Last Few Days of Pictures – featuring – Fake Antivirus and Hitman Pro

The last few weeks have been very busy for me…business is good.   😀  Fake antivirus and ransomware are back and more prevalent than ever (somebody secured their credit card processing systems 😛 ).  

I’ve been using Hitman Pro with it’s barely publicized  “forced breach mode” to kill the running fake av .  Hitman Pro has been pretty damn effective (yes, I owe them an apology), however I always need to follow up with a few cleanup utilities (which is normal).

Here are a few pictures from this week.




Windows-Security-Renewal Antivirus



21 Responses to Last Few Days of Pictures – featuring – Fake Antivirus and Hitman Pro

  1. Dave July 24, 2012 at 4:54 am #

    Thanks Matt. Great post.

    • mrizos July 24, 2012 at 3:39 pm #

      Thanks Dave.

  2. Brian July 24, 2012 at 4:57 am #

    Thanks for the update, Matt. I’m glad to hear that you’re using Force Breach Mode. It’s an excellent feature!

    • mrizos July 24, 2012 at 3:38 pm #

      Yeah, it’s awesome. It’s only failed to work 1 time so far

      • estechguy July 25, 2012 at 4:22 pm #

        Lol Matt. I have always been jealous of you because you get all the fun removing malware. Most of my jobs this year have not dealt with malware. But of course your the one with the long time successful business. You lucky dog;)

  3. John July 24, 2012 at 6:32 am #

    Like what kind of utilities do you follow up with if I may ask?

    • mrizos July 24, 2012 at 3:38 pm #

      CCleaner, Combofix (sometimes) and Malwarebytes

      • MHazell July 25, 2012 at 4:28 am #

        I love to use CCleaner.

      • estechguy July 25, 2012 at 4:26 pm #

        Do you ever use emsisoft emergency kit?

  4. Abottjen July 24, 2012 at 10:14 pm #

    Glad it worked for you

  5. Guest July 25, 2012 at 1:40 am #

    What do you do when you have an obvious rootkit infection and yet none of the scanners (Hitman, Kaspersky, Combofix, Mbam, etc can’t as yet detect it? Sometimes these infections are new enough that they bypass detection. Any manual methods for detection?

    • jcitizen July 25, 2012 at 5:51 am #

      I hear ya Guest! I’m reading that all of the above are being bypassed more and more lately. I haven’t used Hitman yet, but Kaspersky’s Rescue CD 10 and TDSSkiller, couldn’t touch one called – the last three letters would change constantly, I think it was a shape shifter, to avoid removal by Kaspersky. Avast was not updated so no wonder it got through in the first place. I later used it to remove it from the backup folder.

      • Guest July 25, 2012 at 10:22 am #

        I’ve had a lot of trouble with Zero Access Rootkits as well. I can rarely remove them because the only thing that detects them lately is Combofix, but it can’t remove it, or provide any information where it is. None of the other specialized ZeroAccess tools Matt’s suggested before say anything about an infection, but Combofix does every time I run it. Very frustrating.

        • jcitizen July 25, 2012 at 3:17 pm #

          Looks like these companies need to do their homework, I suppose you could always use a LIveCD with something on it like BartPE to look at the boot sector files and manually delete it, but I haven’t advanced that far yet.

          It’s usually wipe and re-install for me, unless something is hiding in hard drive sectors marked damaged, or somebody’s firmware is infected, then the tactics have to change, but I’ve also successfully blown away malware like this before.

    • mrizos July 30, 2012 at 4:39 pm #

      Personally, I just wait a few days until Kaspersky (or some other av vendor) is able to detect the rootkit. If it takes more than a few days I’ll just backup the clients data and then erase the drive

  6. sheen July 27, 2012 at 1:29 am #

    Hi Matt! Good day! nice post, BTW I don’t know where to post request but here I go 😀

    Can you make a review on Panda Cloud Antivirus Free since its already final version 2.0. Thanks!

  7. John July 27, 2012 at 1:44 am #

    Zero access rootkit what works and what doesn’t?

  8. John July 29, 2012 at 8:02 am #

    Just for you guys wanting to know how to remove zero access rootkit, I went on YouTube and found a video by foolishit that shows you how to remove that rootkit using d7. Do a search for D7 zeroaccess removal on YouTube.

    • jcitizen September 7, 2012 at 5:04 am #

      Good one John! Excellent video! I do a lot of remote work, so techniques like that one rock!

  9. John July 29, 2012 at 8:06 am #

    You can also look at remove zaccess rootkit and other malware on YouTube, that also shows you how to remove zero access using D7

  10. Guest July 30, 2012 at 7:01 pm #

    My mom got Live Security Plat. yesterday, and I googled how to get rid of it. One article has a activation code that works (It’s so much friendly after that) I tried finding it for you, but I couldn’t.

Leave a Reply