The interesting part of this is that it claims to encrypt the drive, but really just overwrites the MBR. Much easier, and probably gets them money from at least half of the victims that they would have done anyway.

Wow, who would have thought malware writers would be such low-lifes as to lie to us about their impenetrable security? I thought only marketers did that.

Well, then it sounds like the malware writers got themselves a marketing department.

only people affected by marketers should be affected by these trojans. stay safe and ignore this.

Another reason to employ multiple backup techniques. In this case, raw partition backups would have probably saved a lot of worry (although they wouldn't have got rid of the original vulnerability, which is arguably more important).

Also, by restoring an entire system you cannot be sure you have a dormient virus/rootkit/malware hidden in it.

I backup my basic system (as a txt list of linux packages, in fact) and my data separately also because not all data are worth the same.

Why would fixing the original vulnerability be more important than backups?

Perhaps there is a subtlety I have missed, but if the original vulnerability is not fixed, no amount of restoring backup copies is going to allow your users to consistently access their data. A vulnerable system will inevitably be attacked in exactly the same way, particularly if the hacker is keeping a log of which systems have been compromised but not unlocked online.

amen to that. Makes me wonder if I should finally invest in online backup of some sort.

Spent an hour last night on the phone with my Grandpa dealing with a fake antivir called "ThinkPoint". Malware writers are scum.

Ah, yes, I had to remove ThinkPoint from my wife's computer a few weeks ago. It's not that hard, it's just a bunch of work, and requires more knowledge than can be expected from the average computer user. Unfortunately, since I "know about computers", this job is always for me (which doesn't really improve my mood, or my opinion of Windows, to say the least).

I do wonder how this malware got on the PC, since she is usually careful, doesn't use IE, doesn't download any weird stuff, runs Windows Update regularly, etc.

Just this weekend I helped remove a trojan from a friend's Win7 PC which Antivir did not detect. It put itself in the registry and autostarted. From there it set a system proxy to 127.0.0.1:40521

What it did with my friend's data, I can only suspect. But it was one of those days that I'm glad that I use different flavours of Unix since ten years. Using Windows (for anything) just seems so naive to me.

The last remaining Windows box I had suffered the same fate, and when I had finally finished removing the worm, I made a decision never to use Windows again.

It's not that it can't be secured, but it's the most targeted platform, thus making it a part-time job to keep it secure.

Remember the day when Anti-Virus worked?

> Remember the day when Anti-Virus worked?

Actually nope. Back in the day on DOS 6 I had Microsoft AV and like half a dozen virii on every other floppy disk. Did it ever work?

Plus: I don't get the most targeted platform thing. Everyone says that since decades, but Macintosh now is a major player in consumer hardware and Linux/Unix is on more servers than Windows. So why is Windows the most targeted platform? I guess, because "it can't be secured". Sorry, nhangen(;

OK, well I believe you. I'm just not an AV expert, so I don't want to pretend to know anything in that realm. All I know is that my Windows box always has worms, and I'm not an idiot when it comes to protection...that's a big issue.