So I had a run in with Zlob tonight. Someone sends me a link to one of those "you gotta see this" videos, and when I click the link, I get a web page with a Media Player window that says "Media Player can't play this file." and the info bar comes up asking me to download the Video ActiveX Plugin.
Stupid me. I clicked it. Windows Defender pops up the "you moron" alert. Of course, it hijacks my browser and can apparently be used to download other software. This version of Zlob doesn't match the info I've been finding, so I have to work from scratch.
Now to get rid of this thing. I tried GiPo's Move on Delete, but it can apparently only move one file at a time, and Zlob uses two different executables, one of which launches the other. That way, if you kill one, the other one kicks off anohter process.
The other problem is that my PC was recording a TV show, so I didn't want to reboot.
So the solution: change permissions on the executable files. I opened the Program Files directory and hit Properties on the Video ActiveX folder. I click the Security tab, then Advanced, then Edit. I un-check "Include inheritable permissions from this object's parent" (they sure did bury this one deep).
After clicking OK, I am asked whether to copy or remove the permissions. Since I want no-permission files, I click Remove.
Now I kill both tasks in task manager. Surprise! They don't come back! Finally, Windows security works for me instead of against me.
Now to add the permissions back in and remove the files for good.
The irony? This malware program hijacks your browser, pointing to a page that sells malware protection. In other words, "Pay us to remove this program!"
Sounds like extortion to me.
Change your reality. The real world around you may not be what you see.
No comments:
Post a Comment