Five (5) years ago, Katrina devastated the gulf coast. And in the world of "unintended consequences", the resulting rapid increase in gas prices pushed my wife to start using one of the remote Access software solutions on the market. The job she used it for was a part time one that required a bit of a commute and with gas over $3/gallon, it was not economically feasible to drive to this job. But it was very feasible to use one of these products that cost only a few dollars a month to do the job.
I liked what I saw, especially the fact that she was able to set it up herself (she is a paralegal) with minimal help from me. So I contacted my customers and proposed a mutually agreeable solution for them to also use it (and pay the minimal cost). They agreed.
And it has been rewarding for me as well. I can better serve them, and cut their costs (and mine) at the same time. And so I decided to also use it to help my mother and her sister with their forays into computers. Although my mother was working on computers before almost anyone reading this was born, she is not very savvy when it comes to the "wee ones". And since they live 1000 miles away, it has helped me immensely as I do not have the time to run down there for every problem they encounter.
A long way to get to the situation this weekend. MY mother got infected with that damn malware that wants you to pay THEM for infecting YOU. How she got infected is immaterial (this year, I have cleaned over a dozen computers, and there is no common factor).
The malware comes in many flavors, so there is no "one way" to follow to clean it. And of course the more recent version disable everything, so it is not easy to find out what it is by looking at processes (disabled) or services (disabled). But! These remote access software solutions allow you to remotely access not only the computer management, but also the running processes and registry! Sweet!
And so far, they have not deactivated the remote access software (although they claim it is infected). So I was able to get in, observe the running processes, locate the bad software and then rename it surrepticiously (from my console, not the remote host). I was able to kill the process, reboot the computer, scan the registry and remove all references to the malware. It took awhile, mostly because this was my first time using the remote access software for such a purpose. But it did not take too long and in reality, was a lot quicker than doing the old (and not always working) safe mode de-installation.
I love this remote access software! I do not mention the brand as I know the assholes are out there tweaking their malware trying to make it harder to kill. I had one computer that would not allow even a command line to be opened!
But another tip on this malware. It seems that it always installs itself in the user's profile space. So once you can get into the services/processes/registery, you can do a search on programs running from that directory structure. They are sure to be the infection. And there is usually more than one avenue opened so that eliminating one program does nothing. Eliminate them all.