You are here: Home > Last Few Days of Pictures – featuring – Fake Antivirus and Hitman Pro

Last Few Days of Pictures – featuring – Fake Antivirus and Hitman Pro

The last few weeks have been very busy for me…business is good.   :-D  Fake antivirus and ransomware are back and more prevalent than ever (somebody secured their credit card processing systems :-P ).  

I’ve been using Hitman Pro with it’s barely publicized  ”forced breach mode” to kill the running fake av .  Hitman Pro has been pretty damn effective (yes, I owe them an apology), however I always need to follow up with a few cleanup utilities (which is normal).

Here are a few pictures from this week.

Security-Shield

Hitman-Pro-Finding-Malware

kill-av-registry


Windows-Security-Renewal Antivirus

Live-Security-Platinum

,

  • Dave

    Thanks Matt. Great post.

    • mrizos

      Thanks Dave.

  • http://www.selectrealsecurity.com/ Brian

    Thanks for the update, Matt. I’m glad to hear that you’re using Force Breach Mode. It’s an excellent feature!

    • mrizos

      Yeah, it’s awesome. It’s only failed to work 1 time so far

      • estechguy

        Lol Matt. I have always been jealous of you because you get all the fun removing malware. Most of my jobs this year have not dealt with malware. But of course your the one with the long time successful business. You lucky dog;)

  • John

    Like what kind of utilities do you follow up with if I may ask?

    • mrizos

      CCleaner, Combofix (sometimes) and Malwarebytes

      • http://techmansworld.blogspot.com/ncr MHazell

        I love to use CCleaner.

      • estechguy

        Do you ever use emsisoft emergency kit?

  • Abottjen

    Glad it worked for you

  • Guest

    What do you do when you have an obvious rootkit infection and yet none of the scanners (Hitman, Kaspersky, Combofix, Mbam, etc can’t as yet detect it? Sometimes these infections are new enough that they bypass detection. Any manual methods for detection?

    • jcitizen

      I hear ya Guest! I’m reading that all of the above are being bypassed more and more lately. I haven’t used Hitman yet, but Kaspersky’s Rescue CD 10 and TDSSkiller, couldn’t touch one called Backdoor.Win32.ZAccess.xxx – the last three letters would change constantly, I think it was a shape shifter, to avoid removal by Kaspersky. Avast was not updated so no wonder it got through in the first place. I later used it to remove it from the backup folder.

      • Guest

        I’ve had a lot of trouble with Zero Access Rootkits as well. I can rarely remove them because the only thing that detects them lately is Combofix, but it can’t remove it, or provide any information where it is. None of the other specialized ZeroAccess tools Matt’s suggested before say anything about an infection, but Combofix does every time I run it. Very frustrating.

        • jcitizen

          Looks like these companies need to do their homework, I suppose you could always use a LIveCD with something on it like BartPE to look at the boot sector files and manually delete it, but I haven’t advanced that far yet.

          It’s usually wipe and re-install for me, unless something is hiding in hard drive sectors marked damaged, or somebody’s firmware is infected, then the tactics have to change, but I’ve also successfully blown away malware like this before.

    • mrizos

      Personally, I just wait a few days until Kaspersky (or some other av vendor) is able to detect the rootkit. If it takes more than a few days I’ll just backup the clients data and then erase the drive

  • sheen

    Hi Matt! Good day! nice post, BTW I don’t know where to post request but here I go :D

    Can you make a review on Panda Cloud Antivirus Free since its already final version 2.0. Thanks!

  • John

    Zero access rootkit what works and what doesn’t?

  • John

    Just for you guys wanting to know how to remove zero access rootkit, I went on YouTube and found a video by foolishit that shows you how to remove that rootkit using d7. Do a search for D7 zeroaccess removal on YouTube.

    • jcitizen

      Good one John! Excellent video! I do a lot of remote work, so techniques like that one rock!

  • John

    You can also look at remove zaccess rootkit and other malware on YouTube, that also shows you how to remove zero access using D7

  • Guest

    My mom got Live Security Plat. yesterday, and I googled how to get rid of it. One article has a activation code that works (It’s so much friendly after that) I tried finding it for you, but I couldn’t.