As you can see, Windows Defender is down and nothing is picked up as being out of the ordinary by Norton either.
Double click on the Windows Defender icon, and this is what happens when we click, "Remove All":
Heh, after a reboot the Malware was still there blinking away, and directing one to their, "Buy our Software" site when the blinker is clicked on.
So, onto the next step: Find out if there are others who have killed it.
It took some weeding to find a site that actually has info on it.
I came up with the instructions and a link to a utiltiy to kill it at BleepingComputer.com.
Essentially one needs to do this:
- Download the Removal Tool to the desktop.
- Reboot into Safe Mode (F8)
- Logon using the infected user profile
- Run the tool from the desktop
- Run option 2: Clean
- Answer YES to the registry clean option
- Disk Cleanup may or may not run
- Once finished, do not reboot yet
- Disable the System Restore to clean out any possiblity of re-infection
- Run Disk Cleanup: Start-->Run-->CleanMgr [Enter]
- Choose all drives if necessary and let the utility run
- Go back to the SpyDawn Cleaning Utility and hit the space bar to reboot
- Enable the System Restore once into the user's profile
The system should be Malware clear after this.
Now, one must ask the question, "Is the system safe to leave the shop at this point?"
Based on the research that I have done on this particular Malware threat, it is reasonable to say yes. Has the software's writers implemented some sort of Trojan? There is no 100% guarantee that they haven't. So, the client must be made aware of this.
Now, onto the logic behind this particular scenario:
Someone browses to a Web site and picks this software up without their knowledge.
The situation BEGS the following questions:
- When the person goes to the SpyDawn Web site, purchases their "Product", downloads it, and installs it, are they truly protected from threats?
- Given, in my opinion, the below the boards method for delivering the product "advertizement" in the first place, and the subsequent trap into purchasing the "product" ... how can we expect that installed product to behave above board?
What else can be said?
A legitimate software product, or method of advertizing, gives the end user the option to install the product or respond to the ad.
In all cases of software installed on a user's system, an option should be there to totally remove the software product from their system. The user should not have to pay a professional to do it for them!
UPDATE: Okay, so I misspelled Surreptitious in the title on my original post! It has been one of those days! :D
Microsoft Small Business Specialists