Monday, 9 January 2012

Virus compromised Windows – new admin account work-around

I have seen far too many computers compromised by a Trojan virus that mimics legitimate antivirus software. Whereby the antivirus imitation program often disables all facilities of Windows (utilizing something called Shell Hooks) where you can’t open web pages, files, programs, or anything to any significant degree, because the mimic program interferes and offers to, “Buy me to get rid of me”
I known someone who did give their credit card number, guess what, it didn’t remove the malware… Figures.
The best way to fix this problem is by installing a legitimate antivirus program and running a full scan of the system. One I would most recommend is “AVG Free Basic” available at
Note: CNET’s contains a plethora of advertisements. And often those Advertisements themselves mimic download links to guess what!? a trojan that mimics a legitimate antivirus software. Always be mindful of what you are downloading.
Now… To accomplish this though, you will need to gain control of your system. Particularly your web-browser – which is a luxury you do not have. However, there is a “work-around” I like to use that works more often than not and allows you enough time to get online, get a legitimate anti-virus program, and scan away the malware.

New Admin Account Work-Around

  1. (Windows Key) [] + [R]   -> to launch the Windows Run Dialog.

  2. Type in “control userpasswords2” and press OK

  3. Click Add… to add a new Administrator account to the computer
  4. Be sure to choose a simple Username and Password, as well, ensure the account type is selected as Administrator, clicking Next and Finish until completed.
  5. (Windows Key) [] + [L]   -> to switch user accounts, switch to the new account you created.
In most cases new accounts are not completely inundated with Shell Hooks and should provide you with enough functionality to download, install, and run an antivirus or anti-malware program.

USE EXTREEME CAUTION – even when opening the browser. The existing malware may appear unsuspectingly (especially when you open the browser). DO NOT MINDLESSLY “OK” ANYTHING as any unsuspecting prompts may be related to the malware itself.

I hope this helps, Regards,


Page Hits