Windows Troublemakers Agent – Malware of the week

Yesterday, I had to remove this piece of malware from a customer’s computer. He was using Windows 7 but even in safe mode with networking, this loads up immediately on logging into Windows.

When you try to access task manager or some antimalware programmes, such as Malware Bytes, even if installed from CD, the malware stops the programme and give you a choice of “Suspend threat” or “Purchase license” – so this is a classic case of a ransomware programme.

In order to stop the malware process, as task manager is blocked (or closed whenever you try to access it), you have to use another means. In this case, I used the Rkill tool, which runs in a command prompt window and shuts down known malware processes. Once you’ve done this, you can either manually delete the trojan, or run a programme like malware bytes.

It was interesting because Troublemakers agent loads up before and in front of the windows interface. Luckily in this case, it hadn’t downloaded a whole bunch of other malware.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: