New Malware… Smart Fortress 2012

Our Chicago IT Managed Services team received a call late last night from a CPA working late (it’s tax season). The new malware infection was called “Smart Fortress 2012.” When the computer first boots up, the Internet works, but shortly thereafter, the Internet on the infected computer disables itself, and you are not allowed to open any tasks on the computer that are executables (exe files).

Much to our dismay, the rogue virus also enables itself while in Safe Mode. What a pain! Fortunately, there is a kink in the armor for this infection. NOTE: This may only be in the one case we came across. Every case can be different.

Here are some steps you can take to rid this infection from your machine. Perform these steps at your own risk.

1. Boot up in Safe Mode With Networking. This is accomplished by pressing F8 at startup.

2. Log in as the Administrator account.

3. Disable System Restore.

4. Download the newest version of Malwarebytes. Install and update, then perform a quick scan. Remove the infections. Do not reboot until performing step 5.

5. Download the newest version of Kaspersky’s TDSSKiller. Install and scan and remove the root kit. Reboot.

6. Boot in Normal Mode, and log into your account.

7. With our case, we noticed that no EXEs would run.  We’d get an error on Windows 7 stating that the application could not be found.  You’ll need to download a registry fix that will fix all of the exe associations. This page will have the fix for all Microsoft OS. Windows 7 can use the Vista fix. The easiest thing if you cannot download it (since your browser likely will not work), is to log in again as the administrator account, and download the file to the C: drive somewhere.

8. While logged into the infected account, unzip the downloaded file, and double-click the .reg file. After the .reg is successfully imported, you can now open your programs.

9. Finally, make sure your anti-virus program is up to date. This infection appeared to have been released before the anti-virus definitions have been released.

As we always say about anti-virus…it is only as good as yesterday’s virus. It’s always the cat and mouse game. Hopefully, our tip will save you the hours and aggravation of reformatting.