Fake Antivirus Programs – Don’t Go Phishing
When I’m not writing this column, my main occupation is computer service and repair. My clients come to me for a variety of issues, some hardware-related, some software-related. One frequent cause of discontent with their machines is malware infections, and these days, you can get contract an infestation by trying to keep your computer clean. Sound confusing? Don’t worry; you’re not the only one who might think so. It should be noted that this article applies to Windows PCs only – Apple Macs aren’t nearly as susceptible to this type of malware attack – I’ll delve into the reasons why in a later column.
A new breed of malware is on the up rise, and it relies on its victims’ good intentions to propagate. If you have ever been on a website and suddenly, a window appears that warns you that your computer is infected with all sorts of badness, chances are that you are about to fall victim to the insidious culprit, otherwise known as a “phishing” attack. This social engineering method opens a window that looks very legitimate, and touts itself as “Personal Antivirus”, “Windows Antivirus”, or some other seemingly helpful program trying to warn you about the many infections it has located on your computer. (For a more complete listing, go to https://www.spywarewarrior.com/rogue_anti-spyware.htm) This is actually a browser window, cleverly disguised as a program installed on your computer. If you see something like this open, kill your browser. That is, close all instances of your web browser (Internet Explorer, Firefox, etc), and the best way to do so is through the Task Manager, accessible in Windows by pressing the “Control”+”Alt”+”Delete” keys on your keyboard. You can then kill the open task and this will safely stop the running program. If you are so unfortunate as to have clicked on the “Scan Now” button on the window, this is what delivers the virus payload, and your computer, while it seems like it is scanning for the malware, is actually installing the malware on your computer.
What do you do now? Well, for one, stop using the computer. As soon as possible, shut it down and get ready to start it up in “Safe Mode”. Safe Mode allows you to run Windows with the bare minimum of processes necessary and is sort of a debugging mode that can be helpful when you’re trying to identify programs on your PC. To start your computer in Safe Mode, restart the machine, and then start pressing F8 on your keyboard. You can stop when you see the Safe Mode menu appear, where you will be presented with a number of choices. The one to use is “Safe Mode with Networking”, which will allow you to connect to the Internet or other network machines while in Safe Mode. The reason we want this is we are about to download a program that is very effective at removing infections such as these: Malwarebytes (https://www.malwarebytes.org). The free version works great, and once downloaded, just go with the default options during the installation. This will update the program with the latest malware definitions and run the program once the installation completes. When the window opens, click “Scan Now” and let it run. Anything it finds will be ready for you to remove when it’s done. The “Quick Scan” option is selected by default, but you can also run a “Full Scan” if you feel the need to be extra safe.
If you’ve already fallen victim to this type of malware and let it run, chances are things might be too far along where Malwarebytes isn’t going to fix all your problems. This type of malware can reroute your Internet connection through a “proxy server” and when you try to download Malwarebytes you can’t even get to the page or download the updates. Should you encounter difficulties beyond what I’ve explained here, you’ll probably need some professional help in getting your computer back working right. The easiest and best fix (in my opinion) is a complete reinstallation of Windows after you back up your crucial data. For any help, feel free to contact me through my company, Bayou Technologies (https://bayoutech.wpengine.com).
