Well, there is a new fun ransom-ware (Buy our anti-virus/backup software to "Fix" your machine) out there. This particular virus was found on a machine today for the first time where it popped up on the user. The machine was in an office environment and the user had claimed to have noticed this after opening a PDF file. Looking at it, the machine is 100% updated for Windows updates BUT is using Adobe version 10.1.7, so a bit out of date there. The newest recycled thing for viruses to do lately is disable your ability to open windows Task Manager. So we are going to go CMD on this viruses ass.
This one doesn't even give itself a name. It just says your machine needs to be backed up and by clicking "OK" you can go online to do this for free. ComboFix, ADWCleaner, rKill and Avast all don't even notice it running. So if you'd like to shut it down for manual killing I'd suggest the following, minus the " " as usual.
1.) Open a command prompt (Start Menu > Type the letters CMD > Press Enter)
2.) Type "tasklist" - This will list all task manager processes as you will find yourself unable to open using CTRL + ALT + DELETE due to the virus.
3.) Look through your list of processes and identify which is your culprit. One of these does not belong. Mine was named "xnwnna33.exe"
4.) Type "taskkill /im processname.exe /f" - The /im is for Image name and the /f is to force-ably close the image you specified.
Note, this will ONLY shut off the virus process that is running and will NOT remove it for good. You will still need to find the actual offending file(s) and remove them. The virus on the system I fixed the files were located at C:\ProgramData in the form of 3 files. 2 of those files were just executables and 1 was a .pf (prefetch file). Removing these manually and cleaning out windows Task Scheduler resolved issues.
You'll also want to go in under Services.msc and make sure that the Security Center service is not set to disable. If it is, set it back to Window's default of Automatic and then start the service. As usual, when removing infections, run a round of your favorite updated scanners that day and possibly the next just to make sure the Anti-Virus/Anti-Malware guys have caught up to the new infection.
Hopefully this will help someone remove crap like this off there system until the guys at the AV companies update their repository. Happy hunting Gerbils.