A nasty browser hijacker.

I was working at a computer that couldn’t get far on the Internet without this annoying page popping up.

2015-04-13 13_23_18-Windows Browser warning! - Internet Explorer

To make matters worse, a Javascript pop-up window with a phone number kept appearing and would not go away no matter how many times you clicked on the button to close it. I suspect there are multiple instances of this window to keep it on your screen and to keep you from going anywhere else on the Web.

The site producing this page is pc-support-messages.com, which is one of the nastiest browser hijackers I’ve seen. You can only go to a few web sites before this hijacker kicks in and takes you to the page claiming your computer is infected.

I attempted a reset of Internet Explorer, which didn’t fix the issue. I also ran a scan using the Malwarebytes Antimalware scanner, which found and removed the malware, but the problem still persisted, much to my surprise.

I think what saved the day was the HerdProtect scanner I keep on the flash drive attached to my keychain. It too found some malware, and after removing them the problem finally disappeared.

Saving the world from evil software.

I just concluded a brief, 3-day tenure of employment with a tech support company that specializes in fixing general computer problems in which the agent remotely connects to the customer’s computer for the necessary troubleshooting and repair. Afterwards the customer is slapped with a hefty bill for services rendered. The most troubling part of this process is that the tools the agents use are actually freely available on the Web and capable of repairing malware and slow speed issues without the large expense. I list these tools here.

  • CCleaner – Probably the most popular cleaning utility online.
  • Malwarebytes Anti-Malware – This excellent malware scanner has saved me time and time again. As part of the services provided by this tech support company, a license to the premium version is purchased.
  • Hitman Pro – Not a free program but its 30-day trial still kicks some mean malware butt.
  • herdProtect – This free, cloud-based malware scanner uses 68 malware engines for an extremely thorough scan of your system. The agents use this tool after the trial period for Hitman Pro expires.
  • Geek Uninstaller – Used to remove programs that cannot be uninstalled using normal methods. It’s free and requires no installation.
  • AdwCleaner – A free, no-install malware scanner that removes unnecessary toolbars and browser hijackers. This one is used by agents at the next level of support.
  • Revo Uninstaller  – Another excellent free uninstaller that removes every last trace of programs it removes, including folders and registry entries. I’ve been using this at home for years. Also used by higher level support agents.
  • Recuva – A free file undelete utility. I’ve used it myself and it’s worked wonders.
  • Speccy – From the same company that made CCleaner and Recuva comes this handy, free system information utility that gives you a detailed report of what’s in your system.

There are some web sites used by agents in determining which programs to remove in the Add/Remove Programs window. Should I Remove It has a searchable database of programs and gives you a description of that program along with a number indicating the percentage of those users saying they would remove it. Anything with a rating above 50% definitely gets removed. Pacman’s Portal is another site used to identify malicious programs.

Should I Block It is a handy site used to determine if  a certain process in the Task Manager is malicious. All these sites are freely accessible from all over the world, so this is hardly proprietary company information I’m exposing here.

You can either pay tech support companies $200 to install and run these programs for you or you can spend $25 for the premium version of Malwarebytes Anti-Malware and run the free tools yourself. No wonder this tech support company is growing so fast as they keep finding ignorant customers unaware of such a powerful arsenal of free tools at their disposal. You need not be one of them.

Windows Advanced Security Center.

Recently I did a tech support call with a customer who having some serious computer problems. He was reporting receiving a barrage of notifications from some program called Windows Advanced Security Center. It reported finding some infected files that required an upgrade to the full version to clean up. Right away I knew this was a piece of malware even though I had never even heard of Advanced Security Center before.

A quick search took me to this page which has some basic information on this menace. From reviewing the information, I can only conclude that this has got to be the most evil piece of malware ever created. It’s installed without your knowledge and looks exactly like the Security Center included with Windows. It kills legitimate anti-virus and anti-spyware programs and fools you into thinking it’s protecting your computer with fake alerts and notifications. It also takes over some of Windows’ functions such as Automatic Updates and the built-in Firewall. To make matters worse, there isn’t even a full version of this program.

Worst of all, this program is very hard to remove. There is no entry in Add/Remove Programs, nothing in the start menu or the Program Files folder. The customer I was working with on this issue couldn’t even do a system restore. Unfortunately it looks like he’ll have to re-install his operating system from scratch and be more careful of where his online travels take him.

In the long run, the best way to get rid of Advanced Security Center is to not get it in the first place.