Anyway the software is obtained by the user thinking its perfectly legit to let Windows media player download some random made-up codec to play the latest sketchy-as-all-crap video he found at whatever geocities-based erotic website he found at 3am. But oh no! This isn't a codec, its an executable that installs one of the most nightmarish things I've dealt with.
The program does this:
- Installs its self everywhere aka "shotgun install"
- Creates no less than 3 desktop shortcuts and like 10 systray icons
- Replaces your wallpaper with an image that looks like a window your can close (ever see a cat trying to catch a laser pointer? now imaging that with people trying to close this thing)
- Disables the service for changing wallpapers
- Replaces your screensaver with one that i kid you not looks like your system blue screening, with a new blue screen every time, and an animation of your system rebooting, complete with windows xp loading screen. (ought to win an emmy)
- Disables the service to change your screensaver
- Shows you a fake antivirus window that pretends to scan your hard drive, then finds numerous viruses and trojans you don't actually have and asks you to pay them to "upgrade" and remove the infections (all a scam)
So I bet your wondering how to nuke this creep right? Well its never that easy, every time I've encountered this infection the filenames are different which makes surgical removal impossible unless your use Autoruns to find each part. the other issue is no legit antivirus as of now even sees this thing or prevents it. You best bet is backing up all the settings, documents and anything else important on another computer and wiping the disk, then putting everything back on fresh. Sounds like a lazy way out but my rule is if it takes more than 45 minutes to fix and it has to do with infections that messed up windows system files, then its quicker and for the most-part guaranteed to work, to just restore windows.
Good luck out there.
More info and some tips to tackle this insanity.
No comments:
Post a Comment