URL and Link repository

Sunday, January 18, 2015

Fake Anti-Virus

At my day job, a customer brought in a laptop and requested a diagnostic as it had recently slowed down and there were unwanted URL requests when opening a browser. I found this error when attempting to download external tools: "This file contained a virus and was deleted." I immediately suspected that the virus was blocking removal attempts. Luckily, I had these tools already on a USB flash drive. Here is what I did to start fixing the problem.
  • Confirmed that safe mode also infected
  • Confirmed that customer had data backed up
  • Advised that the best approach would be to reinstall Windows
  • Confirmed that customer had no installation disks
  • Warned the customer that a surgical approach has risks.
  • Risks accepted in writing
  • Ran msconfig to limit start up programs and services
  • Reset browsers to default
  • Ran regedit to adjust values
  • Adjusted internet options to allow certain websites
  • Copied Malwarebytes, ADWcleaner and HitmanPro from my USB flash drive
  • Ran all these tools.
  • Opted to not try combo-fix on my own
  • Downloaded Nexus client.
  • Connected to remote engineers who finished the cleaning with licensed and proprietary software.
  • Sites that helped me

  • Malwaretips
  • TechSupportAll