I’ve come across a some nasty fakeware that infected my business laptop, so here’s some free advice to you. Fake ware is a software trojan that finds it’s way onto your computer from a website, and this particular software program pretends to be an anti-virus program called Anti Virus Live, and if you visit their website, you can purchase options to enable it! Umm!
I’m very careful with all my computers, especially my business laptops. I only went onto two websites the day in question when the computer was “infected”.
A program called “SYSGUARD.EXE”, or in my case “WDXHSYSGUARD.EXE” is hooked into the Run line in the computers registry. It then disables various options, like the Command Prompt, Task Manager, Internet Explorer, when you try to run these applications, it states they are infected, and do you want to Purchase Protection. Also false firewall attacks pop up on screen, and multiple browser windows appear.
The first thing to do, is shutdown, and start the computer in Safe Mode (f8) at boot prompt, and Select Safe Mode. Check the computers registry for anything odd, now this might be difficult, if you don’t know what you looking at, so why not have a look now, and check what’s normally there.
run Msconfig at the command prompt
If anything looks weird, google it!
(for geeks and nerds! see below)
- At the command prompt type regedit.exe
- Expand HKEY_LOCAL_MACHINE
- Expand SOFTWARE
- Expand Micrsoft
- Expand Windows
- Expand CurrentVersion
- Expand Run
and check what is there…
I’m going to giveaway some of the Dark Arts’ I’ve learnt over the years….
Free tools I use:-
- Free Online and Virus Scan - http://www.virustotal.com/ - Upload suspect files here to check them, it will scan them with many different types of virus/malware checkers.
- Malwarebytes’ Anti-Malware - http://www.malwarebytes.org/ - Download and install, full scan, you’ll be surprised what you find!
- SuperAntiSpyware - http://www.superantispyware.com/ - Download and install, full scan, you’ll be surprised what you find!
- Trend Micro HiJack This - http://free.antivirus.com/hijackthis/ - Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.
IMPORTANT: HijackThis does not determine what is good or bad. Do not make any changes to your computer settings unless you are an expert computer user.
Advanced users can use HijackThis to remove unwanted settings or files.
and don’t use the following tools much anymore, but always worth adding to the toolbox, if you are paranoid, I just find that Ad-aware has become very bloated!
- Ad-aware Free - http://www.lavasoft.com/
- Spybot Search andf Destroy http://www.safer-networking.org/en/ - Useful utilities, nopw detects, three quaters of a million, trojans, malware, fakeware items!
- Sypblaster http://www.javacoolsoftware.com/spywareblaster.html - Useful for browser protection.
The last three software products have been around for many years, but the “new kids on the block” seem to have the edge!
anyway, if you have any problems, you could always contact me!