Malware Has Evolved!!

Just a quick note to consumers infected with malware. Today's malware programs have become so sophisticated that you may not realize that your computers are infected until too late. And uninstalling these programs can be a real nightmare. Yesterday (Aug 17th) I had a call from my sister stating that her computer had become unmanageable, her browsers had been hijacked and she could not use her computer to work as she is accustomed to. She has a Windows 7 laptop. Her browsers had all been switched to "My Websearch". Try as she could, she could not return her system to her default homepage. All her web connections had to go through "My websearch", which conveniently kept her away all specific anti-virus websites. When I started my phone consultations with her, I figured on spending about 30 minutes removing the malware and resetting her system. Easy pickings, I thought. I am no stranger to "My websearch". I had removed this cursed piece of malware many times from clients' computers. So I walked her through using Control Panel's Programs and Features to locate and uninstall "My websearh". Surprise; it was not listed. Search could not find any such program or file! She could not get to specific anti-virus sites from Internet Explorer or Firefox. To complicate matters further, she had partially deleted Firefox prior to calling me. She thought that would have eliminated the problem. Instead, it had ground her computer to a halt when accessing other programs. She was too inexperienced to walk her through editing her registry and all her local anti-virus programs had been switched off by the malware. Several hours later, having exhausted all my regular regimen and too far away to go pick up her computer to work on it myself physically, I decided to fool "my websearch" into giving her access to some anti-virus sites. Since we could get online only through Internet Explorer in safe mode, I told her to search for non-specific anti-malware sites by connecting to Yahoo.com and following any story listed there. When she complied and was allowed to follow a story, I asked her to simply type in the search bar the broad term "anti-malware sites". We were able to locate MalwareBytes.org and download one of the most potent anti-malware programs on the internet: MalwareBytes! The download and installation went quite smoothly and, within minutes, we were well on the way to solving her problems. With the deployment of Malwarebytes, she was able to locate and remove 37 pieces of malware already on her system, the result of "My Websearch" turning off her local anti-virus program. I gave her further instructions to reset her system and hung up, exhausted. Then I got to thinking about the new invisibility tricks employed by "My Websearch", Sweetpacks and Snapdo. They are quite similar and fairly recently employed. They all do not list themselves in the installed programs file, hide themselves outside the registry, and make multiple linked copies of themselves so that their programs can function if one link is removed. They also make direct changes to the config files of the infected browsers and disable the reset commands there, ensuring that the browser remains compromised. I am pointing out these features here for 2 reasons. Firstly, consumers should be aware that new weapons must be employed in the fight against malware and, secondly; there is a need for technicians to pool their resources and exchange effective techniques in removing malware. Malware attacks all of us indiscriminately, causing thousands of dollars in lost productivity and aggravation. If you are a technician who routinely deals with malware removal, please link to this blog and tell us about your techniques. Thanks in advance.