To the untrained professional this might sound like these people are covering up for the fact that they are embarrassed about having a virus, as if the only way they could have contracted one was by visiting questionable web sites.
But I happen to know better.
There are MANY innocent ways to pick up a computer bug and what I’m going to write about here is currently one of the most common… Rogue Antivirus.
How did THAT get on there?
Think about pop-up ads. We see them all the time on the internet and think nothing of them. Whether it’s our local newspaper web site, favorite music download spot or major retail store - we simply close them and move on.
This is the exact same method that the evil virus people use. The only difference is, their pop-up window isn’t an ad. Instead, it’s an ominous warning that looks exactly like a legitimate virus software product telling you that your computer has been infected.
Here’s one example:
Now, here’s where the problem begins. If you were to simply do nothing and close your browser screen you would most likely be fine and virus-free. But since this kind of warning looks so legitimate, many people choose to click either the “Remove All Spyware” or the “Ignore” button, which then triggers the actual virus to download and execute its installation onto your computer. By the way, it doesn’t matter which button you choose, the “Ignore” button will install the virus as well.
At this point you may even be reminded by Windows that you’re about to install an executable program that could contain a virus, but since we’re so programmed to click “Ok” every time we install something in the first place, we choose to ignore this warning and continue. “Besides,” you’re thinking, “ how else am I supposed to get this virus removal program updated so it can clean off the virus it says I have?”
Of course once you execute the fake virus removal program it’s too late. Your computer is infected for real.
Why didn’t my virus protection catch it?
Because, the first it time was presented (as the fake virus protection screen) it was just a harmless “pop up” and not an actual virus. It didn’t become a virus until you clicked on one of the buttons and authorized it to download the virus onto your computer. THAT’S why this one is so tricky!
So how do I know I just ran a fake virus program if it looks real?
The first way you know is because your gut will tell you that something went wrong. We don’t normally get presented with a warning that we have a virus so our first instinct is to follow the directions we’ve so conveniently been presented to remove it. And that’s how the virus people are hoping we will react. If we slow down and check some things out before we click the “Remove all spyware” button like the one on the example above, we will discover that the program we are looking at is not actually the same program we are using for our virus protection (i.e. Mcafee or Norton). So far, no fake virus program I’ve seen has been good enough to mimic the actual screens of the product you have installed.
The next way you’ll know you’ve run a fake virus program is because your computer will start acting up… usually within a few hours to a couple of days. After that you won’t even be able to use your computer because the only thing you’ll be presented with are more fake screens. And left untreated, your computer will no longer even boot up and may eventually get to the point where the only cure is a full blown reinstall of the operating system. Yuk.
What do I do now?
If you encounter some version of the fake antivirus program I’ve describe above you should follow these steps immediately:
1. The FIRST thing you should do is close your internet browser. Then open up your “real” virus protection software and check to make sure it is up to date. If not, run the updater (if you can) to get its current definitions. This, of course, is assuming you actually have something like McAfee, Norton, Microsoft Security Essentials or AVG installed and running on your system.
2. Next, unplug your Ethernet cable and disable your wireless connection. You need to do this because the longer you are connected to the internet, the more damage the virus can do. The initial install of the virus has most likely opened up a direct port to a malicious server that will continue to download nasty things onto your computer. If you disconnect the internet you can minimize that possibility.
3. Run your actual virus protection software. If you haven’t waited too long and you have decent software, it should catch the bug and zap it.
4. If your software isn’t fixing it, or worse yet won’t even run, then the virus has probably dug itself in too deep and you’ll need to take more extreme measures to remove it. Some people have luck finding their own solution on the internet and other people choose to have it fixed professionally. The level of success you’ll have is directly related to the length of time you’ve let the virus run rampant. By far the easiest computers I’ve cleaned are the ones where the customers have simply hit the power button and turned off their computer the first time they suspected the infection. In other cases where they’ve waited too long, I’ve had to deliver the bad news that their only option is a total reformat. Again, yuk.
So hopefully this article will help prevent at least one person from getting this nasty virus in the future. However if it does manage to happen - by all means don't be embarrassed. These people have spent years figuring out the best way to trick us... and millions of people fall for it every day.
Happy, safe computing!
for more tips on keeping your computer safe check out the Virus Stompers safety survey here