We all know about the Fake AV, Fake Security Center, and similar malware. I’ve started running into a new variant, one that is a bit more of a pain.
I would say that 75% of my job winds up being removing malware from clients machines. I find it annoying, and really would love to find a way to rid the world of the scourge of malware, but that is a rant for another time.
I’ve watched the malware come in waves over the years. The spyware craze of the early 2000′s, the Melissa and I Love You viruses, the start of the Fake (Insert software here) malware. The Fake software ones have been merely annoying, and pretty easy to remove with standard tools, at least until now.
Over the last couple weeks, I’ve run into a new version of the Fake software malware. This one not only claims you have problems, but then turns around and at minimum hides folders on the machine so it seems that you’ve lost most everything. One variant even removes most of the system restore points, and hides essential folders. This second one, is the biggest pain to remove.
Combofix, Malwarebytes, and Superantispyware, will find and remove the malware, but the damage done to the machine between having to reset permissions, to unhiding folders ( and sometimes having to dig down to find what folder is still hidden), to repairing the system restore feature (got do %windir%\inf\sr.inf , right click and install to repair it) of XP is time consuming.
I know that the underworld of the internet makes a lot of money off malware, but this is just getting ridiculous. One would think that machines with up to date antivirus software should be able to stop this stuff, but obviously it doesn’t. It does make me wonder how different the variants are.