Monday, May 02, 2011
"MS Removal Tool" or "AntiVirus 2011" can be particularly dangerous ransomware; discussion of Malware Bytes
James Derk has an important article “Virus helps scammers get credit-card data” syndicated by Scripps Howard, printed recently in many newspapers (p D7 May 2 in the Richmond Times Dispatch, for example). Here Is an original link. A symptom of infection is sudden change in desktop background and a popup.
He discusses a particularly disturbing rogue or ransomware virus which locks up your computer (called “MS Removal Tool”, “AntiVirus 2011” or Tool 2011” and demands that you enter a credit card to activate it. It also disables your anti-virus software. He suggests that the victim look (on another Computer) for a product activation code for it on the Web and enter the code as if you had really purchased it. He also recommends a product called “Malware Bytes” (website link).
Here is another writeup on the virus. Not all versions of the virus completely lock up your computer. This writeup also discusses Malware Bytes.
One time a couple weeks ago, a picture that I had taken and clicked on in Explorer became my desktop background (in W7), but I just changed it back and nothing else happened. Webroot showed no infection.