Pages

Windows Disk AND Google Redirect Virus at the same time - Nasty!

My daughter had started complaining that she had errors on her computer - she was getting pop-ups about hard disk failures, memory issues, corrupt programs and so on.  At the same time, her Google searches in Chrome and in Firefox were not giving her the results she was expecting and her laptop was slooooowww.  We took a look and found that she had two problems.  At some point Windows Disk had installed itself and close to that time she was also infected by the Google Redirect Virus.  These two nasty pieces of software really messed up her computer and it took a couple of days to sort it all out.

What is surprising is how she was infected at all.  She runs the free version of AVG which is kept up to date, She makes sure Windows is kept up to date using Microsoft Update and she uses a firewall.  She is also careful about her browsing.  Yet both these bits of malware infected her laptop and remained undetected.
Let's have a look at these bits of software.  First of all, Windows Disk.  On first sight this software looks absolutely genuine.  Windows Disk presents itself as a legitimate application that looks after your PC for you. It can be installed as a 'trial' application and while it is running, it generates tons of alerts and reports about the apparent poor health of your PC.  The program is bluffing, but unless you're a competent computer technician you're not going to know that.  Windows Disk does offer to sort these problems out - but it will, of course, mean buying their offered software, which in turn involves your credit card....  Get the picture?  It's a scam.  One of a number of scams that preys on computer users world wide.

It's also a pain to remove, as it hides itself from anti-virus software.  However, we followed a guide we found on BleepingComputer.com to remove this software.

More of a challenge is the Google Redirect Virus.  this nasty piece of work alters the way Google (or Yahoo or Bing) works so that as you search for something, and click on the search results, the virus redirects you to other malicious sites or to sites unrelated to your search.  Although known as the Google Redirect Virus, it affects most search engines and is caused by what is called a rootkit infection which downloads with rogue applications.  We suspect that it was downloaded with the Windows Disk software above.  We removed it by using Kaspersky's dedicated application called TDSSKiller.zip which is available from the following link.  We recommend you copy this link and paste it into your browser address bar to avoid any 'redirection' by the virus:

http://support.kaspersky.com/viruses/solutions?qid=208280684

The instructions are simple:  Download the zip file, extract the files to your desktop and double-click on TDSSKiller.exe.  When it starts, click on the Scan button and follow the instructions when the scan is completed to remove the rootkits and reboot the PC.  It's a very good idea to then run a full anti-virus scan and a malware scan to ensure your computer is clean followed by CCleaner (or similar) to delete your internet cache and any missing or corrupt registry keys to remove any remnants of the virus that might be left behind.

Also, if you have used your PC to access your bank accounts or used your credit cards online while you have been infected then please, please contact your bank and get them to change your passwords and cards, as it is highly likely that these malware programs have captured your information and you are at risk of identity theft and worse.

No comments:

Post a Comment