What’s a little malware for the weekend?

The in-laws are in town briefly today, and they brought down a laptop for a little tech support, because they, apparently, had been heavily infected with malware.

Well, as it turns out, they did have malware, but it wasn’t quite as bad as they thought. They had told me Norton reported that they had over 400 virus infections. As it turns out, Norton was only detecting one baddie, a downloader, which seemed to be attached to a rogue A/V program called Antivirus 2008 XP. That program was reporting that they had over 400 virus infections, and wouldn’t you know it, for a small fee they could purchase the full version of their program and it would go ahead and take care of all of that.

Of course it would, after paying the fee it would just stop reporting virus infections, declaring them all magically swept away by their powerful program. Tell your friends how amazing this product is, surely they’ll want it too!

Whatever, once I figured out what process it was loading, and what service was being loaded at startup, and killed those, it was easy enough to clean up, but I can’t help but wonder how many people see that sort of “you are infected” prompt and start paying for this sort of crap? I know there are enough people who do it that they make something off it, otherwise they’d be in another business.

Update: I didn’t make an effort to do a full investigation as to where it came from, once I rebooted and verified that it did not launch and the service wasn’t listed anymore I figured I’d let them take it back with them the same day. On Sunday though we got a phone call saying that it had reappeared, and the program was being blocked by Norton, but it was being blocked every few seconds. Obviously, I need to do a more thorough clean up on this the next time we see them in a couple of weeks. Stay tuned!

Follow these topics: Tech