Be Cautious of Windows Security Alerts

I've shared a lot of information in the past about the dreaded Windows Antivirus program.  It's a malware program that has been infecting many of my client's computers over the last couple of years.  While the characteristics are the same, the rogue program keeps changing names and getting better at evading removal.

We know that it get's on people's computer while they're surfing the internet. All they have to do is click a link to an infected page and suddenly they find themselves confronted with several pop-up windows telling them their computer is infected. 

The problem is that it's impossible to narrow down the web site that is infected, because .... well, countless web pages are infected.  Today, I was doing research for my genealogy web site and was searching for genealogical societies in Pennsylvania when I stumbled across an infected site.  I thought I would share exactly what happens next so that you can take proper steps to remove the rogue program before it infects the rest of the computer.

So as I mentioned earlier, I was searching Google for "genealogical societies in Pennsylvania" when I stumbled across the search result below.

Now if I had been paying better attention, I never would have clicked on the link because several things stood out as red flags just looking at it. But I was in my 4th hour of research by that point, hungry, and blurry eyed, so I just clicked away!  Big mistake!

Looking at the image above, two things stand out (circled in red) that I should have paid closer attention to before clicking the link.  The first one is the yellow exclamation point (top right).  This was Norton warning me that this site is not safe.   The second red flag is the actual link of the site (also circled).  I'm searching genealogical societies and the link starts out: italiaclubprive.com.  That should have been a huge flag if I had been paying better attention.

None the less, I missed the red flags and clicked the link.  Next I was confronted with the following warning message.

Having seen the Windows Antivirus more times than I can count, I recognized this warning message immediately and tried to Cancel it.  As expected, that caused several more pop-up messages warning me my computer was infected and that I should click OK to fix the problem.  Every time I canceled the prompts, I was hit with more and stuck in an endless loop of warning messages.

 

After several cancellations, I eventually got to the Windows Security Alert window shown below (confirming my hunch that this was indeed the dreaded Windows Antivirus).

At this point, there was only one way to get out of the endless loop of warning messages.  I had to close my internet browser.  But of course, the only way to do this now, was to open the Windows Task Manager, find my browser in the list of processes, highlight it and click END PROCESS.

If you're not familiar with the Windows Task Manager., hit CNTRL - ALT - DEL on your keyboard (holding all 3 keys down together) to call it up.  Then click the PROCESSES tab and find your browser in the list (Firefox, Internet Explorer, etc.).  Single left-click it to highlight it, then click the END PROCESS button.  If done correctly, your internet browser should close. 

After my browser was closed, I wanted to make sure the rogue program was off my computer.  So I opened my favorite malware program (Malwarebytes Antimalware), updated it and then ran the quick scan.  Sure enough it found 3 infections listed as "Rogue.Security Toolbar".  I click the appropriate prompts to let Malwarebytes remove the program and then rebooted the computer when prompted.  Then I ran Malwarebytes again just to verify the rouge program was gone from my computer (and it was). 

You might be wondering why Norton didn't remove it.  Well, the quick answer is that I didn't ask Norton to.  I let Malwarebytes remove it instead since I knew it could handle it from previous experience.  If you recall, Norton did try and warn me when I was looking at the search listing in Google and I ignored it.  

This particular rogue program isn't a true virus in the way other viruses work.  This program is very malicious and tries to extort money from you by scaring you into believing your computer is so infected with Trojan viruses that you must let this rogue program remove them now (for a fee of course).

Malwarebytes Antimalware specializes in these types of programs so I trust and use it to remove them.  None the less, the problem is solved and hopefully you'll be better equipped to handle the attack yourself if ever you're ever confronted with it.

How Run Malwarebytes Anti-Malware

Most of my clients know that one of my favorite software programs is Malwarebytes Anti-Malware!  This program has helped me remove some of the top Malware and virus threats on their computers. As a result, I help all my clients download and install this program on their computers.  I've written much about about Malwarebytes Anti-Malware in previous posts, but I wanted to focus this post on showing folks how to update it and run the scans.

First, after you download and install Malwarebytes Anti-Malware, you'll see a red icon with a white "M" on your desktop (like that shown on the right.  You may or may not see the shield on top it.  To run the program, just double left-click the icon (Windows Vista and 7 may ask you to confirm that you want to open/run that program).  After the program opens, you'll see the screen below.

Don't be fooled by all the tabs you see.  The only two that you really need to pay attention to are the "Scanner" tab and the "Update" tab (circled in red). 

If you're using the free version of Malwarebytes Anti-Malware, you'll have to manually update the software and run the scan.  

So first thing you want to do after opening Malwarebytes,  is click  the UPDATE tab so you can update the software. 

Once on the update page, there are two pieces of information you'll want to pay attention to.  The first is the date of the last update.  Malwarebytes provides updates daily. And every time you update it, this date will change.  Knowing when you last updated the software and ran the scan is helpful.  

The next step is to click the "CHECK FOR UPDATES" button (you must be connected to the internet for this step).  Depending on when you last updated the software, it could take a few minutes to complete, and you may (or may not) need to reboot the computer to finish the update.  Sometimes Malwarebytes will need to close the application and then you'll have to reopen it.

Just be sure to always update the software before running the scan.  

After Malwarebytes has been updated, click the SCANNER tab to run the scan.

There are two types of scans you can run - Quick Scan or Full Scan.  Most of the time, the Quick Scan will suffice (especially if you're running scans regularly).  The only time I run the Full Scan is when I want to perform a deep thorough scan for maintenance purposes or when I suspect a problem.   

The Quick scan takes 15-30 minutes are on average and the full scan can take anywhere from 1-6 hours (depending on the size of your hard drive and how much data you have on it).  The good news is that you can do other things on the computer while the scan is running - although it may slow you down a bit.

After selecting the type of scan you want to run (Quick or Full), click the SCAN button to start the scan. 

While the scan is running, you'll notice that it shows "Objects Infected" followed by a number (which is zero at the start) on the screen.  If Malwarebytes finds any problems, "Objects Infected" will turn red and show a number.  You'll have to wait for the scan to complete before you can see what it found.  If Malwarebytes doesn't find anything, this number will remain "0".

If you look at the bottom of the window while the scan is running, you'll see two buttons:  "Purchase" (if you're running the free version) and "Exit".  If  Malwarebytes finds infections, these buttons will disappear after the scan completes and you'll see a new button labeled, "SHOW RESULTS" (you'll only see this button if infections are found).

If you see the "SHOW RESULTS" button after the scan completes, you'll want to click it. The next screen shows you in detail what infections were found and by default, all are checked.  To remove those infections, you'll want to click the REMOVE ALL button.  In most cases, you'll be told to reboot computer to complete the removal process. 

After you reboot computer, I would recommend running the scan again to make sure it comes out clean.  I have seen cases where a scan needed to be ran 2 or 3 times before all infections were removed.

I recommend updating and running Malwarebytes Anti-Malware at least weekly to help keep your computer clean of malware. 

How to Protect Your Computer From Malware

In addition to virus protection, it's important to protect your computer from Spyware, Adware, and Malware.  Some "internet security" and Antivirus software will protect you against some of the additional threats, but they may not catch them all.

For years I ran Stopzilla and  Lavasoft's Ad-aware on my personal computer from spyware and adware.  But since discovering, Malwarebytes Anti-malware, I now favor this program. I've written several posts about the biggest Malware threat (Windows Antivirus) nfecting many of my client's computers, and Malwarebytes Anti-malware is the ONLY program out there that's been able to completely remove it in most cases.  For that reason alone, I've become a HUGE fan of Malwarebytes.

Malwarebytes makes a free and paid version of their Anti-malware program.  I've been using the free version, which is fine for me, but it's takes some discipline on my part.  The biggest difference between the paid and free version is automation.  With the free version of Antimalware, I have to remember to update the software and run the scans myself.  The paid version will automate updates and scanning for you.  If you're one of those people who doesn't want to be bothered with managing the software yourself, then I'd highly recommend getting the paid version.

Regardless of which version you use of Malwarebytes Antimalware (paid or free), I highly recommend downloading and installing it on your computer.  And of course, don't forget to use it!  This is one program you really want to have on your computer BEFORE some of these problems find their way onto your computer because some malware programs will prevent you from installing it after they infect your computer.

Between Norton Internet Security and Malwarebytes Antimalware, my computer stays really clean of viruses, malware, spyware and adware.

To download and install Malwarebytes Antimalware, click here.

Beware of New Computer Virus (Conflicker Worm)

There's a new computer virus going around called, Conflicker (a.k.a. "Downadup" or W32.Downadup") that is perhaps one of the most dangerous computer viruses ever created. This computer virus is a malicious worm, meaning it replicates itself and causes harm to PC's and networks.

Like most computer viruses, one of the first things it does is turn off automatic updates (for Windows and Antivirus software). It also deletes previous restore points and prevents PC's from accessing certain security sites. Once it has the computer pretty much disabled so that it can't remove this virus, it then configures the PC to connect to the malicious virus server so that it can receive further malicious programs and wreck havoc from there.

This worm is hyped to be far more serious than any other to date and as such is something to pay close attention to. Make sure all Windows Updates are performed and that you have a good AntiVirus software program installed and that it's up to date.

If you do get the Conlficker Worm (or W32.Downadup Worm), Norton has a special tool you can use to remove it. To get Norton's removal tool for W32.Downadup Worm, click here.


For more information about the Conficker worm, click here.

Beware of Perfect Defender!

Perfect Defender is another rogue, malware program (like Windows Antivirus). You'll know it has found its way onto your computer when you start seeing popup windows warning you of infections and asking you if you want to block programs from accessing your computer.

This is the time to stop what you're doing and remove the program from your computer.

You won't find Perfect Defender anywhere in your control panel under "Add/Remove Programs" (WinXP and earlier) or "Program and Features (Vista). You'll need a special program designed to remove Perfect Defender (or a some computer-know-how to remove it manually).

My advice is to get purchase a program called, Anti-Malware (by MalwareBytes). I've used this program several times to remove Windows Antivirus, Perfect Defender, and other rogue malware programs, and it works better than most other programs (and is easier to use!).

Programs like Perfect Defender and Windows Antivirus are capable of finding their way past many antivirus software programs. Installing Anti-Malwarre on your computer will help protect from these kinds of threats. Best of all, buying the program is a one-time fee!

For more information about Perfect Defender and Windows Antivirus, click here.