I just tidied up one of the nastiest virus infections I've seen in several years. The visual part was "Win PC Defender," which is another one of these malware suites that asks you for money to get rid of it. These are usually distributed in Facebook, MySpace, or IM Chats that point you to a video that requires an update to Flash to play it (or some similar scheme). This is not really an update, just the virus payload. They generally skip through your virus protection because they are not really viruses, they are malware. Thus a product like AVG 8.5 is recommended to help protect you, because it scans for both viruses and malware.

This particular virus contained another payload called a rootkit, that was also particularly nasty. These you have to spot by looking for programs that won't launch and things of that nature, since they are virutally invisible to you through Windows. Luckily, once I spotted it, I pulled the hard drive and scanned it in another machine. AVG made quick work of removing those nasty bugs.

However, the worst part was still to come. This thing had actually uninstalled the Windows Management Instrumentation Service. This is the guy that handles incoming network requests, let's Windows Firewall and Security Center work, and much much more. The fix for this was to reregister the .dll's in c:\windows\system32\WBEM. There are a few sites on Google that can help you accomplish that.

What a nasty little bug!