Saturday, November 6, 2010

Antivirus Studio 2010

My wife's cousin sent out a cry for help on Facebook the other day. Some malware had taken over their computer and neither she nor her husband knew how to get rid of it. My wife and I both responded to the Facebook post saying I could help. Her cousin called us the next day and then that evening helped them fix the problem over the phone.

The name of the virus is Antivirus Studio 2010. This particularly nasty guy pretends to be a trial anti-virus program saying you need to upgrade (by paying). Basically phishing, but it also locks down web browsers and circumvents Microsoft Security Essentials. Not a nice program. It also explains why the cousin took a while to respond to our response and why they could not research the problem on their own.

The site I found the most useful in my quest to remove the faux-antivirus was Can Talk Tech. Unfortunately, the site's design made me think it was some kind of lame demand media and therefore could not be trusted (please don't flame me). However, I eventually decided to go with it after looking around a bit more. It presented the solution two fairly straightforward steps. If I was going to avoid a trip out to their apartment then I needed straightforward steps.
  1. The first priority is to get a working internet in order to download the other tools. That was successfully accomplished by booting into safe mode on Windows XP. From Microsoft's instructions:
    As your computer restarts but before Windows launches, press F8. On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.
  2. Use that recently re-acquired internet access in safe mode to download the free version of Malwarebytes. Install it and then run a full scan. That should take care of Antivirus Studio 2010.
  3. Ha! I snuck a third step in on you. For good measure, go download CCleaner and clean up the crap on your computer (C = crap). Specifically, I had the cousin's husband run the registry cleaner. Some other sites had mentioned some registry artifacts tweaked by the virus. I love crap cleaner.
After that, the computer seemed to work fine and I was thanked like the amazing hero I am. "Hail, the conquering hero!"