Thursday, January 28, 2010

First virus removal of 2010: article 201001

Sitting at a friends computer trying to install McAfee right now so I figure I will jot down some notes about this virus removal.

When I arrived the virus had changed their desktop wall paper to a nasty lime green and red warning that that there system was infected. Pop ups were also being presented repeatedly that their system was infected a provided a link to install an AV program to have it removed.

I went to run McAfee but it was no where to be found. Instead bit defender showed available yet Bit Defender had never been installed.

I tried to run the system restore exec (rstrui.exe) but was told the executable was infected. I put a clean system restore executable on the computer and tried to run it but a message popped up saying it too had become infected.

I then ran rstrui.exe from a read only thumb drive; again I was told the file was infected. How could that be? I renamed the file to 1rstrui.exe and boom goes the dynamite. I restored the system to 2 weeks back installed multiple AV programs and root kit detectors and all came back clean.

Now I am always suspicious that a machine could be infected since encryption, polymorphism and zero days do exist but all apears fine now.

- Posted using BlogPress from my iPhone