A friend contacted me that they were getting a message from their anti-virus program AVG and wondered if anything was wrong. I said take a photo using their mobile phone and email it to me. From the photo you can see AVG has detected the malware.
I wrote back to them letting them know their computer was infected and suggesting they click on the Protect Me option to remove the malware.
They then wrote back that they were still getting the messages and AVG had not removed the malware. At this point I suggested to drop the computer over. I usually scan a computer with multiple anti-virus programs and the scans can take some time. However I said if the scanners can't removed the malware, sometimes there's a clue as to the malware program and that gives me enough information to remove the malware manually. As long as the malware's done no damage and all the scanners don't report an issue, there's a very high probability the malware has been removed. Rootkits that install before the operating system is loaded and thus can hide, are the type of malware where this may not work.
Since the object name in the image provided the path and filename of the malware program I suggested they manually delete the file and then do a full scan which they did. This fixed the problem. I've suggested they do further full scans using multiple anti-virus programs to triple check their computer is clean.
It appears this was a relatively simple malware infection. This approach may not have worked with some malware. I've seen malware which has had three simultaneous infections. Remove one infection and the others recreate the removed infection. Now that was a bit of fun to remove.
The lesson here is even if the anti-virus program can't remove the malware, read the screen carefully, as there may be some clues that can assist you before you need to retain the services of a computer support person.
Kelvin Eldridge
www.OnlineConnections.com.au
Call 0415 910 703 for IT support.
They then wrote back that they were still getting the messages and AVG had not removed the malware. At this point I suggested to drop the computer over. I usually scan a computer with multiple anti-virus programs and the scans can take some time. However I said if the scanners can't removed the malware, sometimes there's a clue as to the malware program and that gives me enough information to remove the malware manually. As long as the malware's done no damage and all the scanners don't report an issue, there's a very high probability the malware has been removed. Rootkits that install before the operating system is loaded and thus can hide, are the type of malware where this may not work.
Since the object name in the image provided the path and filename of the malware program I suggested they manually delete the file and then do a full scan which they did. This fixed the problem. I've suggested they do further full scans using multiple anti-virus programs to triple check their computer is clean.
It appears this was a relatively simple malware infection. This approach may not have worked with some malware. I've seen malware which has had three simultaneous infections. Remove one infection and the others recreate the removed infection. Now that was a bit of fun to remove.
The lesson here is even if the anti-virus program can't remove the malware, read the screen carefully, as there may be some clues that can assist you before you need to retain the services of a computer support person.
Kelvin Eldridge
www.OnlineConnections.com.au
Call 0415 910 703 for IT support.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.