One of my clients called me a few nights ago, and was having problems getting and staying on the Internet. After talking to him for a few minutes, I was able to determine that the computer system had been hijacked by a new variant of the program called PC Guardian. I loaded up fresh USB stick with Simply Super Software’s Trojan Remover, and off I went to his house to “fix” the computer. Unfortunately, this was the same computer I fixed a few months ago using Trojan Remover when another rogueware program hijacked it. This computer has a current copy of GFI’s Vipre on it, but the virus definitions hadn’t been updated in over a month. (This gentleman is rarely home, and does not leave his computer on all the time).
When I realized that SSS’s Trojan Remover was not going to work, (it wanted me to buy the software), I unplugged the desktop unit, and took it back to my house. Once there, I removed his SATA hard drive, loaded it into a SATA external HD case that I have, fired up my desktop, and did a full scan of his drive using Vipre. It quarantined the Trojan-Downloader.Win32,Fraudload virus, but did not get rid of all the underlying files.
I have been wanting to do a “wipe and reload” on this computer for over a year now, but the owner hasn’t agreed to it, yet. By this time it was getting late, and I decided to get a fresh start on the problem in the morning. The next day, after bouncing a few ideas off my buddy Ernie Hatfield, (who owns Heart of the Rockies Internet Solutions in Salida, Colorado), I decided to give the ComboFix tool a try. (NOTE: only use this link to download ComboFix, as this is a trusted source. There are some bogus versions of ComboFix out there on the Internet). ComboFix is a great tool, but should only be used by a someone who understands the consequences of Murphy’s Law. (There have been problems when using this tool on Windows Vista OS based computers. This particular computer is still running Windows XP).
After reading the instructions, I loaded the ComboFix tool onto the infected desktop computer, and ran the program. It took quite a long time, (being very thorough), to inspect all the files and remove the infected ones. Once the computer rebooted, (which it did sucessfully), everything was fine, the PC Guardian icon was gone from the tray, and the computer had no problems getting, (and staying), on the Internet.
I returned the desktop computer to the gentleman, with a stern warning about updating Virus protection first, before doing anything else.