Sunday, May 29, 2011

Your computer is infected - please buy our product!

What is it?
For several years there have been malware infections around which fall into the category of 'Fake Alert' programs, that is they purport to have detected infections on your machine and offer to scan it for you.  This process takes only a couple of minutes and then it confirms it has found LOTS of things and your security is at risk, and it offers to fix them for you but you need to pay them money!  Some common names for this include XP/Vista/Windows7 Antivirus/Antispyware 2011 (or some other year) and It will often tend to change its name to match your system!

Of course it's a scam - there's no way it could have scanned your computer in only 2 minutes and the only infection you can be certain you've got is this rather nasty piece of malware.

The reason I'm bringing this up now is that there has been a recent increase in this type of infection and it can be VERY troublesome!  It will very often prevent any programs from running which makes getting rid of it a bit problematic!

Usually the following approach works.  I'm not going to explain this in terms that the non-computer literate can understand, for once, because if you don't understand the instructions then you probably shouldn't be trying it!

How to Fix it

First thing is to boot into safe mode with networking and download Malwarebytes Anti Malware, install it and let it get the latest updates and then run a quick scan.  This SHOULD get rid of the infection and when you reboot normally you should find it's no longer popping up.  Very often, however, you'll find that you can't run any programs and that's because it's messed up the registry.  To fix that you need to create a file called, for example, fixexe.reg and containing the following lines:-

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\pezfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

and then double click on it to run these commands against the registry.  With any luck you should now be able to run your programs again.

How did you get infected?

It's very hard to say exactly what happened, but you almost certainly did it to yourself!  Did you ever get a message saying a web page needed a component to be downloaded in order to view its content?  That's a very common way of tricking you into downloading dodgy software!