You've found Spock's Brain!
Please, have a cookie.
Likely you've dropped by because of our post on...
Getting Rid of Solution Real Malware / Adware
A client came to Arrow-SEO just after the first of the year with a real pernicious piece of adware (though to me it truly is malware) in one of their laptops, making both Chrome and FireFox unusable. Normally a browser problem is an annoyance, so this piqued my curiosity; what could be so bad in a browser that it warranted immediate action? To compound the problem, it's the busy season for this business, and the client needed the PC back desperately. So, with a loner under one arm, I sent them out with a band-aid and a lollipop and set to work on the problem. And, man, what a problem.
First some details. The particular malware is from an outfit called Solution Real, basically coupon / offer adware. Or so it claims.
This was a Windows 7/64-bit laptop from a reasonably paranoid client. These are not the type of people to go galavanting across the internet with their cookies on, they avoid IE like the plague, and they never click on eMail links blindly. We state this because it could not be determined precisely how the malware got installed. We've surmised that this has something to do with the "click via touchpad" option on Windows 7 (as well as OSX and most Linux DEs). We guess that an accidental brush was the cause. Our point being, disable "click via touchpad" on your laptop. It can only lead to trouble.
So I started the laptop. I launced a browser (probably Chrome). I saw --
WHOA!
No wonder they couldn't work...
Banners rolled! Frames flashed! Windows followed the mouse pointer, scrolling tracked!
All it lacked was John Travolta in a white leisure suit to label this virus
"Saturday Night Fever!"
Running anti-virus scans are always the first order of business, but after serveral passes where both (the free versions of) Malware Bytes and Avast could identify and quarantine the bad files, Solution Real would reinstall itself, and the daemon processes would respawn in seconds. Like a bad horror movie villain, this sucker just would not stay down!
"Get on with the show!" Right. Enough preamble. This worked for me, but I make no claims and offer no warranties. Your mileage may vary, side-effects may include shortness of breath, decreased/increased appetite, blah blah blah, etcetera etcetera. Here are the steps to...
Erradicate Solution Real
Sorry, no pictures.
Before following the steps, login to the PC's Admin account. This should be one set up as the "master" or most senior-level account. Ready?
- Click on the Start Menu button and in the search box type:
cmd
- Right click on the 'cmd' icon, and choose 'Launch as Administrator.'
The command terminal will then appear. (It's one of those scary black and white, text- only computer boxes you see in movies like "War Games" or "The Matrix.") - In the cmd terminal, type:
net user administrator /active:yes
- Close the cmd terminal and log out of the "Admin" account.
- This will take you to the main login screen where you should see
- all the regular user accounts
- the "Admin" account you just logged out of
- and a NEW account calld ADMINISTRATOR(s)
- Log in to the new ADMINISTRATORs account.
- Once the account is fully loaded, disconnect the PC from the internet. This may require pulling an ethernet cable, disabling networking, or turning off wifi.
- Launch the 'cmd' terminal 'as Administrator (detailed above).
- You need to change diretories (folders) to the main Solution Real directory.
To do that run:
cd "C:\Program Files (x86)\Solution Real"
dir - Run the command:
DEL *
dir - On each of the surviving items, run
TAKEDOWN /F filename
- In case you're lucky, run:
DEL *
dir - Leave the command terminal open, go back to the Start Menu search box, and type and enter "services.msc" to launch the Services Monitor window.
- Also in the search box, enter "task manager" to launch the Task Manager window.
- In the Task Manager, look for (any) processes named:
- Solution Real
- Solution Real64
- Leaving that window open, head to the Services Monitor window and look for the service
called:
- Util Solution Real and for that matter any service with
- Solution Real in the name
- Right Click on each of the named services and open the PROPERTIES window.
- In the PROPERTIES window, click on the "General" tab.
- Click on the pull-down menu titled "Startup Type."
(This will reveal selection options Automatic; Automatic {Delayed}; Manual; Disabled.) - Select:
DISABLED
- Repeat step 12. If the tasks do NOT respawn, proceed. If not, check the above steps.
- Run at least two (2) FULL passes of Anti-Virus software, preferably from two different
AV suites.
NOTE: The PC may need to be reconnected to the internet for the AV suites to work. - Quarantine then delete anything from Solution Real.
- In the 'cmd' terminal, run:
cd "C:\Program Files(x86)"
dir - Reboot and check (as described above) whether Solution Real has returned in:
- C:\Program Files(x86)\Solution Real
- Task Manager
- Services Monitor
- If no signs of Solution Real are detected, launch 'cmd' 'as Administrator' as desribed above.
- In the 'cmd' terminal window, run:
net user administrator /active:no
All told, figuring this out on the fly, it took me around 4 - 5 hours. There may
be quicker ways to tackle this too; this was the path that worked for me, so I pass
along the route. Hopefully these steps will help you save time.
Thank you for stopping by!