• Home
• Prices
• About Us
  • How It Started
  • Mission Statement
  • Why Choose Computer Wizard?
  • Business Practices
• Virus Corner
• Services
  • Business Solutions
  • Hardware Repair
  • In-Shop Service
  • Networking
  • Remote Assistance
  • Software Problems
• Service Area
• FAQ
• Refer A Friend
• Jobs
• Contact Us
• CWI Articles
• Educational
• For Experts
• How-To
• Important
• News
• Service Announcements
• Success Stories
• Tips & Tricks

Dealing With Fake Antivirus Messages

I’ve written a few articles on this subject but in this one I’d like to summarize the information I have on how these operate and what you can do.

The Anatomy Of The Scam

The fake (or rogue) antivirus scam is a relatively new phenomena and it picked up tremendously in the last year or so. Apparently, it provides a much better return for online criminals then other methods.

Phase 1: Playing A Trick On You. First encounter is always a tricky website, or email that makes you believe that your computer is infected and that you need to take an action. Such action is usually to download something. Once you downloaded that “update” or “solution” then you get to the second phase.

Phase 2: Bullying. Once you downloaded that “solution” you will start to get almost constant message about the “dangerous infections” on your computer. Many of the scams interfere with your browser settings and redirects you to different pages, or just keep telling you that the web page you are on is dangerous.

The sole purpose of this show of lies is to sell you their “solution” to these made up issues. If you give in and buy it then you are in for a bad surprise. The scammers usually overcharge your card and the software you get is basically a worthless piece of junk.  If you are lucky you might be able to get your money back – not from the scammers but the credit card company might be able to stop the payment if you alert them early enough. Also if you give out your credit card information to scammers it’s likely that they’d put other charges on it. So I’d recommend requesting another card, just as if you have lost your card.

The Software of Fake Antiviruses

I think it’s worthwhile to understand how these software work behind the scenes.

They generally have two main modules:

#1 The advertisement module. It’s the module that generates the fake and alarming messages and tries to sell you something.

#2 The “protector”. This is a much more sinister module that hides deep within the system files and prevents the removal of the advertising module, disables the currently running antivirus and prevents running of software that might discover or eliminate the unwanted software.

Module #1 is always present since that’s the one that makes the money for the scammers. The #2 module is not always present. The recent trend is actually shows that it’s omitted more and more frequently. The reason is that the programs utilized in module #2 are essentially viruses and get caught by legitimate antivirus software. On the other hand The advertising module is not recognizeable by the antivirus software because they behave just like any other legitimate software on the computer. That’s the reason that you can get “infected” with these even you have a good, up-to-date antivirus software. Antivirus software in most cases actually do block the protector module.

Some Things You Can Do

Even if you are tricked and you did download the advertisement program. There are actions that you can do which might just get you back to normal:

If you have Windows Vista, or Windows 7 you can try following the steps in this article: Getting Rid Of Unwanted Software With System Restore in Vista or Windows 7

If you have Windows XP then here’s a procedure that has been successful:

- Start the computer in Safe Mode with Networking

(How to do it: http://pcsupport.about.com/od/fixtheproblem/ss/safemodexp.htm)

- Open up your browser (preferably not Internet Explorer) and go to “www.filehippo.com”. In the search box of the page (top right) type in “malware” and click search.  Select “Malwarebytes Anti-malware” from the list.

- Click Download Latest version (do not click on any advertisements on the page!). Download, save and run the software. During the installation you can leave all options as offered. This will install and update the software.

- Run the Quick Scan. When finished click on Show Results and then Remove Selected.

- Restart the computer. It will go back to normal mode.

The above procedure works if the “protector” module is not present. If it’s present then it will prevent your actions. Having a good up-to-date antivirus gives you the best chance to prevent the protector module files being installed.

Reinfections

I’ve seen several cases where the computer was cleaned up but shortly after the cleanup the same, or similar fake antivirus popped up. These I traced back to users visiting the pages, or opening email attachments that were the source of the previous infection. The “cure” for this is making the users of the computer aware of this type of scam and what to do when something comes up with a scary message. A previous article can give you some clues and techniques against being tricked: Recognizing Fake Antivirus Websites

The truth is that you cannot rely solely on the antivirus software to prevent this from happening. So far I’ve yet to see a software that could catch everything. A large portion of computer security depends on the user!

What if I can’t get rid of it?

There will be cases when the protector module is active and preventing the removal of the scam. This is the case when professional help is needed. I’d recommend bringing the computer in to our shop where we can run a very thorough check on the computer and we will not only get the unwanted software removed but in the process the computer will get optimized to run faster.