This malware started with a self-deleting dropper program and runs mostly via Windows Powershell. Best protection against this type of malware is to get something similar to NoScript (for FireFox) or similar for Chrome.
Some advice from a speech I use on a different forum:
Keep Windows UpdatedMicrosoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.
[/b] and then click
Control Panel.[/*]
[*]Click on the
View by: in the upper right corner and select
Large Icons (you can change this back later if you like).[/*]
[*]Scroll down and click on
Windows Update.[/*]
[*]Click on
Change settings.[/*]
[*]Under
Important Updates, click on
Install updates automatically (recommended).[/*]
[*]
Select (click on) the other options on this page.[/*]
[*]Select a
day and time to have windows install the updates.[/*]
[*]Click on
Ok to change the settings.[/*]
[*]If you want to change the view of the Control Panel display, click on the
View by: in the upper right hand corner and select an option you prefer.[/*]
[/ul]
Keep other Important Programs UpdatedAlong with keeping Windows updated, it is a good idea to keep
important programs updated.
Java and Adobe Reader both need to be kept
updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.
JavaMost security experts and the
US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this
here and
here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.
To disable / unplug Java in your browsers:[/b][/font][/a][/*]
[*]
How to unplug Java from the browser[/*]
[/ul]
To uninstall Java (on Win7):[/b] and then click
Control Panel.[/*]
[*]If you need to, click
View by: and select either
Large Icons or
Small Icons.[/*]
[*]Click on
Programs and Features.[/*]
[*]Scroll down until you find
Java and click on it to select that program.[/*]
[*](Older versions of Java may appear in the program list as
J2SE, Java 2, Java SE or Java Runtime Environment.)[/*]
[*]Click
Uninstall.[/*]
[*]
If more than one version of
Java shows in your program list, you should
repeat the selection and uninstall until all of them are removed.[/*]
[/ul]
To check for the latest version of Java and installation steps:[/a] and click on
Do I have Java?.[/*]
[*]On the next page, click on
Verify Java Version.[/*]
[*]If you get a security pop up entitled
"Do you want to run this application?" with the
Name: Java Detection and
Publisher: Oracle America, Inc., click
Run.[/*]
[*]
Follow the recommendations (if any) on the results screen.[/*]
[*]
If there is a new version (or none at all on your system), there will be a button on the page showing
Agree and Start Free Download.
Click on it to update or install Java.[/*]
[*]The site will start a download of
jxpiinstall.exe.
Save the file to your desktop.[/*]
[*]When the download is finished,
close your browser.[/*]
[*]
Right click on the
jxpiinstall.exe and select
Run as Administrator.[/*]
[*]On the opening window,
check Change destination folder and then click
Install>.[/*]
[*]The program will now download the rest of the files needed to install Java.[/*]
[*]On the
Destination Folder window, click
Next>.[/*]
[*]On the next window,
the install will present you the option of adding additional software (this is known as
Foistware).[/*]
[*]
Uncheck the Set and keep Ask as my default search provider.[/*]
[*]
Uncheck the Install the Ask Toolbar.[/*]
[*]Click
Next> to finish the install.[/*]
[*]
When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.[/*]
[/ul]
Adobe ReaderAdobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is
Sumatra PDF.
To update Adobe Reader:[/b][/font].[/*]
[*]Click
Help and then click on
About Adobe Reader from the menu list.[/*]
[*]If the version is
11.0.04 then you are up to date. If it is less than this and you are keeping
Adobe Reader, you should
update to the latest version.[/*]
[*]The best place to get
Adobe Reader is from
Adobe (click on Adobe to go there now).[/*]
[*]Click on
Download in the menu bar on top of the Adobe web page.[/*]
[*]Click on
Adobe Reader in the list on the right hand side of the page.[/*]
[*]On the next page,
click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is
NOT marked (this is another example of
Foistware).[/*]
[*]Click the
Install Now button and follow the directions on next page.[/*]
[*]
If you are prompted to
Save the installer file, choose to
save it to your desktop. Once it is saved,
right click on the file and select
Run as Administrator.[/*]
[*]When the installation is finished, you can delete the installer file on your desktop.[/*]
[/ul]
Consider a program that will check for out-of-date programs on your systemSome programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like
Update Checker from FileHippo.com (you can get the software from
here and read more about it on the same page).
=== options ====Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
Also, consider adding
MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the
free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it
updated and run a scan with it once a week.
Lastly, if you use
Firefox as your main web browser, consider adding the
NoScript and
AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.