, might.
I quickly emailed him back and told him that it was a fake anti-virus message. If he would have clicked clean computer, he would probably have gotten infected. I told him to run a full scan with his antivirus software. Thankfully, he wasn’t infected.
I decided I would have a little fun with this virus. I have a virtual machine for technical purposes, so I decided I would try to infect my virtual machine with this virus. I found the website that was infected. Continue reading
Monday Morning: Today I visited a customer that was infected with the “Antivirus Security Pro” virus. Our customer was using Windows Intune for antivirus protection on a Windows 7 computer. Here are a couple screenshots of the virus. It tries to pose as a legit antivirus program, when in fact it is infecting your PC. It then tries to make you pay for the antivirus software to fix all of “the problems” it is finding.
One of our customers contacted us today about the ‘The United States Department of Justice’ virus their computer got. This is the pop-up that came up, and would prevent them from doing anything.
Here are the steps I used to remove this virus.
Step One: Download Autoruns to a flash drive.