Malware Alert: How I regained control of my PC after a malware infection

By JIM BROOKS
Nelson County Gazette

Friday, Nov. 12, 2010, 6 p.m. — Late last night I was at my desk checking e-mail and looking up the latest news while I researched some other news items related to a breaking news story.

With my story completed and posted on The Nelson County Gazette, I was ready to kick back for some recreational Web surfing, starting with a visit to eBay to follow up on some auctions.

Somewhere in the process, a pop-up window opened and my browser of choice — Google Chrome — immediately shut down. The pop-up window was titled “Microsoft Security Essentials” and offered “Potential threat details.” The first pop-up was followed by another .. and another. I tried to open Chrome again — which resulted in another pop-up window.

I don’t have Microsoft Security Essentials installed on my computer; I knew from a previous encounter with this malware that my desktop was now infected with FakePAV.

REMOVING FAKEPAV. It took some digging around on the Web to find how to remove FakePAV from my computer. The problem is that you can’t use Task Manager to see the processes in order to identify which one is causing the problem. FakePAV runs in Safe Mode too, disabling any software that might help you find it.

The best removal instructions can be found on the Bleeping Computer web site.

To remove FakePAV, the first step is to stop the FakePAV process from running. To do this, you must download a file called rkill.com, which scans your computer and disables FakePAV. After this, you can take steps to install or update your antivirus or malware detection software which can find FakePAV and remove it (ironically, the REAL Microsoft Security Essentials program will detect and remove the fake version — if the program files are kept updated).

Click here to download rkill.com.

Downloading the file to your computer’s desktop will make it easier to find. If you can’t download it on your infected computer (which is the problem I had), you’ll have to download it on another computer, put it on a thumbdrive and copy it onto your infected PC. Place the file on the desktop to make it easy to find.

Once you have the software on the affected PC, double-click on rKill.exe to run it. It will stop any of the processes associated with FakePAV.

UPDATE YOUR ANTIVIRUS SOFTARE … At this point — without the malware operating, you should be able to start your antivirus software. Once it is running, find the “Update” selection in the menu and update the software. Once it is updated, run a complete virus scan.

… OR DOWNLOAD MALWAREBYTES’ ANTI-MALWARE. If your virus scan fails to find files associated with FakePAV, I recommend downloading Malwarebytes’ Anti-Malware program, which will also locate and remove FakePAV. I have used this software on several PCs and found it to be very effective — and free of charge to boot.

Click here to download Malwarebytes’ Anti-Malware.

Once the download is complete, doubleclick the downloaded file, mbam-setup.exe. This will start installing the software on your computer. Once the installation is complete, allow the software to check for updates and install them. Once updated, have the software scan your computer using the “Perform Full Scan” option.

When the Anti-Malware software completes its scan, it will have a list of malicious software it has detected. Click the box next to the files and click the “Remove Selected” button.

Click here for the complete instructions on the Bleeping Computer web site.

-30-