Skip to main content

Posts

Showing posts from January, 2010

Stupid-Virus 2010

I don't know what exploit just hit, but I have now just finished my 3rd removal attempt of "Internet Security 2010" (aka "AntiVirus 2010", and all the other versions of this virus). I've never seen such a successful attack---but then again, these were all old XP machines. Anyhow, I think I finally have it down now, and I'm writing this to remind myself for next time. Get MalwareBytes Get ProcessExplorer, AutoRuns, and that command-line utility that schedules file renames during Windows' startup. Go to BleepingComputer for their guide, but also their .reg file Put it all on a USB stick So the virus sets a bunch of registry settings so that you can't use Task Manager, change the desktop wallpaper, and a bunch of other annoying things. It also makes it so one of its processes gets loaded in each time you launch an exe---so it has a chance to deny access to it and pretend it's infected. Since MalwareBytes will take care of most of it, use Process