tagline in progress

Cleaning Up After Fake Antivirus Attacks

Lately there’s been a rise of “Scareware” – bad software that appears with some convincing error messages. The problems found will go away, but only if you install their cleaning software for a reasonable fee – usually around $80. The problem is that the only bad software on the computer is the one proposing to help you.

Some particularly vicious infections go the extra mile and use convincing error messages and try to recreate symptoms of a hard drive failure. Removal is fairly straightforward: a combination of Malwarebytes and Microsoft Safety Scanner take care of the the offending files, but often the symptoms of the infection can remain.

Hidden Files

For example, after removing WindowsRecovery, SystemRecovery, UltraDefragger, WinHDD or other variations of the same malware, files may still be hidden. You can either unhide all files manually using the file properties dialog, or use Unhide.exe from BleepingComputer. They also offer a lot of details on the malware itself. To run the tool, they provide the following instructions:

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

The hard drive error malware also moves files from the Start menu and Desktop. Here’s a pretty good step-by-step walkthrough from SmartestComputing, including the link to the Unhide utility above.

In my experience with the malware, no removal instructions addressed restoration of the Desktop. The files were there and unhidden on the drive, but not visible on the Desktop itself. The fix I used came in the form of a .reg file from Look for “Download fix_desktop.reg”. The downloaded file makes changes to your system registry, so be sure to review and/or backup before running it and accepting the modifications to the Windows registry.

Windows Update Won’t Activate

The final issue, perhaps caused by other malware, caused problems with Windows Update. During the final cleanup stages, I noticed a red shield from the Windows Security Center telling me that Windows Updates were turned off. Clicking the button as instructed to resolve the condition resulted in an error message: The security center could not change your automatic updates settings.” The following solution has worked on two different systems.

Try registering the following:
Click Start, select Run and type:

regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 atl.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
Press enter after each one and wait for the success message.

Thanks to Tom Rafferty’s link to the original Google Groups article.

Hopefully, collecting these small fixes into one location will prove helpful. Know of better resources? Leave a comment.

Categorised as: Answered, Tech Notes

Comments are closed.