Score One: Removed Rogueware via Remote Access

Post by **FlyingPenguin** » Fri Sep 03, 2010 4:30 pm

I'm surprised I won this battle. The client has a business in town that I manage the IT for, but I also take care of his home machine, mostly via remote access because he lives an hour's drive away and the only day he's there is on a weekend (and I hate working weekends). I rarely go there unless I have to and I thought I'd have to this time when he told me he had a rogueware trojan.

He got one of those classic but simple rogues going around. It blocks you from running any app except IE & FF and constantly throws gay porn at you while nagging you to buy the full product to remove your viruses. It sets itself up as a proxy so you can't brows any websites except what it wants you to (and you can't open IE settings to disable the proxy). You can't run Task Manager, DOS command line, or any utility that can disable processes, and it also blocks you in Safe Mode.

It's not a true rootkit because it loads rather late in the boot process. This sucker is easily circumvented by IMMEDIATELY hitting CTRL-ALT-DEL to bring up the Task Manager as soon as the desktop comes up and before the virus is loaded. Then disabling every process that comes up that's not required for minimal operation of Windows.

Works like a charm IF you are physically at the computer. I thought it would be a little dicey via remote control but I rebooted the PC via Logmein, then sat at the Logmein web portal continually refreshing until I saw the PC was back online, and immediately logged on. Even with the slight delay I still got on before the virus loaded - fortunately Logmein is a service and is loaded very early - even before the desktop comes up.

Then it was just a matter of killing processes, removing the virus startups and deleting the executables, removing the proxy and then running my standard cleaning with HijackThis, Hitman Pro, Trojan Remover and Malwarebytes to clean out the remaining debris.

It also didn't hurt that this was a fast quad core system and I didn't have to sit there waiting painfully for the system to respond. I hate it when I have to do a cleaning like this on a 6 year old PC with 512Mb or RAM - it takes twice as long.

DaMaN · Post by **DaMaN** » Fri Sep 03, 2010 7:28 pm

wow nice work, is "logmein" free or trialware?

normalicy · Post by **normalicy** » Wed Sep 08, 2010 9:38 pm

LogMeIn is free. But it's only supposed to be used for personal use when free. You still need to set up remote desktop or an equivalent though. I love the program for keeping my files handy.

Post by **FlyingPenguin** » Wed Sep 08, 2010 10:27 pm

I use the Logmein free for the most part. It does everything I need. Lately I've also been using Team Viewer.

revo1059 · Post by **revo1059** » Mon Sep 13, 2010 2:21 pm

I remotely clean systems with a decent success rate fairly regularly. I use PCDuo remote control. It's a paid app, we sell it with our software suite.