windows Verifying Malware

Removing ‘Windows Verifying Center’ Malware

 This malware doesn’t appear to be more than a few days old based on the results I was getting from Google. It was time for some creative troubleshooting.
Here is what was happening. When he logged onto his computer he was greeted by this:

Then after a few seconds he would be asked for permission to scan his computer.
The first thing I did was to unplug his computer from the Internet.
At this point there was no way to avoid the software. I tried pressing CTRL-ALT-DEL and invoking the Task Manager and I tried pressing Alt-F4 to try and kill the process. I also tried rebooting his computer and bringing it up into safe mode. That didn’t work either as we were greeted by the same screens and same restrictions.

Note: For those that don’t know, Alt-F4, closes the current window or application. It is a legacy keyboard shortcut that, at times, is a good thing to know.

I proceeded to boot his computer up normally, allowed the malware to “scan” his computer and then when it asked for confirmation to “fix” the problem, I was able to close the software and finish booting into Windows by pressing Alt-F4.

I tried pressing the ‘X” in the upper right corner of the above screen but that didn’t work either. Before the client called me he had tried to “register” the software and fortuntaely for him, his bank was able to block the transaction and called him to warn him that this software wasn’t legitimate.

Anyway, once I was able to get into Windows, the software wouldn’t let much happen. No Internet. No CMD window. No MSConfig. I even tried to install MalWareBytes from my USB stick but it would kill that process too. Everytime I tried to run any of these I’d see the following screen:

I’d exit this screen as well using the Alt-F4 key combination..
As you can see from these screenshots, the software looks VERY legitimate.

Removal Instructions

The way I was eventually able to work around the software and remove it was to do the following:

1. Followed the above steps to bring up the Windows desktop
2. Started the Windows Control panel
3. Brought up the user account control panel item and created a new user with a password and administrator rights.
4. Logged out as the current user and back on as my new user
5. At this point I was able to load MalWareBytes and update it from this new user account. You can either do this by opening your browser and downloading it or by copying it to a USB drive and putting that drive on the infected computer.
6. Run a quick scan and clean the items it found from the computer and rebooted
7. Logged back in as the new user
8. Ran a full MalWareBytes scan and rebooted