I Got A Call From A Customer Of Mine Last Night…..

Apparently he was getting a prompt for a anti-virus scanner called System Protector. The thing is that he never purchased it and it is telling him that he has to pay for it to get rid if all of viruses that it was finding. This is clearly a rogue application. Wikipedia defines a rogue application as:

Rogue security software is software that uses malware (malicious software) or malicious tools to advertise or install itself or to force computer users to pay for removal of nonexistent malware. Rogue software will often install a trojan horse to download a trial version, or it will execute other unwanted actions.

Pretty sneaky. I’ve dealt with a lot of this sort of thing over the years. Sadly, this is becoming more commonplace.

So I was pretty sure that my customer had somehow gotten a trojan horse (or more than one) onto his Windows XP computer, and it downloaded this rogue application. I made arrangements to look at it today as this isn’t the sort of thing that can wait.

Once I got my hands on the computer, it was worse than I thought. It disabled any security software that was on the computer, plus I couldn’t use basic Windows functions such as bringing up task manager. So this was very serious. I researched the rogue application that was on the computer (as in this situation Google is your best friend) and came up with a plan to deal with the situation:

  1. By using Google, I used instructions from a variety of sources to disable the rogue application. I always read a variety of sources to make sure that whatever method I use to kill stuff like this is the correct course of action.
  2. Once the rogue application was gone, I had to tackle the trojan horses that were on the system. I use at least three anti-virus scanners that are up to date to make sure that the system was clean. That’s no joke. I use three scanners because each will get stuff that the others will miss. By the time I was done, I had removed 30 trojan horses.
  3. I then had to fix Windows. The trojans had done some work to stop things like task manager from working. So I had to repair that damage.
  4. I then had to figure out how all this stuff got onto the system. Since the system was pretty much up to date in terms of security patches, I knew it came from an application that was installed on the system. From interviewing the customer, I was able to deduce that the likely source was a file sharing application that the customer’s son had installed as the issue started within 24 hours of the application being installed. I removed the offending application. I wouldn’t want to be that kid who installed that file sharing app tonight.

Total time: Four hours. I only charged the client 2 as most of my time was spent waiting for scanners to be finished. So in my opinion it isn’t fair to charge the client for that “waiting time.”

So as you can see, I had an interesting day. But far from atypical for me.

I wonder what the next phone call will bring?

Leave a Reply

%d bloggers like this: