One of our clients received a link via an e-mail from a friend saying that they needed to purchase, download, and install a product to help keep their system running great!
- Rogue AntiSpyware blog: Registry Defender
Now, the machine is virtually unusable due to constant battering by pop ups from a product called System Security 2009 (also a Rogue AntiSpyware blog link). The rogue also prevents any .EXE from running on the system except an IE window that takes us to the “online activation system”.
We are going to flatten this system, extract their data from an earlier ShadowProtect image, and start fresh.
Since much of the infections legitimately found on the system are Trojan related, there can be no guarantees that removing them does not leave a backdoor of some sort into the system.
The desktop as it is now:
Our client new something was well out of sorts due to the misspelling of “YOUR’RE” when the background started showing up.
Note the constant fight between the malware and AVG Free.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book