Imagine this evening that someone rang your doorbell at home. When you opened the door, a man was standing on your porch, waving some sort of high-tech device around for a few moments. Then he frowned and said, "There are some serious problems with your gas furnace. The interchanger is leaking and the regulator is stuck. I can fix it! May I come in?"
What would you do? Would you remember that yours is an oil furnace, and slam the door in his face? Or if you did have a gas furnace (or weren't sure what type you had), would you engage in the conversation? Make him wait on the porch while you check with someone who knows your furnace? Find out how much he charges? Let him in to do the work and pay him?
What if something similar to this appeared on your computer screen?
This is happening on computers around the world every day: You're using your computer, minding your own business when something pops up on your screen with a name like "Antivirus 2010" or "Security Scan." You see the progress bar fill quickly from left to right as it scans your computer. Then it displays a list of "Infections Found"! On your computer! There are 5 or 6 of them, with nasty-sounding names, in horrible orange and red text! You're confused and upset.
Then you spot the nice green button labeled "Remove All Infections" or "Do you want to activate your antivirus software?" Like Dirty Harry taking aim at a lawless punk, you click on it, glad you can wipe out these intruders. On the next screen, you read that this will cost you $42, you'll just need to enter your credit card information. Thinking that you have no other option or that it's not that
much money, you do it. After a few more minutes of processing, the problems are gone. What a relief!
More and more I'm hearing from clients who have experienced this. Despite the very convincing and dramatic performance, it's a complete fake, a scam, and an infection in its own right. To add insult to injury, the users who hand over their credit card information are actually paying to get infected
This type of software is in a special category. Some call it "rogue antivirus software" or "rogue security software," others call it "scareware" or "ransomware."
Here's the unfortunate part of the story: Every client I've helped with this type of infection already
had good, up-to-date antivirus software installed and fully functioning on their computer. In other words, two bad things happened:
- This infection got past their antivirus software (because, technically, it's not a virus), and
- The user was taken in by the scam, either completely forgetting that they already had antivirus software, or tricked into thinking that the scam software was somehow better.
There was nothing wrong with the user's antivirus software, this type of infection is just not something it's designed to protect against.
How can I tell that it's a fake?
Here are the most common clues I've observed, each
of which should raise a red flag:
How did it get into my computer?
- The "scan" software window came out of nowhere. You didn't choose to download it or install it or open it. No reputable company would distribute their software like this.
- The dramatic "scan" that finds the "infections" takes only a few seconds. With real anti-malware software (that actually finds and removes infections), it can take anywhere from 20 minutes to 3 hours to fully scan a computer.
- You can't close the program's window. Clicking the "close box" doesn't work, or it doesn't even have a "close" button you can click. Reputable software doesn't "trap" you in a window or prevent you from using your computer until you pay (or figure out how to remove it).
- The name of the program is very generic or vague. A legitimate company would not be shy about using their name and logo.
This is another complicated part of the picture. The most likely explanation is that your computer was infected by a "Trojan horse." That is, you (or someone else using your computer) were tricked into clicking a link in a malicious email (or tricked into visiting a malicious web site) that quietly downloaded this software onto your computer. However, the trickiness doesn't end there. If the dramatic "scan" had popped up immediately, you might have realized that the link you had just clicked was the culprit. Instead, the software probably waited days or weeks before popping up and putting on the dramatic show, making almost impossible to associate it with that link you clicked long before.
How can I remove it?
I've found that using special software that's designed to find and remove "malware" (a broad category of malicious software that includes viruses, spyware, Trojan horses, worms, and other types of infections) is the best approach. Many vendors let you download and use this type of software for free.
For Microsoft Windows I recommend the following free programs:
Each of these programs works in a similar way: You download, install, update (to get the latest protection), and then perform a full scan of your computer.
For Macintosh, I recommend the following commercial (paid) program:
However, sometimes it's not so easy to remove such infections. Some of them specifically resist being removed, some even actively prevent you from downloading or installing the removal software! If you find that you can't remove it yourself, don't give up or rush out and buy a new computer! Instead, get help from someone who knows how to do this. In most cases a computer can be successfully "cleaned" one way or another.
How can I prevent this from happening?
In an ideal world, you'd install one anti-malware software package that would give your computer full-time protection against all types of infections. Unfortunately, I have not yet seen any single program that does this well. Perfect prevention is difficult given the ever-changing nature of malware. My best advice is to use multiple programs:
- You should have antivirus software running full time on your computer. However, most antivirus programs are not very good at removing all other types of malware.
- If you add another full-time program to protect against other types of malware, it may "fight with" your antivirus software and make your computer operate very slowly.
- Thus, a reasonable compromise is to have antivirus software running full time on your computer, and to add one or two anti-malware programs that you periodically run manually to scan for additional types of infections.
- I had a client whose computer was clearly infected with this type of "scam" malware that also blocked some of my attempts to remove it. While I would have eventually prevailed, I discovered that when I switched to the other user account on that computer, the malware wasn't active, so I was able to remove it easily. For this reason I suggest having at least two user accounts on your computer.
You should also develop good computer security habits:
- Permit your computer to install system updates ("Windows Updates" on Windows, "Software Updates" on Macintosh), especially security-related ones.
- Don't let your antivirus software expire, and permit it to install updates and run its full scans.
- If you have children or teenagers (or anyone else with poor self-control who downloads everything in sight), ideally keep them away from your computer; lock them out with a user password if necessary.
- Be wary of suspicious emails and web sites.
The more you've done to properly maintain your computer's protection, the easier it will be to remove the infections you may still occasionally get.
Macintoshes are immune, right?
While viruses and other types of infections are rampant among Windows computers, if you use a Macintosh there is a popular belief that your computer is "immune" to infection. This is completely wrong. There are plenty of reasons to get antivirus software for your Mac:
- Prior to Mac OS X there were plenty of Mac viruses dating back to 1988. There are currently a number of known malware threats that target OS X dating back to at least 2006.
- Microsoft Word, Excel, and PowerPoint documents can carry Visual Basic macro viruses that can infect both Windows machines and Macintoshes.
- Your Mac can also be a "carrier" for Windows-specific infections.
- Currently, malware on Macintosh is not as common as on Windows, but over the next few years it's likely to increase to the point of becoming a major problem.
My advice: Seriously consider getting antivirus software for your Macintosh.
Things to keep in mind
Where to go from here
- Know that it takes a long time to scan your entire computer. Don't be fooled by software that "scans" your entire computer in seconds.
- Know the name of your antivirus software so you won't be fooled by a generic name. Popular Windows antivirus programs include Norton, Symantec, AVG, McAfee, and Sophos. Popular Macintosh programs include VirusBarrier, Norton, and Sophos.
- Don't pay for software you didn't choose to install, you may be paying to get infected.
- Get help if you can't remove malicious software.
- If you have been tricked into paying for this kind of "scam" software, call your credit card company as soon as possible. You may be able to get the charges reversed.
If you're confused or frustrated by something on your computer, I like to say, "You can do it!" You might just need a little encouragement, or information, or change of perspective, and that's where I come in.