Beware of ProtectionReads.com (or, How To Clean an Infected Computer)

There's a bug (one of many) out there that prompts users with a popup, warning them that their computer is infected with all sorts of bad stuff and they can only fix it by going to ProtectionReads.com (don't go there) and paying for their anti-malware solution. Not sure if this is necessarily hostage-ware (infects/locks up your system, only to be unlocked if you pay the bad guys to remove it) or just a typical virus scheme, but whether you click to agree or cancel, it directs you to ProtectionReads.com (don't go there) anyway. It is of the utmost importance that you DO NOT go to that site, under any circumstances, unless you want your computer to be screwed. Further, it hasn't been reviewed or blacklisted by Site Advisor yet, so it'd be easy to get caught with your guard down.

This false warning popped up on a friend's wife's mom's computer (whew), which we found out was already infected with a bevy of other malware and trojans. The owner was completely unaware of it, and blamed her son-in-law for messing up the computer when he was merely uncovering the situation. He promptly called me and asked what to do about it. Among other things, I suggested he download and run SpyBot, MalwareBytes.org's Anti-Malware, Avast! antivirus, and finally RegScrubXP.

Funny thing, though, Internet Explorer (the most virus-prone browser in the universe) wouldn't "allow" him to go to those sites or download any of their programs. The sites were blocked (presumably by the malware already infecting the system) as being flagged for suspicious activity that could harm the computer. Clever self-preservation technique, herr malware. The only way to get these programs was to install Firefox — the downloading of which apparently wasn't on the block list within the infecting bytes — and download the needed tools through FF.

Once FF was installed, Spybot was downloaded, installed, and run, coming up with hundreds of problems, and its real-time monitoring TeaTimer.exe app kept catching malware trying to change registry and system startup entries. The items it flagged were all fixed, but problems remained, particularly a nasty "s.exe" file in the Windows task manager that was using 50% of the CPU time, consistently. The process could be manually terminated, but always reappeared after rebooting.

Article Author: Mark Buckingham

Mark Buckingham is not only BC's Sci/Tech Editor-In-Geek, but also an avid freelance writer, gamer, techhead, reader, movie watcher, pianist, and hockey player.

Visit Mark Buckingham's author page — Mark Buckingham's Blog