This Article Was Written By Josh Dimino of The College at Brockport SUNY.
Contact Josh at JoshDimino@gmail.com

This post is a little different then some of the other articles we will do for this site. Today’s topic isn’t a new or trendy product or technology that deserves my analysis and promotion – but rather an extremely useful and potentially “life saving” piece of security technology your PC may be in desperate need of.

At the beginning of this past week – I was hit with a nasty virus that rendered my PC unusable. When streaming videos on my lunch at work, a box popped up in the middle of my screen telling me to download Palidin Anti-Virus because it detected my computer had no anti-virus protection. I knew this was a scam immediately because I had just recently purchased McAfee Anti-Virus, and because this prompt window had no exit “X” button to close out of the window. Any legitimate program would have the option to close. As I was putting this together it automatically started an install behind the pop-up box, with no option to stop the install. I tried to “alt-F4” it to force close the program. It worked for a few minutes before the whole thing happened again. When it finished I tried to open McAfee to scan and remove the bad files, but when I clicked on McAfee nothing would happen, not even an hourglass. My computer became virtually useless until the “blue screen of death” (the windows error screen) came up and my computer automatically restarted. After that I was unable to enter my username and password to even log on to my user interface.

Palidin is a rogue antivirus program which acts as a clean-up program. It is one of several fake software programs that often come bundled with trojan-rootkits that block legitimate anti-spyware software from removing it and its corrosive components. Rootkits currently represent the greatest threat to PC users. They install themselves invisibly on a target system and give the attacker full control over the system. Once installed, clever hiding mechanisms make Rootkits very difficult or even impossible to detect. To get rid of this kind of problem you have to remove the trojan-rootkit first. This can be done with two programs.

Start by restarting your computer, the press and hold F8 key for 3 seconds after your computer initially powers on (right away!). Once you see the Advanced Boot Options menu (or hear a beep) you can stop. Then use the up/down arrow keys to highlight first “Last Known Good Configuration,” which is what worked for me, or if that doesn’t work with the following steps, then do the previous and instead select “Safe Mode with Networking” and press Enter. You should see drivers loading, this may take a few moments. You should then be at the Welcome Screen. Logon to your computer using an account with Administrator privileges, and log online and do a Google search for “Combofix” and for “Malwarebytes” or “MBAM” for short. Download both programs, both are TOTALLY FREE, and first run the Combofix scanner. This program is able to dig deep within the system to pull out the rootkit trojans that bury themselves so deep into your computer, the most popular pay scanners including Norton Antivirus, McAfee, and Spy-Sweeper cannot detect. Give this program full access despite a few warnings that may pop-up, these only appear because the scanner is digging so deep into the computers opperating processes to search for the trojan. After this scans and restarts your computer, run the “Malwarebytes” scanner to remove the rest of Paladin and the remaining traces of the trojan. When MBAB is done, your computer will again restart and it should be back to its old-self, if not better from other hidden viruses that your professional scanner missed.

It really is concerning that the expensive scanners miss these devastating trojans, and free scanners only a google search away can eliminate them in under a half hour really astounds me. These viruses are becoming more and more prevalent since they are so tricky to erase. If you think you may have been compromised, or even if not – it still is a good idea to run these deep scanners to make sure you are clean and that no-one has hacked into your computer.

There are a few alternate ways to take care of this same problem. If this doesn’t work for you or someone you know with this problem, please look to this discussion board for further tips on how to remove the virus and rootkit. http://tinyurl.com/y97qp9w

This Article Was Written By Josh Dimino of The College at Brockport SUNY.
Contact Josh at JoshDimino@gmail.com

Advertisements