When All Else Fails, Use Malwarebytes

Today, a work colleague and friend of mine had an issue with her computer being overcome by a nasty piece of malware formally known as PolyCrypt and commonly disguised as “Security Master AV” (which looks a lot like the Windows Security Centre). The computer was still operational and remote accessible via LogMeIn (which I have covered in a prior blog post).

These days, there are so many vectors for malware to get into a computer. Not only do we have to think about the media that we insert into the computer like floppies (if anyone still uses them), optical discs, external hard drives and USB sticks but things that arrive over the Internet like e-mail, webpages, torrents and instant messages. Long gone are the days where we had computers operate in complete isolation.

Malware can easily overrun your system by taking advantage of unplugged or undiscovered security holes in the software you use including your browser, e-mail client and operating system. It only takes one piece of software to succumb to a security exploit despite the rest being fully patched and all bets are off. That’s why it is really important to do accept the Windows Update notifications at a minimum.

Anyway, the malware in question had disabled McAfee (the resident antivirus) and had also suppressed Windows Defender (the resident anti-spyware software). I was not prevented from accessing the registry but I think this was due to the User Interface Privilege Isolation (UIPI) functionality in Windows Vista. This function prevents lower privileged processes (such as the malware) from controlling higher privileged ones. Internet Explorer would also close as soon as it would attempt to load a webpage but I found a way around this by right clicking on it then clicking on “Run as administrator” (which was then insulated from the malware as a result of UIPI).

Eventually, I found the manual steps for removing PolyCrypt but thought that the system really needed a thorough inspection. Since the already installed anti-spyware was non-functional I had to find an alternative.

Enter Malwarebytes’ Anti-Malware.

I used the free version in this instance which provides access to the on-demand malware removal functionality but if you stump up for a license at US$25 unlocks real-time protection as well as scheduled scanning and updating. It can scan an entire system fairly quickly and provides detailed logs as to what was found as well as the steps it took to remove any discovered malware. It has yet to let me down when a system is riddled with viruses and other rubbish.

At any rate, the affected system was back up and running later this morning (after a System Restore to fix the broken networking). However, you can only ever truly guarantee that a system is clean by reformatting and reinstalling from scratch or restoring from a known good back up (you are backing up, aren’t you?). however, to get by until that can be carried out then Malwarebytes’ Anti-Malware is very useful.

2 comments

1 ping

    • Amber on July 3, 2010 at 00:47
    • Reply

    What would we do without your advise here in your blog though facebook, Body. :o) I hope you don’t mind I gave the url to your blog so he could read some of your blogs which I am sure he will find of great interest.

    Hope that you and Vic have a wonderful relaxing week-end Boyd. take care.

    Amber :o)

    1. Thanks for your comment, Amber!

      Please feel free to share the blog with anyone you think may have an interest! The blog is certainly not private by any means and it’s here to help people broaden their horizons when it comes to technology.

  1. […] malware is making it difficult to use an internet connection. I have covered other tools such as MalwareBytes in the past but I thought a new tool released by Microsoft was worth a […]

Leave a Reply

Your email address will not be published.