Saturday, November 15, 2014
Hello
again. Today’s topic is lighthearted and fun. Had you going didn’t I? No, it’s
not lighthearted, but it is a little fun. It certainly isn't the worst thing that could
happen. Anyway, what I am babbling about is referred to as Ransomware. This is
the term given to the new types of malware surfacing that infest your system
and lock your computer down, demanding a “ransom” of sorts, usually payment via
credit card or PayPal to an obscure account. Only problem is, once you pay the “ransom”
they essentially pull the trigger. Instead of returning control of your system,
they lock it further, funneling all the money out of you they can manage and
leaving you to pick up the ruins. These are obviously
very shady practices, and unfortunately they are just about as lucrative. You
wouldn’t believe the fools out there that fall for this. Before you get
offended because you think I’m talking bad about your grandfather who gave
thousands to a scam overseas, I need you to understand two things. First, we
cannot be expected to defend against what we are unfamiliar with. You cannot
fight a disease you have never seen. And you cannot protect yourself online if
you are unfamiliar with typical practices of malice traditionally practiced
online. And this brings me to my second point: from the bottom of my heart, it
is my solemn belief that if your grandfather did indeed give thousands away to
a scam overseas, then not only does he not belong on a computer or anywhere
around internet in general, but maybe you should question his decision making capacity.
Just a thought.
Now
that we have made it through that rather elaborate intro (thank you for
sticking with me through that. I thought you would have gotten bored by now.
Your vote of confidence means a lot to me) I will explain the purpose of this
particular post. A friend of mine recently
gave me a call and offered the chance to exercise my skills on his newly
infested computer. Apparently his girlfriend downloaded a virus called Rango
Win 7 that locked his computer, and basically fits the exact description above.
 | |
As you can see from the picture
above, this is not a typical virus, and its clear how poor saps have been
fooled into making a fatal mistake at this very point. The program installs
itself as a bogus antivirus program that starts to scan your system, presumably
to find viruses (duh). Only problem is, the “viruses” it finds are completely
legitimate programs. For example, one program I saw it detect as a “virus” was
Photoshop. Now, I have my beefs with Adobe and particularly Photoshop (have you
seen the price tag? ), but I feel safe in saying its
not a virus. Yet, there are people that somehow do not see this as a red flag.
Thank god for that, because it gives me purpose to do this project, and that
makes me happy.
This
particular instance happened in a way that most infections simply don’t occur
anymore: opening a suspicious email. Before you ask: yes, this still happens,
as was so beautifully demonstrated by my friend’s girlfriend. Right quick, I want
to go ahead and throw the moral of this story out there: DO NOT, under any
circumstances whatsoever, opens a suspicious email. EVER. Most email clients
today filter out a majority of spam you receive, so this isn’t usually a
problem. But if you get an advertisement for something, or maybe start
receiving emails that don’t make sense, just mark it as spam and move along.
Just in case you’re interested, is a
pretty reliable email client for free, and they filter out a good amount of
spam and phishy stuff (see what I did there?). Most newer clients should be
fine, just please get something newer than AOL email. Please, for everyone’s
sake.
The
removal of this particular virus was fairly interesting, and to be perfectly
frank, it was fun. We started the
computer, just to see what was happening and try to diagnose it. After about
ten minutes past start-up, the first window prompt for the virus program
opened. When we tried to close it, the virus just retook control and opened
another window. I hoped we could just leave the window up and browse to find a
solution, but there was no such luck. Upon trying to open Firefox, it was
blocked as “a potentially malicious program”. I was actually forced to reboot
into safe mode, while using my laptop beside theirs so I could have a step by
step walkthrough. Detailed below are the steps I took in removing this virus.
For the record, this particular system was running Windows 7, but the removal
for any other system should be similar.
To start,
after booting in safe mode, I had to open the registry files. To do this, just
open the start menu and in the search bar, type “regedit”.
Once this window is opened, you are going to need to venture
to a few different locations and remove some files. This can be kind of scary,
as deleting the wrong file can ruin your system. It may be a good idea to
perform a system backup. To do this, type “backup” in the search bar, and
follow the set-up wizard to back up your system.
The files you need to remove are:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>" = "%AppData%\<random>.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "<random>" = "%AppData%\<random>.exe"
It is possible
there is a much easier solution.
When
this happened, I was caught somewhat off guard. You see, I was actually leaving
work when I got the text that my buddy needed my help. I was kind of flustered
because this threw something else into an already tight schedule, but I wanted
to see my friend, and I wanted to help him out, to the benefit of both of us.
So in my rush I overlooked the simplest option I could have utilized.
That’s right,
MalwareBytes would have taken care of this from the beginning. You may be
asking how I could have installed this when the computer was locked down. My
answer is but a two words: friggin’ magic. Magic in the form of Safe Mode (with
networking). If you have the install
file on a flash drive or other portable media, then regular safe mode will work
fine, otherwise you will need to go to the site to download the program. Run
this bad boy and it will take every single one of those nasty files embedded in
your registry right out and leave your computer just as if it had never been
affected to begin with. Regardless of your choice on how to handle this, I
seriously suggest you download this program. There is a free version as well as
paid, but even just the free is an amazing machine. I cannot stress this point
enough: surfing online is very similar to hiking the wilderness. You are
against the elements, and there are many things that want to take you down.
Only when you properly equip yourself with tools, such as a decent firewall and
antivirus program or two, do you stand even the slightest chance of survival.
In the
end, this problem was resolved with a swift kick in the ass. It was a little tedious, but fulfilling, and I
look forward to more of this. I can’t wait to be the guy everyone is calling
for help on problems like this. Here soon, maybe I will have some more
intricate situations I have had to resolve that will fuel some posting. Here’s
to hoping.
