One of our machines got hit with the Antivirus System Pro malware. This program masquerades as an anti-virus and it’s main objective is to get you to buy the fake program. It tell you your system is infected with different viruses and shows never ending popup windows and alerts. The infected machine had Avast Home Edition and Windows Defender but still got infected.
When a machine gets infected, we don’t just reboot. The problem can get worse because the malware can load itself on startup, possibly doing more damage. So the first thing I did was to disable the network connection. I don’t want any data being sent to another computer on the internet, or get another machine infected.
This virus disallowed most programs from running by making changes to the registry. I cannot run task manager, notepad, or any command-line programs. This is a big problem since you first have to kill the offending programs before you can clean them up. Without the task manager or the Windows command prompt, this was next to impossible to do. I also saw IE getting hijacked and trying to open up adult sites every few minutes. After some attempts to run programs from my USB stick, which didn’t run because of the infection, I had no recourse but to hard reboot.
On startup, I went to safe mode and did a system restore. After a few minutes, the computer was up and running normally again. Since Windows Defender or Avast did not detect this Antivirus System Pro variant, I installed Malwarebytes’ Anti-Malware to get rid of any traces of the problem. I eventually got a full version of Malwarebytes to have real-time protection and schedules updates.
Multiple defenses is needed nowadays to make sure your Windows computers are secure. The next defense planned is malware protection on the firewall level. This should prevent problems from entering the network.
