Malware Hunting

Seems there is a NEW Batch of nasty malware afoot.  I spent part of Sunday doing Malware removal on some systems some friends of mine have at their house.

 BAD GUYS are now infecting computers with new type of  malware. NOW the bad guys want the user to pay for removal of the MALWARE thru the purchase of any number of “Malware removal softwares” that the malware also puts on the desktop of the infected system.  The bad guys are looking to collect your credit card data for resale to others.  Seems credit card data aka track dat is selling for from a dollar to twenty dollars depending on the type

This computer was perfectly fine on Friday and Saturday is had a red bio hazard background and 3 new malware removal products on the desktop thanks to the malware.

I ran some software to determine how bad the infection was with some free open source tools:
Hijack this
lava soft ADAWARE
GMER
ice sword

as well as some for pay products:

The conclusion was that the system had about 150 hidden and hijacked process running on it.  The MALWARE had turned off the anti virus on the system when it was loaded.

I killed a few of the malware process and trend micro av started to see the infected items but was unable to remove them.

Moral of the story:
Back up your data
Back up your data

I use carbonite to backup all of my systems and CASE has arrange for us of this product as well.

after formating and reloading the system.  the system is again behaving well

Trackbacks

Trackback URL for this entry is: http://blog.case.edu/lou.changeri/mt-tb.cgi/15992

Comments

Post a comment





If you have entered an email address in the box, clicking this checkbox will subscribe your email address to this entry so that you are notified if any updates or additional comments occur on the entry.