New
#1
Malware Infection?
I'd appreciate any advice on the following Malware problem. My girlfriend's computer was 'hijacked' a couple of days ago by some malware which claimed to have 'locked' the computer and demanded payment for 'unlocking'. It was obviously a scam though looked 'official', stating her IP address and location (both wrong, by the way!) When she tried going on the internet, the malware webpage appeared again, taking up the whole screen and allowing no other access, only a hyperlink to 'payment'. She's running Windows 7 Home (64-bit), uses mostly Firefox for web access. I loaded Spyware Blaster, Malwarebytes and Avast antivirus for her some time ago and she updates these religiously as well as running regular scans (I've taught her well!) However, may be just coincidence, but this malware hijack happened a very short time after a Windows Update. I noticed the malware had slipped an entry into 'msconfig' startup. It was showing a row of numbers with an 'exe' extension. So that would explain why it kicked in each time. I tried unticking the entry and rebooting. I saw it remained unticked in 'msconfig', though still there in the list as unchecked. Logging on to the web, the malware page again reappeared. Checking 'msconfig' I saw it had simply placed another 'number' entry with 'exe' extension. Here's what I did to 'cure' the problem, so far working but I'm still unsure whether I could or should do more to prevent this happening again to her. I unplugged her router. Using 'CCleaner'>Tools>Startup>removed offending entries. Manually flushed the 'DNS' cache via 'Command Prompt'>Run As Administrator>typing 'ipconfig/flushdns' Peformed an 'sfc' scan of her hard drive: as above + 'sfc/scannow'. This showed no problem. I also cleared out her Windows>Prefetch folder I then ran a full Avast and Malwarebytes scan of the system. Nothing was flagged. Though I'm aware malware can possibly infect System Restore, I decided to roll back her system to a month ago - thankfully, with my encouragement, she'd already set up daily system image + restore backups! My next move was to run full scans of the new restore - nothing amiss. The computer's been running perfectly since, the malware appears to have gone. However, I'd welcome any comment on the above, any steps I should have taken and other advice or software to include for future prevention. Many thanks