Tag Archives | rogue system utility

System Restore Rogue (Fake Utility)

One of the guys from work brought in his wife’s computer.  He was sure that the hard drive was bad.

Look!  It’s a Rogue pretending to be part of Windows and not a third party product.  This increases the trust factor and thus increases the chance of them buying “this feature”.

I was able to remove this rogue system utility  and secure the OS using the following steps: 

  1. Starting the PC in safemode with networking.
  2. Ran GMER.  GMER detected traces of an MBR Rootkit.
  3. Ran TDSS Killer and turned on additional scan options.
  4. Removed a TDSS File System. 
  5. Installed Malwarebytes and removed the rogue and some registry entries.
  6. Installed lot’s of missing Windows Updates
  7. Installed latest version of Java 
  8. Removed expired McAfee and installed Microsoft Security Essentials. 
Enjoy some more photo-age…











Continue Reading · 19

Quickly Unhide Files Hidden by Rogue System Utilities

My good’ole uncle Phil called me on the way home from work tonight and said that his hard drive had “lot’s of critical errors on it”.  I said “what said that, read it to me”.  In his military fasion he started reading everything thing on the rogue system utility GUI…I made him stop mid sentence and quickly told him it was basically a virus.

So to make a long story much shorter I got rid of the rogue quickly, by I needed to find an automatic and quick way of unhiding all the files that were hidden by the rogue (fake) system utility.  The solution?  A nifty free little program called UnHide.exe from guys over at bleepingcomputer.com.

UnHide is a mere 669 KB and just requires a double click.  Once it runs it starts unhiding files that were hidden by the fake system utility.  The entire process took about 5 minutes to unhide all of my uncles files (some Windows System files meant to be hidden stay hidden) and it also restored his start menu programs.  Awesome little app!


Continue Reading · 80