Computer viruses have been since ever. Across the time, there have been many and day after day, they becoming more and more powerful in terms of being removed. I recently came across one which even when it’s not newer (according to what I could research, it was made in 2008) it is still out there, causing serious issues to many users. It has many variations but all of them work more or less similar to each other.
It consists in a Windows Trojan virus (which means that it comes hidden somewhere, in an email, a file or something
MS Removal Tool Screenshot
else) and when opened it just installs a program in your computer which actually disconnects your computer from the Internet (it messes with the network connection so your machine will get totally disconnected from the Internet, so basically you will not be able to google about it or download any antivirus or fix tool). After that, every time you start your machine a fake “virus and malware protection program” gets started as well, it’s a screen that tells you that your computer is infected with X amount of viruses and that you need to get a program to actually kill these. Then it offers you to buy this protection online (that’s the only way your connection will work, to send out your credit card information to the attacker)
It appears with many names, different screens, but all of them operate just the same. Removing them is a pain, because you can’t relay on a simply fix tool or removal tool as they’re smart enough to even detect these tools as viruses (paradox, huh?) and they even get hidden so the tool can’t really fix them while they’re running, so this makes us think what we need to do: first we need to deactivate it for a moment, and once it’s not running we kill it.
Windows Tool
Sounds like the plot of an action movie, but that’s the way it is, first you need to find its files and make the virus not be able to recognize them and then you will remove these files (and any trace of them, using a fixing tool) to make sure you eradicate the virus from your computer. I had to do this recently, so I’m going to describe my process which can result in very helpful for you if you need it as it should be quite the same on your computer:
First step: Locate and disable
Well, these viruses have something in common, they put their startup files in the same location, so basically you need to find them and “confuse it”. You won’t be able to delete them initially, because that won’t fix the problem yet. So, basically start up your machine, wait until it actually suggests you to “scan” the machine for viruses, let it do it its thing and once you can have control again, open your Start menu (click on Start button) and then go to “My Computer” or just “Computer” (this depends if you use Windows XP or Windows Vista/7).
After you are in control and looking at your hard disks, let’s go find the bastard! But first, you need to make sure you are able to see hidden files, you will need this. If you are not so proficient in Windows, I suggest you do a google search for ‘show hidden files Windows X’ where ‘X’ is the actual version you use (XP, Vista, 7). Now, assuming you already are showing hidden files, go to the following locations, depending on your system:
For Windows XP:
| C:\Documents & Settings\<your username>\AppData\Microsoft\ |
For Windows Vista & Windows 7:
| C:\Users\<your username>\AppData\Roaming\Microsoft\ |
Basically, once you are in these locations, you will see a bunch of folders, but you should also see 1 or more executables (they don’t have folder’s icons, but another thing and usually they have weird names without any real meaning or that aren’t even a word). These executables are the core of this virus, so go ahead and rename these files (just in case, write down their name, it might happen that if you are not so good with Windows or computers, you can be screwing up something, but any way you are already screwed up by this virus, so why not?). Change their names to something else, whatever it is, something like a number for each file: 1, 2, 3…
Once you have completed this step, then reboot your computer. If everything was fine, next time you reboot you will not see the “Windows Protection” software loading at the startup, that means we are half the way there.
Second step: Kill the bastard
OK, we have taken control of our machine again, but we want to clean it up, so go get a nice freeware tool or at least shareware to clean your computer. In my case, I used Malwarebytes Anti-Malware (http://www.malwarebytes.org) which is free for few days, so you can use to clean this mess and then thank it. Run it and it will find and clean your computer in few mins and you will be ready to go again.
About the prevention:
You don’t need anything paid, people keeps asking me if they should buy an antivirus like Norton, McAfee, etc, nothing of that is really needed and honestly (for personal use I mean), I think this companies keep existing just because of the people’s ignorance. There are a lot of antivirus out there which are free for personal use and that work just as efficient (and probably better, because they are a lot lighter than Norton for example) that you can use. To name a few:
- Antivir (http://www.free-av.com)
- Avast (http://www.avast.com)
- AVG (http://free.avg.com)
What they would do is exact the same thing as any paid antivirus: just detect and (try to) prevent you getting infected, once infected they will not necessarily clean or fix it, you will need to do it yourself like in this case or get a removal tool (which mostly are free too by the way). Also, these and other viruses might get under any antivirus’ radar, and at the end the bets antivirus is just: don’t open what you don’t know what it is.
