A day does not go by that I do not read about, and/or have someone contact me about, the FAKE anti-virus software or FAKE anti-spyware software programs that are rampantly infecting people’s PC’s.
It seems that the designers of these rogue and malicious software programs have found their niche on the underbelly of the internet and are apparently too criminal in nature to use those talents to benefit the good of the internet. What they are doing, in essence, is breaking into your PC, with criminal intent to extract something from you (through extortion and ID Theft). It is really no different than someone breaking into your home.
The rogue anti-virus software and anti-spyware software I am referring to is the type where you are on the internet and all of the sudden an alert pops up informing you that your PC has been infected by a virus or spyware; OR you turn on your PC and find that your desktop background is gone and a message is displayed indicating your PC is infected. The alerts look very official and real, and will even replicate a Microsoft Security alert or a brand name security product. The objective is to scare you into buying something that you think is real. Most people attempt to close the rogue application and the problem only worsens and becomes a nuisance that will not go away. If you are seeing it on your screen, you have already been infected. I’ve seen the infection of these things actually snowball and increasingly get worse. As a matter of fact, even after cleaning a PC of the infection, I personally would be real hesitant in putting out any personal information (i.e. credit card, banking, passwords) until I was absolutely sure that all remnants have been eradicated. Removal of these rogue programs are very difficult.
How is this happening to people?
It is happening by the “click” of the mouse through a variety of channels. It all happens pretty much the same way, no matter the channel. The user interacts, the system becomes infected with a Trojan downloader (that connects to the internet and downloads other Trojans) and/or becomes infected with a Trojan dropper (a program designed to install malware such as FAKE software). The common channels for malware are:
- Spam, Chain and Scam Email
- Search Engine Results (that leads to an infected “hacked” web page)
- Porn Sites
- Gaming Sites
- Software Pirating Sites
- Screensaver and Wallpaper Sites
- Community Social Sites
- File Sharing
- Shady Forums
- Instant Messaging
What can be done to prevent or stop this?
- Using the list above, avoid any site or service that is not credible or morally wrong OR any site or service where you are randomly and directly interacting with other people (that you do not know). I know this may sound rather drastic, but believe me, it works!
- Monitor the internet activity of your children and set firm rules and limits. The majority of infections occur in households where children and teenagers have very liberal access to the internet; AND please do not be lured by the myth that our children are computer savvy. Don’t let the children teach you; educate yourself and teach your children.
- Ensure your PC is equipped with at least the basics of layered protection (i.e. firewall is “on”; windows updates are maintained; anti-virus, anti-spyware, and anti-malware are installed, etc.).
What resources are there available to remove these infections?
If it is obvious that your PC has been hooked by one of these FAKE anti-virus or anti-spyware alerts, the first thing I tell people is to write down what they are seeing on the screen (i.e. name of the software, is there an icon showing up in the taskbar tray, etc…). It is imperative to identify and describe the issue in order to research and find credible removal instructions. The second thing is, do not attempt to use your mouse to interact with the alert. Shut down your PC and if connected to a network, unhook the network cable. Contact your tech support person; or if you are technically savvy, research the issue for removal instructions using another PC.
The resources that I use to educate myself and assist other people with the removal of these FAKE anti-virus and anti-spyware are:
S!Ri.URZ – Use this blog site to search for and identify what you may be seeing on your screen. If you are successful, you will be instructed to use a program called SmitFraudFix to remove the infection.
SmitFraudFix – Tool utilized for the removal of a variety of the FAKE malware that we are now being bombarded with.
Spyware Techie – Another blog site that will assist you with searching for and identifying malware
Microsoft Malware Protection Center – A Microsoft blog dedicated to researching malware and providing detailed statistics and graphs of what is going on out there.
Malwarebytes Anti-Malware – Can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect. Can download and use for FREE. The realtime protection, scheduled scanning, and scheduled updating is not activated in the FREE version. I have this installed on my PC and I periodically run the scanner as part of my normal maintenance routine.
SUPERAntiSpyware – Detect and Remove Spyware, Adware, Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits and many other types of threats. A FREE and Professional version are available. I also have this installed on my PC and I periodically run the scanner as part of my normal maintenance routine.
Tech Thoughts – Awesome source for Security and System Tools and Tips. Software Reviews, News, Views, Downloads and Links. If something out there is a threat to us all, Bill will be writing about it.
Tech-for Everyone – Another awesome source for how-to’s and tricks & tips and general computing advice.