Tuesday, January 31, 2012

Beware of Nasty Spyware!

So, went to use our home computer the other night only to find it infected with a Spyware product called "System Check". Of course at the time I didn't know that and things didn't look good at all.

There were numerous pop-up messages about file corruption, RAM memory failure, damaged hard drive clusters, etc. This spyware also produced this official looking System Check utility that displayed the "PC Performance & Stability analysis report", which was dire at best.

I couldn't do much of anything - I was unable to launch the Task Manager, open Explorer, the registry editor, etc. When I was finally able to get Explorer opened most of the files and folders were gone or so it appeared. Although, I do a pretty good job of backing up our important data and pictures, I've not done it in a couple months, so we were concerned and upset at what looked like a complete loss!

Like a special ops person my training in this area allowed me to overcome these obstacles and triumphantly rid our computer of this nasty spyware - WINNING!

This nasty program modified the computers registry in numerous places. For example, it flagged all files and folders as hidden (which is why they appeared to be gone), it hide Task Manager and the desktop and added "CyisMyTSAH.exe" to the Run section of the registry. Any and all items listed in the Run section get executed each and every time the computer is rebooted - very sneaky and very nasty.

The premise behind this attack is to get the infected users to purchased the full version of this fake utility, which they claim will "fix" all the problems. BEWARE, this is a scam! All they want is your money!

No comments: