A Typical 'Fake AV' known as 'Security Shield'

I’ve had to deal with a number of nasty bits of malware recently. Most ‘Fake Anti-Virus’ infections are easy to remove, however you can never be absolutely sure that everything has been cleaned, and the malware which you think you’ve got rid of, may have installed some other nasties, like keyloggers. In this circumstance I usually recommend a full wipe of the hard drive and a re-install of Windows. The recovery partition is usually OK, however some malware can compromise this, resulting in an infected clean installation!

If you really don’t want to go ahead with re-installing Windows for whatever reason, I came across an extremely useful program which can help in the preliminary steps to disinfection.

RKill is a handy program written by Lawrence Abrams from BleepingComputer.com, which after execution, instantly ends all known malware processes. This may be useful if the malware is preventing you from running programs. You might be thinking, “But how can I run this if it blocks all programs?”. Well the answer is on RKill’s download page. They provide a number of pre-renamed versions of the application which can attempt to trick the malware into thinking it is another program.

After running RKill, it may take a few minutes before it hunts out and ‘kills’ the malware processes, however once complete, you can then run a removal tool such as MalwareBytes Anti-Malware to eliminate it.

Running RKill alone will not remove the malware from your system.

 

I’m not going to give the usual lecture on how to stay safe online, but just remember:

  • Don’t click links or open attachments in emails unless you are sure you know who they came from
  • Install ALL Windows Updates including optional ones, Adobe Reader updates, Java and Flash Player updates, unless you have a good reason not to
  • If you get a popup stating that you have a virus, and that you can download a TOTALLY FREE anti-virus tool, it’s a scam, don’t download it.
  • Get some decent Anti-Virus software, and pay for one if you can. My two favourites are Kaspersky and ESET. If you want to go for a free one, Microsoft Security Essentials or AVG are the best.
  • Update your browser. Internet Explorer should be on version 8 if using XP and (at the time of writing) version 9 if using Windows Vista/7. Preferably use Firefox or Chrome, as both have security features far superior to IE, and can produce far faster browsing speeds.
  • Don’t install PUPs (potentially unwanted programs) such as the ALOT toolbar, Inbox toolbar or Ask toolbar…. in fact any Internet Explorer toolbar, as it could introduce malware at a later stage, not to mention the speed decrease.