My career in technology

Archive for the ‘Malware’ Category

Death to Malware: Smart Fortress 2012

I’m not a malware hunter by trade, but I have been called on from time to time to do a little extermination.

Sometimes, you can’t help an infection.  You visit a web page, quite innocently, and the page or an advertisement on it has been modified to take advantage of security flaws and suddenly you are fighting some nastyware.

But sometimes you get social engineered into clicking something you know you shouldn’t have clicked, and you mess yourself up.  This is what happened to one acquaintance of mine (who shall remain anonymous because it was her fault, and she feels bad enough already about it). She opened an attachment on an e-mail claiming to be from Federal Express, and her system was infected by Smart Fortress 2012.  Here is how I cleaned the system of Smart Fortress 2012.

(more…)

Advertisements

Death to Malware: Killing Your Funmoods

I’m not a malware hunter by trade, but I have been called on from time to time to do a little extermination.

The “Internet Security” fake antivirus I talked about in my previous post was not the only recent run-in with malware.  A couple of weeks ago, Funmoods hijacked my wife’s browsers.

Funmoods was only a minor pain to remove, but there were no concrete directions to remove this mild nastyware, so we kept running into little things it left behind.

Funmoods is a malicious browser add-on that resets your home page and redirects all of your internet searches to Funmoods.com.  Want something that will kill your fun mood?  This hijacker is a good candidate.  It is time to return the favor.

(more…)

Death to Malware: Protecting You From “Internet Security (Designed To Protect)”

I’m not a malware hunter by trade, but I have been called on from time to time to do a little extermination.

This one was on my own system!  I was surfing around, looking at some movie reviews and I got a pop-up ad that wasn’t an ad – it was a hijacker.

I got a window that said it was a program called “Internet Security” with the tagline “Designed to Protect”.  It wanted to scan my system.  Of course, I know this scam.  “Internet Security” is not “Microsoft Security Essentials”, it is not a program I have installed on my system.  And I know that if I run the scan it will “find” all sorts of nasties (that I don’t actually have) on my system, and then probably want me to install the full version (for a price), and when I do it will probably install all kinds of trojans and backdoors all while telling me that it has cleaned the nasties off my system.  But that wasn’t the end of the tricks from this particular nasty…

(more…)

Death to Malware: Win32.Agent.ws

I’m not a malware hunter by trade, but I have been called on from time to time to do a little extermination.

A client had a little malware problem on her Windows XP box. The initial symptom was a phony virus scanner window telling her she had a large number of infected files, and that she needed to purchase the full version of the software to clean the system. It was causing her Internet Explorer to hang when launched, and prevented Outlook from displaying graphics in HTML-formatted e-mails.

A malware scan using a legitimate scanner revealed several genuine culprits, including the phony “virus scanner” and a Trojan identified as Win32.Agent.ws, which had an offending file named glddyk.dll located in C:\Documents and Settings\Local Settings\Application Data\Windows Server, along with some entries in the registry. The scanner offered to remove the various unwanted programs, and successfully removed all but Win32. It did manage to delete the associated registry entries, but could not delete the offending dll file.

(more…)

%d bloggers like this: