Tough time fighting Windows Protection Suite
I had a special mission today. That was to troubleshoot my uncle's PC which cannot boot up after he installed something last night and the best part is he didn't do backup. It was a tough fight, close to 6 hours, trying to get the PC up again. My poor Sunday evening gone.
The first two hours, I was trying to figure out the windows message "Windows cannot start, file missing or corrupt..." After a while, I realised that the registry was corrupted. OMG. I searched high and low on the internet and found microsoft instruction - http://support.microsoft.com/kb/307545. It was a series of file moving and backup. I succeeded in getting windows to start as per normal. But don't be happy too early.
Just when I booted into the normal windows, I realised something was wrong. There were constant security alert from the stupid software - Windows Protection Suite!! Can you believe that? It is actually a malware, instead of a security software, trying to cheat you into believing something is wrong with the computer. Possibly to ask you to pay subscription fee later. I asked him again. He visited some website which pop up the IE window saying your computer got virus and ask him to install this malware. After it get installed, it constantly pop up alert message and if you shut down computer, it never get started up again.
I was trying to remove the malware.
- But there was no uninstall option.
- I cannot open regedit.
- I cannot open task manager.
- I cannot access internet to download scanner
- When I connect the external hard disk, it failed to recognise.
- When I try open up CD rom drive, it took forever.
When I restart, the registry get corrupted again. How stubborn the stupid thing is!
Finally, I thought of a way to kill it. I boot into the windows recovery console, copy back the backed up registry file and boot into safe mode (F8). Inside safe mode, I deleted the program executable from Documents and Settings\Current User\Local Settings\Application Data\xxxx\XXXX.exe (the exe name could change).
After reboot using normal windows, thank god, it doesn't get loaded. It gives me time to access the internet, install the malware scanner and remove it thoroughly. Malware scanner remove the re-generated exe and registry setting.
The moral of the story are
1. Don't click or install any pop up window software.
2. Always do your backup. That's very important
2 comments:
hey..should give your uncle this article ha...;-)
I found here so much important information, thank you guys! I think that I have a parasite identical to this in my PC and I need to remove it. If it happened for someone to get this parasite also, here I found more information:
http://www.2-spyware.com/remove-windows-protection-suite.html
Thanks guys!
Post a Comment