Monday, January 3, 2011

Malware Alert !

Ransomware. It’s not a new form of malware (ie: viruses, trojans, worms, phishing, spyware, even spam), but neither has it faded into the background over time. Many of my clients needed my assistance after encountering it sometime during 2010. It first came to my attention 3-4 years ago in the form of “AntiVirus 2008.”

The vector is that, after visiting an infected website, a notice pops up on your screen that there is “a problem with your computer.” The “problem” it refers to may be a virus infection, update due, or disc defrag needed. The popup could vary from a poor imitation of a Windows information box to a dead ringer for the Windows Update shield and dialog or a Microsoft Security Essentials notice. Typically it uses spyware tricks to reload even after you’ve left the website or rebooted the computer. Usual Windows close window buttons in or on the window are often ineffective and you can only get it off your screen by right-clicking its icon on the taskbar. The window advises “click here” to resolve the problem – but beware! – clicking anywhere in the window could run the program. Then you’re in trouble!

You asked the website to install a program. It doesn’t need a rootkit or worm to run the malware. You asked it to install. Check out a full discussion of the process at

Once the ransomware is installed, it locks up your computer only allowing you to go to their website to undo the damage. Of course, the “repair program” costs $20-$150. If you don’t shell out, it may have already encrypted your hard drive or it may corrupt your data before you can stop it.

Luckily, most of my clients contacted me and did not actually install the program. While they couldn’t get rid of the popup, I could log on as an unaffected administrator and squash it with a System Restore and multiple malware scans from different sources such as antivirus vendors, Malwarebytes, and Microsoft Malicious Software Removal Tool. Between alert refusal to install the program, antivirus scans, storing data on a server – not an active client computer – and backups; only one home user lost significant data. Everyone lost significant time and incurred the expense of my services.

Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at
(c) 2011 Bill Barnes - Disclaimer - Home Page - Blogs Home