My work has been getting a blizzard of viruses sent in email recently. It's not a problem as we just block them at the firewall but the intensity is a bit daunting.
They are all of the same flavor.
In the case I've seen it installs a fake virus scanner that claims to find a lot of fake viruses and for a more $50 you can get the "license key." If you don't payup then your computer continues to pop up a million windows and pretty much won't let you do anything. Symantec and other virus scanners are disabled and the task manager won't run. We call this "Ransomware."
One of these little creatures is called Protection Center which is stolen from a Microsoft Product, but it's not from Microsoft. You can see a picture of it here:
Best way to deal with it is to reboot into Safe Mode by restarting and pressing F8 repeatedly and then running a virus scan. There are faster ways to kill it by using msconfig.msc and manually deleting it and the associated registry keys but that takes more know how.
While it's actually a very interesting virus I don't fully understand it enought to really expound on it - most of it is non-functional crud and the web addresses have a lot of extra characters that are taken out at the last second. it is very obfuscated but with a little effort you can read it. There is an excellent analysis of it here:
As with most things it's better to prevent it from happening in the first place.
If you are a Windows User:
- Don't click on weird links or attachments
- Run as an unprivileged, non-administrative user
- Disable Java in your browser
Firefox 3.0.6: Tools-options - click on Content and uncheck Enable Java
Seamonkey 2.0.4: Edit-preferences - click on Advanced and uncheck Enable Java
internet Explorer 8.0.6001: Tools-internet options - Click Programs, click manage add-ons, click on Java and click disable (along with any associated java add-ons).