Monday, November 19, 2012

Slay the File Recovery Malware

I recently slayed the File Recovery malware on my brother's computer. I'll give you my routine that worked. If you have another one, please let me know in the comment box.

File Restore hides your start menu links and a bunch of other stuff to scare you that your computer is truly broken. We won't restore this stuff in the beginning of the routine though. I wanted to go ahead and tell you so you know why those links are gone in case you have to deal with this beast.

I disabled Microsoft Security Essentials real-time scanner in preparation for Combofix.
I then ran combofix. I ran combofix before Malwarebytes because I know this malware is really nasty and wanted to go in with the big guns first. Don't be scared to run comboxfix. Start the app file, proceed with defaults. It will go through around 50 scans (the speed of the scans depends on your computer's specs - I've seen it go fast, I've seen it take a while - 10 to 60 minutes) then, it will create a log report, then open the log report giving you details on what it did. 
Rebooted into safe mode.
Ran Malwarebytes quick scan. It only detected some PUPs. I told Malwarebytes to delete them anyway because it was adware and I wanted to make the system squeaky clean.
Rebooted into normal mode.
Ran Windows Repair. This tool is amazing. File Restore can really mess with the default settings for Windows, thus making it look broken. Windows Repair fixes the stuff malware screws up like that. It's a very nice tool. It automatically reboots after the scan finishes. This scan can take a while too. Again, the speed of the scan depends on the specs of your computer.

Windows was fixed after this routine. I wasn't done yet though. I enabled the real-time scanner for Microsoft Security Essentials. I made sure the quick scan was on a daily schedule. It was. I also wanted to make sure this computer was safe not just from the non-user stuff, but even from user-related 'attacks' like answering the door for malware when it goes knocking. I hooked them up with OpenDNS. I enabled the web filter. I went with the Custom configuration on the web filter enabling protection from Adware, P2P/File share sites, Dating sites, Nudity, Pornography, Proxy/Anonymizer, and Web Spam. OpenDNS also has basic malare/botnet protection too which helps.

Then, I installed the Web of Trust addon for Internet Explorer and Firefox. Web of Trust is a terrific broswer add-on rating websites to give you an idea of what you're getting into before you visit a site. A small dot next to each link gives you a rating for the site: green is good, yellow is questionable and red is bad.

If you click on a red rated site WOT will popup asking you if you really want to visit this site and lists why the site is rated red. This will scare most users, preventing them from downloading and installing malware on accident. It's nice. It works.

This is how I handled the problem. Do you have a different way? Tell me about it in the comment box below.v

No comments:

Post a Comment

Life in IT appreciates and encourages your comments, but we do have guidelines for posting comments:

1. Avoid profanities or foul language unless it is contained in a necessary quote.

2. Stay on topic.

3. Disagree, but avoid ad hominem attacks.

4. Threats are treated seriously and reported to law enforcement.

5. Spam and advertising are not permitted in the comments area.