It all started when i clicked last night the link supposedly posted by on one of my students in Facebook. I doubted it as malware but still i have to click it for a try… 🙂 A sort of experimenting with malwares.
After confirming it was a malware, i immediately tried to post a comment on the status message, as shown above. But it didn’t work. The malware prevented anyone from posting a comment on the status message.
After clicking the link above, a fake “Windows Security Update” window appeared on my desktop showing a sort of summary of supposedly infections on my system. My iObit Security 360 prompted me of an item trying to start up. But before i can block it, the malware overpowered iObit by disabling the latter.
Clicking either the “OK” or “Cancel” on the “Message from webpage” window will open a fake Windows Security Alert window as shown below. You will be tempted to click the “Remove all” button thinking it will crush the infections. But either clicking the “Remove all” or the “Cancel” buttons, it shall open an executable file from itryv.eu— which is supposed to mean the site for the Initiative To Reduce Youth Violence.
Clicking Run will install the malware on your system. So, i have to click cancel after taking a screen shot. I opened the Windows Task Manager and terminate the svchost which is listed as an application. Obviously it is fake because svchost is a windows process, not an application, from the Dynamic-Link-Libraries (DLL) of the windows system.
To save the rest of my contacts, i tried to post two advisories on my FB wall telling everyone not to click similar link and i even posted the screen shot of the link on the status message of Cynthia.
Few minutes later, i could no longer write a status message on my wall. It was totally HIJACKED by the malware. Every time i posted a message, the malware link will instead appear on my wall as my new status message. I tried removing it but the status message will reappear.
Combining the strengths of McAfee Anti-Virus Enterprise, Kaspersky Virus Anti-Removal Tool, and ComboFix–i successfully kicked out the malware from my system few minutes prior this writing (about lunch time today). Whew!!!!
Lesson: Don’t ever ever click a link on a status message if it has no personal message of your FB friend. Otherwise, you’ll have a major major system trouble.