I use a notebook computer sometimes and at the weekend I found I was infected with a fake anti-virus program. This is a good opportunity to practice an investigation and find out as much about the malware as I can. I am going to write a series of blogs detailing what I have found out.
I’m not exactly sure how I became infected as I visited a number of sites during the weekend which were mostly relating to security matters. My notebook does not have anti-virus installed and I first noticed something strange when an Adobe Flash player update message appeared. The box displayed looked the same as the normal Flash updater but when I clicked “install” an error message appeared saying that the version I was installing was not up to date. I clicked cancel and then almost immediately Windows began to appear warning me that I had numerous malware examples installed and I should visit a certain site to install anti-virus software.
The malware has interfered with the running of many programs and I cannot run a command prompt or regedit and therefore cannot immediately run programs to examine what is happening on the notebook.
Some Internet research reveals that this is a new strain of what is a very common attack. Some articles relating to this malware can be found here
The descriptions in these articles match the symptoms I have been experience exactly.
I plan to make a copy of the hard drive for static analysis and hopefully find some way to dump the RAM.