This is a rewrite of a bulletin I put out in March of 2009. I still find this to be a common issue which I feel needs addressing.
Recently, a slew of my friends, family, co-workers, and just people on the street, have come to me with the same question: “I think I have a ton of viruses, how do I fix it?” The simple fact is: you probably don’t have a ton of viruses!
Antivirus 2009/2010 (looks like Windows Security Center) and Antivirus 360 (looks like Ad-Aware) are new POP UP PROGRAMS, usually contracted while surfing the internet – even on legitimate websites. This anti-virus lookalike program will pop up with the sole purpose of making you panic, telling you that you need to click to fix the problem NOW. If you then click the “REMOVE ALL THREATS” or “FIX THIS NOW.” If you’re lucky, at this point, it will ask you to BUY their “special” virus and “mal-ware” removal program.
If you’re unlucky, it will actually start to install a virus on your computer. It LOOKS like it is there to help, warning you have several viruses, but when you click on the banner to “fix this problem” you are actually installing the very bad payload, which is, itself, a virus. The virus then disables your ACTUAL anti-virus program (if you have one); it blocks the ability for your antivirus program to retrieve updates capable of fixing this problem. All in all puts you in a very deep hole of problems.
What you need to know: If you did not tell the computer to do a virus scan, and suddenly it pops up and says you have dozens or even hundreds of viruses, it is one of these FAKE pop ups! No doubt in my mind. Most Virus Scanners can find one or two viruses when they’re running their automatic scans in the background. If you did not start a manual Full System Scan, your computer will never tell you that you have 300+ viruses – it can’t find that many without doing a manual scan. So if something ranomly tells you that you’re sunk, don’t panic, take a deep breath and laugh it off: you already know their tricks!
If one of these pops up on your computer: your safest practice is to immediately save anything you are working on, and restart your computer. Do not try to close the window that is alerting you of all of the viruses; shutting down the computer will close the pop up. If it does happen to be a legitimate problem or something is actually installed on your computer, and it will pop back up next time you turn on the computer. If it does not come up after a restart – it was likely nothing more than one of these fake pop ups, and nothing has been installed on your computer!
I personally dealt with one of these pop ups, recently, where even when you clicked the “X” in the top right, to close the program, it refused to exit. It would say “are you sure you want to close” then as soon as you clicked “YES” – another window popped up with the same “virus alert!” It is trying to trick you in to clicking the wrong thing, thus installing the “payload” which could do anything from causing the computer to go slow by infecting other computers, to stealing files off of the computer, to even crashing the whole thing, requiring a complete rebuild. That is why I recommend immediately shutting down and/or restarting the computer.
If you have accidentally “installed” one of these “antivirus” programs, in an attempt to solve the problem it created, you might not be entirely out of luck, as the website MalwareBytes.org has an anti-malware “removal tool.” At this time, it is the only recommended removal software I have come accross, earning recognition from several “tech” websites as the best possible solution to those who may have clicked on a fake anti-virus banner, next to wiping the computer clean and rebuilding it.
Above, I have included a few “screen shots” of what these fake antivirus programs might look like, these are only a few variants, there are literally dozens popping up (no pun intended) right now.
Thanks for reading, I hope it was more “edu-taining” than jargon heavy gibberish!
If you’re really interested in the technology part, check the ISC’s article.
