Yesterday I have encountered some clever hidden files virus which was able to trick one of our technicians. This fake anti virus wasn’t a fake antivirus per se but it was disguised as a system optimizer, just like an fake adware remover or fake antivirus. So you need to be aware of these things if you want a bit of safety.
It presented it self as a System Check and as “Windows Delayed Write Failed” and the yellow triangle with an exclamation mark in the Notification area. This Error is genuine but the designer of this adware was clever enough to mask his hidden files virus such that a techie might get tricked.
Also in the notification area you would get similar messages to this one:
If you look in the left the task-bar the windows icon is from the actual hidden files virus which presents itself as a System Check application.
Once you have clicked to scan your hard drive for errors you will be presented with an image similar to the next screen:
So you can see that the screen seems like a genuine application which will scan your computer. Well it does scan your computer and will hide all the files and shortcuts from you. You can unhide all of them from tools folder options menu in any windows. In Win 7 you might have to enable the menu bar. You will not be able to see the files when you browse for them. In addition it will disable the task manager from the registry and you will not be able to preempt the offending process of the System Check to stop it from doing it’s harm.
Moreover it will also suppress Mark Russinovich’s Process Explorer which is an excellent tool for suspending the active offending process and finding it’s location. Even after removing the Spyware with Superantispayware, we had to recreate the user profile because it was severely damaged and the icons on the desktop would not be visible and the desktop would not be click-able.
One other Removal option would be to scan the computer with a WINPE cd with Malwarebytes or SuperAntiSpyWare.
These spyware are getting clever and more adaptive. It seems they are like the Borg, adapting to the weapon systems. All the new methods of destroying spyware expire after a few uses. If you check the System Check screen it has the eternal link on the bottom to unlock the full version. They will ask for your information and your Credit Card!
NEVER GIVE YOUR INFO TO SUCH A PROGRAM. THAT IS HOW IDENTITY THEFT COULD START.
Your Credit card should be used only on genuine websites like Google check out and Amazon.com Paypal and so on. But there is a risk of a keylogger that could register all your key strokes while you are typing your info on a genuine website. This is dangerous especially for new users who have no idea what exactly is what when they start using a computer for the first time.
It is the best way to user these buffer websites once you have set up your accounts with them to make online purchases.