Clean This Virus…

I just thought I would put up a message about a virus I fixed last night. It is called “Clean This” and it is a variant of the “Think Point” virus. It appears to initially infect web servers, thereby infecting users as they visit an infected server. A realistic looking error (often trying to look like a Microsoft message) pops up telling the user that their computer is infected. By clicking any of the buttons, the malware is installed. Once installed, it tries to get you to pay for the “professional upgrade” in order to actually clean the infection. More than likely what really happens is that your credit card is now in the hands of fraudsters and you won’t get your computer back unless you have someone else clean it.

Your best bet is to not click anything and then to reboot your computer. This should make it so the virus does not get installed.

Over the past eighteen months, Tech Rescue has almost averaged at least one “fake antivirus” cleaning per week. One thing I noticed about this particular virus is that it is still active in Safe Mode. I had to take the client’s hard drive out of their laptop and hook it up to different machine. Even after disinfecting it in my machine, I still had to disinfect it again once I reinstalled the hard drive. It was definitely a nastier bug than previous versions.

Please continue to be wary!