Arrow-SEO logo
  • Busted!  Please don't poke around Spock's brain.
  • Lost?
  • Wrong channel?
  • Let's just take a look here...
  • Ouch!


You've found Spock's Brain!

Please, have a cookie.
Likely you've dropped by because of our post on...


Getting Rid of Solution Real Malware / Adware  


A client came to Arrow-SEO just after the first of the year with a real pernicious piece of adware (though to me it truly is malware) in one of their laptops, making both Chrome and FireFox unusable. Normally a browser problem is an annoyance, so this piqued my curiosity; what could be so bad in a browser that it warranted immediate action? To compound the problem, it's the busy season for this business, and the client needed the PC back desperately. So, with a loner under one arm, I sent them out with a band-aid and a lollipop and set to work on the problem. And, man, what a problem.

First some details. The particular malware is from an outfit called Solution Real, basically coupon / offer adware. Or so it claims.

This was a Windows 7/64-bit laptop from a reasonably paranoid client. These are not the type of people to go galavanting across the internet with their cookies on, they avoid IE like the plague, and they never click on eMail links blindly. We state this because it could not be determined precisely how the malware got installed. We've surmised that this has something to do with the "click via touchpad" option on Windows 7 (as well as OSX and most Linux DEs). We guess that an accidental brush was the cause. Our point being, disable "click via touchpad" on your laptop. It can only lead to trouble.

So I started the laptop. I launced a browser (probably Chrome). I saw --
WHOA!
No wonder they couldn't work...
Banners rolled! Frames flashed! Windows followed the mouse pointer, scrolling tracked! All it lacked was John Travolta in a white leisure suit to label this virus "Saturday Night Fever!"

Running anti-virus scans are always the first order of business, but after serveral passes where both (the free versions of) Malware Bytes and Avast could identify and quarantine the bad files, Solution Real would reinstall itself, and the daemon processes would respawn in seconds. Like a bad horror movie villain, this sucker just would not stay down!

"Get on with the show!" Right. Enough preamble. This worked for me, but I make no claims and offer no warranties. Your mileage may vary, side-effects may include shortness of breath, decreased/increased appetite, blah blah blah, etcetera etcetera. Here are the steps to...

Erradicate Solution Real

Sorry, no pictures.

Before following the steps, login to the PC's Admin account. This should be one set up as the "master" or most senior-level account. Ready?

  1. Click on the Start Menu button and in the search box type:
    cmd
    The item will appear in the menu above the search box.
  2. Right click on the 'cmd' icon, and choose 'Launch as Administrator.'
    The command terminal will then appear. (It's one of those scary black and white, text- only computer boxes you see in movies like "War Games" or "The Matrix.")
  3. In the cmd terminal, type:
    net user administrator /active:yes
    ...and hit 'enter.' (This is refered to as "running" the command.)
  4. Close the cmd terminal and log out of the "Admin" account.
  5. This will take you to the main login screen where you should see
    • all the regular user accounts
    • the "Admin" account you just logged out of
    • and a NEW account calld ADMINISTRATOR(s)
  6. Log in to the new ADMINISTRATORs account.
  7. Once the account is fully loaded, disconnect the PC from the internet. This may require pulling an ethernet cable, disabling networking, or turning off wifi.
  8. Launch the 'cmd' terminal 'as Administrator (detailed above).
  9. You need to change diretories (folders) to the main Solution Real directory. To do that run:
    cd "C:\Program Files (x86)\Solution Real"
    dir
    The 'dir' command will print a list of the files that are in the Solution Real directory. You're about to delete most of these, so keep a rough idea of how many files are in there.
  10. Run the command:
    DEL *
    dir
    The 'dir' command should show alot fewer items this time. But there are still some hangers on. These are the really nasty files!
  11. On each of the surviving items, run
    TAKEDOWN /F filename
    (where filename is the name of each file).
  12. In case you're lucky, run:
    DEL *
    dir
    This will likely not delete the files, but it's worth a shot.
  13. Leave the command terminal open, go back to the Start Menu search box, and type and enter "services.msc" to launch the Services Monitor window.
  14. Also in the search box, enter "task manager" to launch the Task Manager window.
  15. In the Task Manager, look for (any) processes named:
    • Solution Real
    • Solution Real64
    Right click to end or kill both of those. They should respawn, so do not worry if they do.
  16. Leaving that window open, head to the Services Monitor window and look for the service called:
    • Util Solution Real
    • and for that matter any service with
    • Solution Real in the name
  17. Right Click on each of the named services and open the PROPERTIES window.
  18. In the PROPERTIES window, click on the "General" tab.
  19. Click on the pull-down menu titled "Startup Type."
    (This will reveal selection options Automatic; Automatic {Delayed}; Manual; Disabled.)
  20. Select:
    DISABLED
    for ALL Solution Real services.
  21. Repeat step 12. If the tasks do NOT respawn, proceed. If not, check the above steps.
  22. Run at least two (2) FULL passes of Anti-Virus software, preferably from two different AV suites.
    NOTE: The PC may need to be reconnected to the internet for the AV suites to work.
  23. Quarantine then delete anything from Solution Real.
  24. In the 'cmd' terminal, run:
    cd "C:\Program Files(x86)"
    dir
    And look for the Solution Real directory (folder). It should be GONE.
  25. Reboot and check (as described above) whether Solution Real has returned in:
    • C:\Program Files(x86)\Solution Real
    • Task Manager
    • Services Monitor
  26. If no signs of Solution Real are detected, launch 'cmd' 'as Administrator' as desribed above.
  27. In the 'cmd' terminal window, run:
    net user administrator /active:no
    On the next reboot, the "Administrator(s)" account should no longer be present on the main login window.

All told, figuring this out on the fly, it took me around 4 - 5 hours. There may be quicker ways to tackle this too; this was the path that worked for me, so I pass along the route. Hopefully these steps will help you save time.
Thank you for stopping by!