Microsoft Security Trojan

Stop
Caution
Chase Computers Logo
Go to content

Microsoft Security Trojan

Chase Computers Wonthaggi Bass Coast

Fred was in a hurry when his mate rang and said something about leaving him a voice mail, and later that day when Fred received an email with a voice mail attached he thought nothing of it.
Later he opened his laptop and opened the voice mail attachment - and that was the beginning.
Multiple infections were reported and any attempt to run any programs thwarted, even Avast Anti Virus was suddenly expired. Fred managed to download superantispyware via a tablet, but after finding and removing 225 "problems" the issues remained.
When I arrived I knew the task was relatively simple, get into regedit and remove the run entry, but regedit was deemed as a threat by the parasite and blocked, so to was msconfig, there was nothing to it but to run in safe mode.
I still don't know why (factory default?) or how (parasite changed bios settings?), but there is no POST screen on the ASUS laptop and the boot order was set to HD then CD, so it was not possible to either select a different boot device or get into safe mode (apparently shift F8 on a Win 8 machine will get you in) - so after 2 hours of frustration, the machine came home with me.
By removing the hard disk I was able to scan it through my PC, find the offending file and the directory in which it resided.  Clever little bastard was an innocuous program that the anti virus program saw as benign, but on running it created a program that was in fact the virus, I deleted the directory and instances of the bludger then reinstalled the HD, editted the registry and removed the run entries - all done.
I have removed this problem on many PC's over the years, but this time I noticed something odd in the directory it had created, and this is the reason for this post.  The program infecting the laptop had taken a photo of me attempting to remove it - so did it get sent somewhere, and if so, why?




Back to content