Thursday, September 18, 2008

Security Tip - Renaming Tools

Some malware is smart enough to recognize its enemies. I ran across one of these this week cleaning up an infected PC. The PC had a recent version of the Spybot anti-spyware tool (www.safer-networking.org/en/index.html) on it so I started that up to run a scan. Nothing happened. I tried again but still nothing.

So then I downloaded Autoruns from Sysinternals (technet.microsoft.com/en-us/sysinternals/default.aspx). I started that up and again nothing happened. So what can you do when you can't even open your tools to try to get rid of some malware?

In this case, I renamed my tool and ran it under the new name and it worked. The executable at the core of the Spybot version I was using is a file called "spybotSD.exe". I renamed it to some arbitrarily chosen name. I called it "bobo.exe". Then when I double-clicked on that file I just renamed, it opened the Spybot program. I ran my scan. It found the malware and removed it.

So if it seems like one of your scanning tools isn't working, this is one thing to try. Be careful out there.

No comments: