It appears that the rogue program, Windows Antivirus is now spreading via emails. Previously, the only way to get it was to click an internet link which took you to an infected site.
But the other day, one of my single clients received an email that appeared to be from a friend with a picture of a girl attached that he wanted him to see. He clicked the link to open the picture and was immediately hit with messages from Windows Antivirus telling him his computer was infected.
This is the first time I've seen an attack via email by the rogue program (though I suppose it was just a matter of time).
Make sure your antivirus software is up to date and if you haven't already, be sure to download and install Malwarebytes AntiMalware (one of the few programs that can successfully remove Windows Antivirus). In addition to these things, be careful not to open emails from people you don't know (especially if they contain links or attachments).
Showing posts with label Windows Antivirus. Show all posts
Showing posts with label Windows Antivirus. Show all posts
Saturday, November 13, 2010
Saturday, November 6, 2010
Be Cautious of Windows Security Alerts
I've shared a lot of information in the past about the dreaded Windows Antivirus program. It's a malware program that has been infecting many of my client's computers over the last couple of years. While the characteristics are the same, the rogue program keeps changing names and getting better at evading removal.
We know that it get's on people's computer while they're surfing the internet. All they have to do is click a link to an infected page and suddenly they find themselves confronted with several pop-up windows telling them their computer is infected.
The problem is that it's impossible to narrow down the web site that is infected, because .... well, countless web pages are infected. Today, I was doing research for my genealogy web site and was searching for genealogical societies in Pennsylvania when I stumbled across an infected site. I thought I would share exactly what happens next so that you can take proper steps to remove the rogue program before it infects the rest of the computer.
So as I mentioned earlier, I was searching Google for "genealogical societies in Pennsylvania" when I stumbled across the search result below.
Now if I had been paying better attention, I never would have clicked on the link because several things stood out as red flags just looking at it. But I was in my 4th hour of research by that point, hungry, and blurry eyed, so I just clicked away! Big mistake!
Looking at the image above, two things stand out (circled in red) that I should have paid closer attention to before clicking the link. The first one is the yellow exclamation point (top right). This was Norton warning me that this site is not safe. The second red flag is the actual link of the site (also circled). I'm searching genealogical societies and the link starts out: italiaclubprive.com. That should have been a huge flag if I had been paying better attention.
None the less, I missed the red flags and clicked the link. Next I was confronted with the following warning message.
Having seen the Windows Antivirus more times than I can count, I recognized this warning message immediately and tried to Cancel it. As expected, that caused several more pop-up messages warning me my computer was infected and that I should click OK to fix the problem. Every time I canceled the prompts, I was hit with more and stuck in an endless loop of warning messages.
This particular rogue program isn't a true virus in the way other viruses work. This program is very malicious and tries to extort money from you by scaring you into believing your computer is so infected with Trojan viruses that you must let this rogue program remove them now (for a fee of course).
Malwarebytes Antimalware specializes in these types of programs so I trust and use it to remove them. None the less, the problem is solved and hopefully you'll be better equipped to handle the attack yourself if ever you're ever confronted with it.
We know that it get's on people's computer while they're surfing the internet. All they have to do is click a link to an infected page and suddenly they find themselves confronted with several pop-up windows telling them their computer is infected.
The problem is that it's impossible to narrow down the web site that is infected, because .... well, countless web pages are infected. Today, I was doing research for my genealogy web site and was searching for genealogical societies in Pennsylvania when I stumbled across an infected site. I thought I would share exactly what happens next so that you can take proper steps to remove the rogue program before it infects the rest of the computer.
So as I mentioned earlier, I was searching Google for "genealogical societies in Pennsylvania" when I stumbled across the search result below.
Now if I had been paying better attention, I never would have clicked on the link because several things stood out as red flags just looking at it. But I was in my 4th hour of research by that point, hungry, and blurry eyed, so I just clicked away! Big mistake!
Looking at the image above, two things stand out (circled in red) that I should have paid closer attention to before clicking the link. The first one is the yellow exclamation point (top right). This was Norton warning me that this site is not safe. The second red flag is the actual link of the site (also circled). I'm searching genealogical societies and the link starts out: italiaclubprive.com. That should have been a huge flag if I had been paying better attention.
None the less, I missed the red flags and clicked the link. Next I was confronted with the following warning message.
Having seen the Windows Antivirus more times than I can count, I recognized this warning message immediately and tried to Cancel it. As expected, that caused several more pop-up messages warning me my computer was infected and that I should click OK to fix the problem. Every time I canceled the prompts, I was hit with more and stuck in an endless loop of warning messages.
After several cancellations, I eventually got to the Windows Security Alert window shown below (confirming my hunch that this was indeed the dreaded Windows Antivirus).
At this point, there was only one way to get out of the endless loop of warning messages. I had to close my internet browser. But of course, the only way to do this now, was to open the Windows Task Manager, find my browser in the list of processes, highlight it and click END PROCESS.
If you're not familiar with the Windows Task Manager., hit CNTRL - ALT - DEL on your keyboard (holding all 3 keys down together) to call it up. Then click the PROCESSES tab and find your browser in the list (Firefox, Internet Explorer, etc.). Single left-click it to highlight it, then click the END PROCESS button. If done correctly, your internet browser should close.
After my browser was closed, I wanted to make sure the rogue program was off my computer. So I opened my favorite malware program (Malwarebytes Antimalware), updated it and then ran the quick scan. Sure enough it found 3 infections listed as "Rogue.Security Toolbar". I click the appropriate prompts to let Malwarebytes remove the program and then rebooted the computer when prompted. Then I ran Malwarebytes again just to verify the rouge program was gone from my computer (and it was).
You might be wondering why Norton didn't remove it. Well, the quick answer is that I didn't ask Norton to. I let Malwarebytes remove it instead since I knew it could handle it from previous experience. If you recall, Norton did try and warn me when I was looking at the search listing in Google and I ignored it.
Malwarebytes Antimalware specializes in these types of programs so I trust and use it to remove them. None the less, the problem is solved and hopefully you'll be better equipped to handle the attack yourself if ever you're ever confronted with it.
Monday, September 28, 2009
Beware of Alpha Antivirus
Today, I was doing some research on a client's motherboard and found myself clicking a link which promised more information about that model. But when I clicked the link, I was faced with a white screen and the following message:
Making matters worse, when I tried to "X" out of the screen, I was hit with several more windows which gave me the impression the software was already downloading itself to my computer, followed by several virus warnings. And of course, it was impossible to "X" out or "Cancel" the screens.
Luckily for me, I've seen this rogue malware program before under different names. It's basically the Windows Antivirus malware program renamed and redistributed. Only this time, it was called, "Alpha Antivirus".
This message was intended to scare me into downloading this malware software. And of course, programmers fixed it so that when you hit the red "X" or "cancel" to close the window, more messages popped up giving the impression the software download was in progress. They also wanted you to believe that your computer was horribly infected with viruses as seen on the screen below:
If you should fine yourself in this situation .... here's what you do. First, don't panic! This is a very effective scare tactic designed to persuade you into downloading rogue software. But if you follow the instructions below, Alpha Antivirus (or Windows Antivirus, or whatever name it's going by) will NOT be downloaded to your computer.
It's impossible to "cancel" or "X" out of the warning messages. So don't waste your time. Instead, go to your keyboard and hit the CNTRL + ALT + DEL keys to bring up the task manager (some computers will see a blue windows screen with the option to click on Task Manager).
Once the Task Manager is open, click on the PROCESSES tab (if you're not already on it) and then scroll down the list to find your internet browser. In my case, I was using Firefox when the Alpha Virus warning messages started popping up, so I wanted to find the process "Firefox.exe" If you're using Internet Explorer, you'll want to find the process, "Iexplorer.exe.
Once you find the process, single left click it once to highlight it in blue and then click the END PROCESS button at the bottom of the Task Manager window. This will close your internet browser.
The next thing you want to do, is a health check of your computer. There's a program you can (and should) download called, "Malwarebytes AntiMalware". This is on the best programs you can have on your computer. It's also one of the few programs that will erase Alpha Antivirus (Windows Antivirus, etc.) from your computer. The free version will work.
So if you don't already have Malwarebytes AntiMalware on your computer, download it and run a Full scan just to be sure that you don't have Alpha Antivirus on your computer.
If you do already have Malwarebytes AntiMalware on your computer, update it and run a full scan.
If you love Malwarebytes AntiMalware as much as I do, you can buy the full version which will also let you automate the software (for auto updates and scans). The free version works great, but there's no automatic features in it. To buy the full version of Malwarebytes AntiMalware, click here.
Oh yeah ... one more thing. When you go to reopen your internet browser, you may the option to "start a new session" or "restore previous session". If you do, be sure to choose the "new session" option.
Making matters worse, when I tried to "X" out of the screen, I was hit with several more windows which gave me the impression the software was already downloading itself to my computer, followed by several virus warnings. And of course, it was impossible to "X" out or "Cancel" the screens.
Luckily for me, I've seen this rogue malware program before under different names. It's basically the Windows Antivirus malware program renamed and redistributed. Only this time, it was called, "Alpha Antivirus".
This message was intended to scare me into downloading this malware software. And of course, programmers fixed it so that when you hit the red "X" or "cancel" to close the window, more messages popped up giving the impression the software download was in progress. They also wanted you to believe that your computer was horribly infected with viruses as seen on the screen below:
If you should fine yourself in this situation .... here's what you do. First, don't panic! This is a very effective scare tactic designed to persuade you into downloading rogue software. But if you follow the instructions below, Alpha Antivirus (or Windows Antivirus, or whatever name it's going by) will NOT be downloaded to your computer.
It's impossible to "cancel" or "X" out of the warning messages. So don't waste your time. Instead, go to your keyboard and hit the CNTRL + ALT + DEL keys to bring up the task manager (some computers will see a blue windows screen with the option to click on Task Manager).
Once the Task Manager is open, click on the PROCESSES tab (if you're not already on it) and then scroll down the list to find your internet browser. In my case, I was using Firefox when the Alpha Virus warning messages started popping up, so I wanted to find the process "Firefox.exe" If you're using Internet Explorer, you'll want to find the process, "Iexplorer.exe.
Once you find the process, single left click it once to highlight it in blue and then click the END PROCESS button at the bottom of the Task Manager window. This will close your internet browser.
The next thing you want to do, is a health check of your computer. There's a program you can (and should) download called, "Malwarebytes AntiMalware". This is on the best programs you can have on your computer. It's also one of the few programs that will erase Alpha Antivirus (Windows Antivirus, etc.) from your computer. The free version will work.
So if you don't already have Malwarebytes AntiMalware on your computer, download it and run a Full scan just to be sure that you don't have Alpha Antivirus on your computer.
If you do already have Malwarebytes AntiMalware on your computer, update it and run a full scan.
If you love Malwarebytes AntiMalware as much as I do, you can buy the full version which will also let you automate the software (for auto updates and scans). The free version works great, but there's no automatic features in it. To buy the full version of Malwarebytes AntiMalware, click here.
Oh yeah ... one more thing. When you go to reopen your internet browser, you may the option to "start a new session" or "restore previous session". If you do, be sure to choose the "new session" option.
Wednesday, May 20, 2009
Beware of Messages Saying You Have Trojans
This morning a friend of mine was playing a game on Facebook and noticed popup messages saying she had 6 Trojan viruses on her computer and Windows needed to remove them right away. The messages appeared be from "Windows Security" and even had the little Microsoft shield on them. Although the messages stressed urgency in letting Windows Security remove them, my friend stopped everything and called me (lucky she did!).
If she had accepted the messages, she would have installed one of the worst malware, rogue programs currently circulating on the internet.
This rogue program is known by many names, but it's best known as Windows AntiVirus - and it's a really bad program to have on your computer. It literally holds your computer hostage for money - and even after you pay, it continues to ask for more.
Here's where it gets tricky. Even when the program hasn't been installed yet on your computer, it's difficult to close the warning messages which are trying to trick you into installing the program. When you hit the red "x" to close the window, a new popup appears advising you to remove the viruses before closing windows and your choices on that window are "OK" and "CANCEL". Clicking OK is the WORST THING YOU CAN DO (as it will install the program). But clicking CANCEL just brings up new popup messages stressing urgency to remove the program. The goal is to fluster you into clicking OK.
The only way to close the windows at this point is to do a CNTRL-ALT-DEL on the keyboard to bring up the task manager. Then click the Applications tab, highlight each program listed and click END TASK. Be sure to click END NOW also on any subsequent popup messages. This will close out everything you had open (including email and your internet browser), but it will keep you safe.
The next step is to update your antivirus software and run a full scan just to be sure you don't have any viruses on your computer.
If you do notice more popup windows on your computer (while not connected to the internet) telling you have you have trjoans (especially if the program has a windows shield on it), chances are your computer is infected with the malware program. If that's the case, click here for removal instructions.
If she had accepted the messages, she would have installed one of the worst malware, rogue programs currently circulating on the internet.
This rogue program is known by many names, but it's best known as Windows AntiVirus - and it's a really bad program to have on your computer. It literally holds your computer hostage for money - and even after you pay, it continues to ask for more.
Here's where it gets tricky. Even when the program hasn't been installed yet on your computer, it's difficult to close the warning messages which are trying to trick you into installing the program. When you hit the red "x" to close the window, a new popup appears advising you to remove the viruses before closing windows and your choices on that window are "OK" and "CANCEL". Clicking OK is the WORST THING YOU CAN DO (as it will install the program). But clicking CANCEL just brings up new popup messages stressing urgency to remove the program. The goal is to fluster you into clicking OK.
The only way to close the windows at this point is to do a CNTRL-ALT-DEL on the keyboard to bring up the task manager. Then click the Applications tab, highlight each program listed and click END TASK. Be sure to click END NOW also on any subsequent popup messages. This will close out everything you had open (including email and your internet browser), but it will keep you safe.
The next step is to update your antivirus software and run a full scan just to be sure you don't have any viruses on your computer.
If you do notice more popup windows on your computer (while not connected to the internet) telling you have you have trjoans (especially if the program has a windows shield on it), chances are your computer is infected with the malware program. If that's the case, click here for removal instructions.
Monday, December 15, 2008
Beware of Perfect Defender!
Perfect Defender is another rogue, malware program (like Windows Antivirus). You'll know it has found its way onto your computer when you start seeing popup windows warning you of infections and asking you if you want to block programs from accessing your computer.
This is the time to stop what you're doing and remove the program from your computer.
You won't find Perfect Defender anywhere in your control panel under "Add/Remove Programs" (WinXP and earlier) or "Program and Features (Vista). You'll need a special program designed to remove Perfect Defender (or a some computer-know-how to remove it manually).
My advice is to get purchase a program called, Anti-Malware (by MalwareBytes). I've used this program several times to remove Windows Antivirus, Perfect Defender, and other rogue malware programs, and it works better than most other programs (and is easier to use!).
Programs like Perfect Defender and Windows Antivirus are capable of finding their way past many antivirus software programs. Installing Anti-Malwarre on your computer will help protect from these kinds of threats. Best of all, buying the program is a one-time fee!
For more information about Perfect Defender and Windows Antivirus, click here.
This is the time to stop what you're doing and remove the program from your computer.
You won't find Perfect Defender anywhere in your control panel under "Add/Remove Programs" (WinXP and earlier) or "Program and Features (Vista). You'll need a special program designed to remove Perfect Defender (or a some computer-know-how to remove it manually).
My advice is to get purchase a program called, Anti-Malware (by MalwareBytes). I've used this program several times to remove Windows Antivirus, Perfect Defender, and other rogue malware programs, and it works better than most other programs (and is easier to use!).
Programs like Perfect Defender and Windows Antivirus are capable of finding their way past many antivirus software programs. Installing Anti-Malwarre on your computer will help protect from these kinds of threats. Best of all, buying the program is a one-time fee!
For more information about Perfect Defender and Windows Antivirus, click here.
Sunday, November 16, 2008
How to Remove Windows Antivirus
Is your computer infected with Windows Antivirus? I recently removed this annoying malware program from many of my client's computers and wanted to share the secret with you.
First let's talk about this program. This malicious program has been around a few years, and as such changes name every year. This year, it's called, "Windows Antivirus 2009". Last year it was "Windows Antivirus 2008", and so on.
If the name wasn't bad enough, another problem is that this program disguises itself to look like a legitimate Microsoft program (which it isn't). The icon even looks like a windows icon.
You've heard of "adware" and "spyware" ... well this program can be termed, "malware", "rogue-ware", or "ransomware". In short, it's a malicious program that infects your computer and holds it hostage for money (Perfect Defender is another rogue program)
Folks tend to get it by surfing the web stumbling across a web site that is infected or responding to a scary popup message. Once this program is on your computer, it will bombard you with scary messages about many infections are on your computer and convince you need to buy the program to remove them. But sadly, even after paying your $50 for the program, the messages never go away - and you're still left with the annoying problem and out $50!
By the way, there's no hope of recovering your money from the folks behind Windows Antivirus .... but you can call your credit card company and tell them you're a victim of an internet scam and have them cancel the payment.
Good news is that there is hope! There is a program that remove Windows Antivirus 2009 (and other versions of it) from your computer. This program is called, Anti-Malware by Malwarebytes. I've used this program on some of my clients computers and it worked like a charm .... which is why I highly recommend others use this program!
First let's talk about this program. This malicious program has been around a few years, and as such changes name every year. This year, it's called, "Windows Antivirus 2009". Last year it was "Windows Antivirus 2008", and so on.
If the name wasn't bad enough, another problem is that this program disguises itself to look like a legitimate Microsoft program (which it isn't). The icon even looks like a windows icon.
You've heard of "adware" and "spyware" ... well this program can be termed, "malware", "rogue-ware", or "ransomware". In short, it's a malicious program that infects your computer and holds it hostage for money (Perfect Defender is another rogue program)
Folks tend to get it by surfing the web stumbling across a web site that is infected or responding to a scary popup message. Once this program is on your computer, it will bombard you with scary messages about many infections are on your computer and convince you need to buy the program to remove them. But sadly, even after paying your $50 for the program, the messages never go away - and you're still left with the annoying problem and out $50!
By the way, there's no hope of recovering your money from the folks behind Windows Antivirus .... but you can call your credit card company and tell them you're a victim of an internet scam and have them cancel the payment.
Good news is that there is hope! There is a program that remove Windows Antivirus 2009 (and other versions of it) from your computer. This program is called, Anti-Malware by Malwarebytes. I've used this program on some of my clients computers and it worked like a charm .... which is why I highly recommend others use this program!
Updated 28 September 2009: In addition to Windows Antivirus, this program also goes by the names, Alpha Antivirus, Perfect Defender, and a dozen or so other names. But all warning messages look and act pretty much the same way.
Subscribe to:
Posts (Atom)