You are here: Home > System Restore Rogue (Fake Utility)

System Restore Rogue (Fake Utility)

One of the guys from work brought in his wife’s computer.  He was sure that the hard drive was bad.

Look!  It’s a Rogue pretending to be part of Windows and not a third party product.  This increases the trust factor and thus increases the chance of them buying “this feature”.

I was able to remove this rogue system utility  and secure the OS using the following steps: 

  1. Starting the PC in safemode with networking.
  2. Ran GMER.  GMER detected traces of an MBR Rootkit.
  3. Ran TDSS Killer and turned on additional scan options.
  4. Removed a TDSS File System. 
  5. Installed Malwarebytes and removed the rogue and some registry entries.
  6. Installed lot’s of missing Windows Updates
  7. Installed latest version of Java 
  8. Removed expired McAfee and installed Microsoft Security Essentials. 
Enjoy some more photo-age…

 

 

 

 

 

 

 

 

 

 



Subscribe

Subscribe to our e-mail newsletter to receive updates.

Related Posts:

, ,

  • Manny R.

    I’ve never seen an impersonating system restore application. First time for everything I guess. To be honest, that looks convincing, so to the average joe that doesn’t really know, I could see them falling for that.

    • Anonymous

      They almost bought it. She had he credit card out when he called me.

      • Manny R.

        Quick question: Maybe you noticed this, but most people never update their systems. I explain to my clients that it’s important but they tell me they either don’t understand what it wants to do or they rather blow it off. When I set up their computer again after an infection or out of the box I explain that I’ll put update to occur automatically and they don’t have to worry about. 99% of my clients appreciate it. Do you do the same with your’s?

        • Abottjen

          Most of the infections now come in through java. Windows is usually set to install Windows updates automatically out of the box.

          • Anonymous

            Yeah, that’s always seems to be the case. No one ever updates Java.

            • http://www.facebook.com/profile.php?id=100000897486045 Erik Slow

              I always update java! lol… but that is because i’m a geek and i know beater.

            • http://twitter.com/rescuenerds Nerds to the Rescue

              We just uninstall Java on the machines. Almost no one uses it – and if they are (like using a stock trading program) then the application will prompt them to reinstall it.

            • Anonymous

              Well sometimes it reminds you when there is an update out. I noticed that when you log in to Windows, and you leave the desktop idle for at least 2 minutes, that gives time for all the updater processes (such as Java) to run real quick and check for updates. When you start using your computer as soon as you log in, those updaters usally don’t remind you because you are busy. That is what I see at least for all the computers that I have seen. I do like Chrome thought because it updates flash with it. Only if there was a Java updater extension or something like that.

          • Anonymous

            They are set to update automatically out of the box.

  • Manny R.

    How long did it take you to remove this infection?

    • Anonymous

      about 30 minutes

  • Anonymous

    Hey Matt, have you seen that Trojan that makes your desktop into a puzzle? Its a funny virus, but still bad. Go look it up on YouTube. And will you do another review of MSE? The last time you did it it was a beta version, plus new features have been added since then.

    • Anonymous

      Ha! Now that would piss me off!

      • Anonymous

        Yeah, but all you would have to do is end the process via Task Manager. Funny virus though. And will you do a review of MSE again?

  • http://www.facebook.com/profile.php?id=586452856 Michael Barrett

    There is a Few Variants of this infection. Some do not remove the Same. TDSS Killer does not remove all. Please use the Kaspersky Rescue CD, Works a Charm to get rid of the Root Kit. Some times the OS needs to be re-installed. (Too Damaged) Also you have to restore Start Menu items.

  • Bubba

    wow interesting gotta watch out for that one you should do a review of that particular rogue.

  • Anonymous

    new version of this rogue requires a combofix run at the end of the steps I took in this post.

  • ZOU

    Typical scenario: “SHE had a credit card out”, “HE called me”. LOL

  • estechguy

Remove-Malware Traffic Stats