Tuesday, 21 June 2011

Vista Internet Security 2012

A couple of days ago, one of my PCs became infected with "Windows Vista Internet Security 2012". I'm not sure how it happened, but Firefox was running and hotmail was being checked - but no attachments were opened and no dubious emails were present.

Vista Internet Security 2012 installs itself on the task bar and as a startup program. Every time you attempt to access the internet or run certain programs, the dialog appears, tells you you've been infected with lots of problems and prompts you to register for the full version of the program. Your computer is unusable because even if you dismiss the box it reappears as soon as you attempt to do anything.

The machine was fully protected using up to date McAfee software, so you'd have thought this shouldn't have happened. However, McAfee did help me to get rid of the problem.

Here's how I dealt with it.

1) CTRL ALT DEL to bring up the task manager.
2) Found multiple instances of a process called "pfw", each one of which was one of the dialog boxes that had appeared on the screen. I killed them all, kept the task manager open and killed any new instances that subsequently appeared.
3) Fortunately I was able to use McAfee, so I got it to do a quick scan - this achieved nothing, so I ran a full scan. This found four problems, but was only able to delete three of them. It identifed the fourth as "corrupt-AG12SE802287FB7".
4) Stopped the computer, unplugged it from the network and restarted it.
5) Logged in as an adminstrator and rands a McAfee full scan. This found and allowed me to "quarantine" the problem item "corrupt-AG12SE802287FB7" that it had earlier been unable to disable.
6) Stopped, reconnected to network, restarted and logged in as the non adminstrator user under which the problem first appeared.
7) McAfee then reported that it had identified but was unable to delete the problem program "pfw.exe" and requested that I restart the computer.
8) Restarted and everything OK again.

See precisesecurity.com for further details of the problem

No comments:

Post a Comment