This post continues the story of my PC being viciously hacked after visiting a rogue website. Every few minutes there would be a popup from a new icon in my system tray. This popup stated that Windows detected spyware on my computer. There were a couple tell tale signs that this message actually came from the malware. The popup continued to say “that it recommend [sic] that I allow it to automatically download antispyware software to prevent [sic] problems.” Usually Microsoft spells words correctly in its error messages.
I saw that a program called “brtask.exe” had been installed in my Windows system directory. And I could not delete the file. It was locked because it was in use. At first I could not get my Task Manager running because the malware was preventing me from running it. However I installed another type of Task Manager. But the process did not show up in the list of active processes.
My initial reaction was to run some antivirus software. I had an old copy of McAfee from 2007. Here was the odd thing. The McAfee software could not perform an update. It thought that I was not connected to the Internet. I suppose this was more shenanigans from the malware. I still ran my old copy of McAfee antivirus. It did the trick to get rid of the popups from the system tray. However my Google search results were still being hijacked with bogus links.
This time I turned to a software I was not familiar with. I installed and ran Anti-Malware from Malwarebytes. This software also was unable to update itself. It thought my computer was not connected to the Internet. This evil malware was quiet tricky. Luckily I had version 1.30 of AntiMalware, which might even be the most recent version. Running this software got rid of my Internet Explorer hijack. The version I had was free. Thanks Malwarebytes.
Regardless of the extra work this malware brought me to clean my system, I still thought it was quite an impressive piece of work. It had some tricks to ensure I could not manually eradicate it. Good thing a couple antivirus software packages were able to quarantine it. I wonder how much work went into constructing this piece of malware. And I fear the evil deeds it was secretly accomplishing when it was running on my PC. For now I am going to keep McAfee antivirus running all the time. And lucky for me, it now is able to update itself from the Internet.
Getting Access to the Code - Right now I am working on a tiger team to research why this new reporting system has different data than the old one. Most of the time I try to figure out...