Infopost | 2010.04.02

John McAfee MP5

I had to de-virus a computer today and since casual googling didn't turn up any results I thought I'd share the fix with the interwebs. It came from some hulu-ish site, I'm not sure the details on how it passed as innocuous.

It installs an app that appears to be a generic looking antivirus program. It continuously prompts you to purchase the full version from a domain called pc-fortress or something. Trying to run anything from word to regedit results in the window being killed with a kind dialog, 'this executable is infected, want to purchase the full version?'

Bleh. That's why WinMo programmers have it so easy, MS apis must be full of great stuff, like an interface to kill whatever OS app you feel like.

So basically you just restart in safe mode cause the malware author sucks and needed Windows to start it. For me, the startup tab of msconfig had sknqxoufx, an exe located in one of the user data/app data hidden folders. The name could be randomly generated (again, no google results). With the autostart box unchecked and the directory removed, problem solved.

Other news in brief: lots of work... Malaysia GP - not a good RBR track still excited... still need lawnmower... Shred The Gnar won 3-2 on Thursday... Arthur coming into town soon... Resto Hardware duvee rather nice... header bolt fell off Duc...

tags: virus


Comments:
Chris

Hate mac fanboys so much...


osx ftw


osx ftw