The 2 Biggest Security Threats in 2010

exterminate1

ScareWare &You

Without a doubt the largest threat to the security of your computer and consequently your identity, and bank account is YOU, followed closely by ScareWare. The best firewalls and most effective antivirus won’t help a bit if you, the user, click on Rogue Security Software and fake warnings. Known also as Scareware, this thief is fooling you big time. When it knocks, do not open the door.

The programmers writing todays scareware are as sophisticated and well paid as any of the Microsoft, or Norton/Symantec programmers. They design software that is indistinguishable from the real thing.

Even the well trained are being duped. Here’s an older Rogue security threat that masqueraded as Microsoft. This one is more than two years old so you can imagine how much better they are now. There is, of course, the same threat with the date changed to 2010 romping around now. Some are hijackers, some are trojans. The architecture doesn’t matter, it’s the damage they do that can ruin your life.

A big part of my day at PC Pitstop is spent in the Customer Service Department helping our customers overcome issues encountered while on their computers. Every day I see people describing ScareWare that has taken over their system. They are unable to run their antivirus because they can’t get to the sites they need. The Rogue AntiVirus has hijacked their browser and will not let them near a site that could help. Not being able to access a site or download a removal program is the work of the infection. The user receives a warning, clicks on a link to download an update and BAM! They’re infected.

What Do I Look For?

Any warning or suggestion that you are somehow infected is to be treated as possible scareware. You can be casually surfing the web or simply working with a program on your system when these false warnings arrive. Don’t click on them. Just because they’re knocking, don’t let them in. The same is true for any popup suggesting you need to download the latest version of a program or video player. Treat them all as suspect.

Looking for security software? You better know the software your reviewing. Even something as simple as a Google search can produce the very Rogue you are trying to avoid. Just because it shows up in a Google search doesn’t mean it’s safe. If you don’t know it, don’t let it in the door.

How Does It Hurt Me?

The most obvious damage but also the least troublesome, is that it prevents you from using your computer. It wastes your time looking for a way to rid yourself of the pest and get where you want to go. Consider yourself lucky if you realize you are infected and are successful removing it.

The next obvious damage is a little more frightening. It simply steals your money by duping you into buying the rogue program. Your immediate monetary loss may only be a few bucks but do you really think that is the end of it? Do you really want your credit card in the hands of people who duped you to begin with? Do you think they will keep your information safe? Just the thought of it is enough to make me shiver.

What Do I Do?

1.) Don’t click the OK button or any other command that pops up. Immediately hit your CONTROL/ALT/DELETE buttons to enter your Task Manager. Find the process that is giving you the warning and click “End Task”.

2.) Go to Start/Run and type “msconfig” (without the quotes) then click on the StartUp tab and make certain there are no items listed that do not need to be started with Windows. Look for the Rogue problem under StartUp.

3.) Run your copy of PC Matic along with your Free MalwareBytes, and the Free Superantispyware tool. Run all three and if needed you can also run the free version of Avast.

4.) Repeat the process but this time use SafeMode With Networking. The reason for running in Safe Mode With Networking is that the threat may not be active and able to resist removal. This is not always the case and in some cases you will not be able to access SafeMode With Networking.

To access Safe Mode with Networking repeatedly tap the F5 or F8 key while the computer is booting up. Once the menu opens, select Safe Mode with Networking, and if prompted, administrator. The screen will look different because the video driver is not loaded. That will return to normal after a reboot. To run PC Matic, you may need to go to Start>Programs>PC Pitstop>PC Matic if the desktop icons are not present.

If the computer connects to the Internet using a wireless connection, it may be necessary to connect using an Ethernet cable in order to have Internet access from Safe Mode with Networking.

5.) HiJack This: If running all of these programs from Safe Mode with Networking does not resolve the issue, your next step is to scan with the HiJackThis tool and post a log on our website. Get assistance from one of our Trusted HJT Advisors. You can read about HJT here. Post your log here.

There is no one program that removes all threats at all times. If it were that easy the bad guys would have quit long ago. Virus and malware mutate by the minute. What you were protected against this morning is not what is attacking you this afternoon.

One of the things that causes some discussion here is the way to handle Windows System Restore. I’m a firm believer in turning it off before starting the removal process described above. The reason for this is that the virus can hide there. You clean your system, find no more problems but then a few days later you are infected again.

Anytime you turn off Windows System Restore you are taking a risk. I am now suggesting that you follow the steps outlined above and when finished and testing clean, turn off Windows System Restore. Repeat the whole procedure and then turn it back on and create a new single restore point. If you are unable to get a clean scan and have already decided to do a re installation of your operating system, then by all means, turn off System Restore and try the procedure once again.

Good luck and happy computing.

Useful Links

______________________________

Superantispyware

MalwareBytes

Microsoft Block List

iPhishing

ScareWare Examples

105 total views, 3 views today

(Visited 10 times, 1 visits today)

33 thoughts on “The 2 Biggest Security Threats in 2010

  1. Why do the antivirus products not stop these rogue products from installing themselves in the first place? If something like MBAM is able to detect and remove them, surely such products should be able to prevent the infection in the first place?

  2. I have decided the best way to recover from this is to image your hard drive using the imaging software found in Windows7 or using programs such as Acronis True Image Home. This will make a complete copy of your computer on a removable hard drive which you can use to restore your computer to your last back up if you cannot remove the scare-ware.
    It has saved my customers and myself many hours and dollars as the infected or corrupted pc can be restored in hours (often less) even after lightening strike damage (non hardware damaged)and faulty MS updates.

  3. My story might be of help to those likely to catch this infection.
    I became infected by a rootkit some time ago. It suddenly appeared, scanned my PC and said it was infected by numerous and a range of critical viruses. The program behavied as you would expect from a professionally designed microsoft program with logos etc. The clue that it was a rogue was by taking over the PC and scanning when I attempted to open other programs. Of course it closed down internet explorer so I couldn’t get onto the internet to check it out. In fact I quickly found there was nothing I could do to clear it and that is the point when you feel completely helpless. After a couple of hours and having tried everything I realised that I had a second brower, Mozilla, on file but had never opened it. To my relief the rootkit hadn’t infected Mozilla and I managed to get onto internet and found that it was a rogue rootkit program. Because Mozilla hadn’t been infected I managed to download and scan with PC Doctor. This located and deleated most of the rootkit and further scans also with Avast located other parts of the virus filed in various locations including system restore. Those last scans cleared the rootkit completely and when that happens I can tell you its a great sigh of relief. My suggestion is always keep a second or third brower on file as the infection seems to penetrate the default broswer.

  4. I got hit with one of these “gems” last year. It disabled the USB, so I couldn’t download tools & updates from another computer. Scans running in Safe Mode hung about the time it tried to deal with the problem program. I couldn’t use Task Manager. However, I could use Process Explorer. It’s free from:

    http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

    (There’s other cool things available from the SysInternals group.)

    Once I killed that off I used the free tools mentioned in the article to clean it up, along with ZA. Eventually I rebuilt my system w/ a partitioned drive (C: & D:).

    I have several external drives that I rotate for backup of my data. SyncBack has a free version that provides incremental copying of new or changed files. I manually copy the latest Outlook PST files to the D: drive, as well as the Outlook Express files. You can find the free version here:

    http://www.2brightsparks.com/downloads.html#freeware

    I do the same thing with our home network server. This is really handy when traveling. I make two copies and keep one at home and take one with me.

  5. Great article… I have had to repair/remove this malicious software from three computers. A co-workers and the granddaughters twice. The rogue spy ware program would not let me download Malwarebytes or any other programs that could be used to find and eliminate it. On one computer I actually did a restore and it eliminated the infection. Two other times I downloaded Malwarebytes, spy bot and others to a external harddrive and installed them on the infected computer. I was able to find and delete the programs that way. The only safe way to not get infected is to never click on these pop-up. Shut down the computer and re-boot. Then run your scans.

  6. Good article — but, we are asked to do the very thng that he says not to do: click on misc solitations -4 of them!

  7. I’ve fought these sort of infections as a side business for some years. I haven’t had the opportunity to try Superantispyware or malwarebytes yet. I will but expect them to be limited at what they can correct in a Windows system. Many, like Virtumonde, get their hooks into the operating system as soon as Windows starts. My solution was to disconnect the computer from the Internet, trim down as much as possible & identify the remainder then use a Linux CD to track down the remaining pieces and delete them. Lately, I’ve read of a method using a Linux CD to do the entire malware removal. This stuff is written to run in Windows and is largely unable to function under Linux.

    The idea of keeping separate partitions is OK up to a point. Many programs still insist on storing data on the C: drive.

    I lost a computer to a lightning strike a couple years ago. Fortunately, I had backed up my data to an external hard drive not 2 days prior then disconnected the external drive and stored it elsewhere. I lost almost nothing. The point is to keep a copy of all your data somewhere off the main computer. Stuff happens; Lightning, fire, flood, mechanical failure, whatever. You can replace the hardware & software. The data files are yours alone.

  8. For JJ; to get the article to print, just use Ctrl>A to select All, Ctrl>C to copy; then open up some word processing program and Ctrl>V to paste it in. You can then keep or delete the illustrations and print it very nicely.

  9. At last an article that actually gives guidance about what to do when any rouge pop up scan prompt appears. In my experience, it doesn’t matter whether you click OK, Cancel or (as most people probably would do) the top right hand cross to close the pop up, it would still invariably animate a fake scan and install the rouge then render your existing security product (whatever that may be) virtually useless.

    The fact is that unless you click CONTROL/ALT/DELETE immediately to end the task of the stubborn rouge pop up, thereby collapsing the browser completely, and restart your session, you almost have no hope of preventing yourself from being infected.

    Remember that no security product can protect you from the greatest security risk of all – you, the PC user. There is no such thing as total security. You cannot make your PC impregnable with security software. The first step to a safer Web experience is to adopt safe computing practices, and use complementary security software that balances effectiveness against cost and inconvenience. The idea of perfect computer security is a myth. Don’t click on any rouge scanner pop up prompts. Use CONTROL/ALT/DELETE immediately to END their task!!!

  10. I run Windows XP Pro and use BT internet who supply McAfee protection. I have my drive with C to K and for externals L to Q.
    I did click on this but immediately a large red screen came up with bells ringing warning me not to proceed.
    I delete the program and looked at “Ask Leo” about this and I chose a program called SpywareHunter4. I ran this and foud that I had 440 malware threats in various degrees from High to low. With a complete scan these threats were removed.
    A lot of the threats come from cookies and I scan these before I go on line. Also I go to Windows Explorer – options – and do a complete delete of all the sections listed there. After coming off line I do another scan.

  11. I thought that was an excellent article on an important topic.
    What’s more, although I’m no expert, I think I can follow that advise for myself.
    But I can’t do it “off the screen”, and I can’t get a print out:
    What I do get is: page 1, just the header, page 2, one page of the text, page 3, just the footer. So the second (and maybe third?) page of text is lost.
    I’m using Firefox under XP home v3, both with auto-update.
    Anyone with advice?

  12. My computer was attacked by a scareware program masquerading as a virus killer. I have no idea how it got on my computer, since I didn’t click on anything. But, to remove it, I first went back to Windows restore. Once the computer was operating normally again, I shut it off and re-booted. Then I went into safe mode/networking and d/l a program called ‘Spybot Search & Destroy’. I ran it twice, once again after rebooting. This seems to have solved the problem.

  13. Please what can you tell me about Kybtec World Clock. I have been subscribing to that program for years. I have kept up my updates and all. Recently I had to do a complete reformat of my hard drive on my desktop and my laptop. I have corresponded to the company with all the deatails of my account number, receipt number, and email address and only get the usual “we will get back to you shortly” message. All efforts to contact the company for a “startup code” have been fruitless. What is with this bloody company To me they are must about as bad as those in your article. All attempts to connect have been fruitless. I think all of your readers who have this program or who are considering this program should be warned about this Foreign ripoff. Roy LaValley

  14. Thanks, Steve, for a terrific article. I will share it with our 11,000 WOT facebook fans.

    As you pointed out, even experienced Internet users can fall prey to rogue software as well as online scams, phishing and other security threats. This is because cybercriminals use a clever combination of social engineering and technical advances to steal information from consumers and businesses.

    In addition to the recommendations you gave, I suggest using Web of Trust, the leading crowd-sourced safe surfing tool. WOT’s 13 million users have rated the reputation of 29 million web sites in four categories: trustworthiness, vendor reliability, privacy and child safety. If you happen upon one of these rogue security sites, a WOT warning will come up so you can make a hasty retreat. You can provide ratings yourself too, so that others will be protected. WOT works on Firefox, Chrome, Safari and Internet Explorer. Free download at http://www.mywot.com

    We made a video about evil rogue security products a while back, but it is still relevant to this subject. I hope you’ll take a look. http://www.youtube.com/watch?v=owZnpVI_g4Q

    Safe surfing,
    Deborah
    Web of Trust

  15. Happened to me yesterdy but when I tried to Alt/Delete, it told me that Task Manager was infected! Every time I closed something, something else popped up including porn sites like crazy (something I never visit!) I’m not sure how I finally did it–actually AVG did it–but AVG had been running a scan while this was going on and when all was said and done and I turned off the computer after the scan was finished, AVG had trapped it–backdoor generic, I think it was called. What a headache!

  16. I’m no computer guru by anyone’s definition, but I’ve a bit more knowledge than some friends. I’ve had three of them experience the scareware infestation and have managed to get all three cleaned by simply booting into safe mode then using System Restore to a few days before the infection appeared. Thereafter, they were able to access the various security items mentioned by Steve Hogan to insure all was well. I can’t see a downside to using this method to correct the problem.

  17. First off great timing of this article! I’m helping a friend out with one of these right now. Tricky little sucker. Hid itself from msconfig–>start-up. (even in safe-mode)
    I was able to enter safe mode w/net, and run ccleaner–>tools–>start-up. Found him in there labeled 90358 or something. I disabled, restarted, and windows was back.
    I installed the SUPERAntiSpyware prog. (and some others) and all is well now.

    Second, I totally agree with Thomas! Why is the holder of the account that gets the money not held accountable? That would be easily traceable I would think.

  18. Regarding David’s suggestion about partitioning and/or using
    a separate drive for Windows… I did exactly that some time
    ago (when W98SE was the L&G). I’ve never found out exactly
    what happened, but something caused my PC to “eat” the “D”
    drive.

    I was able to recover almost everything that really important
    that was damaged, although I did lose about 20% of my
    personal stuff.

    The single program that sustained the most considerable
    damage was my copy of MS Flight Simulator 2000. Almost every
    single file in it was corrupted.

    The thing that has me the most concerned, then and now, is
    that using this solution — all personal files on the
    separate drive — is something that I find extremely Windows
    unfriendly. Windows doesn’t seem to want you to do that, and
    makes it very difficult.

    Has that changed in the last couple of years? Or do they
    still want all physical and logical drives dumped together
    into 1 big C drive, so the OS doesn’t have to worry about
    trying to figure out what drive your stuff is on?

    If there was something out there other than LINUX or Macs,
    I’d be very tempted to try it.

    Chuck

  19. I dont understand, i was just attacked by by one of these , knew to shut off the proxy it created and was allowed to get back online. had i not known better i would have paid the “price” for the software and removed (not really i know), but that means someone would have gotten my money, why is the holder of the account that gets the money accountable?

  20. Here is a really good point missed here, partition your hard drive so windows is in the traditional C: partition and keep all the personal documents,pictures,video etc in the scond partition(and in a seperate removable hard drive if possible) and then if you get infected (as I did last year) you can reinstall windows into the C: partition, have a clean new version of windows and all your personal data will be unaffected! Experience has proven that most malware is only interested in the C: partition, can anyone think of any better ideas? (except not being infected in the first place of course!)

  21. i got hit with something like that and now my homepage won’t show up and every once in a while it reloads it’s self.
    the one i got was one which said it was microsoft but it wouldn’t let me run my web clam, it shut down every file saying warning file can not be opened.
    malware quirentines it but says it can’t remove it
    i have tried safe mode.
    don’t know enough to go any further with it.
    it also seems to regenerate it’s self?
    on opening files , exe files. am i dreaming that or misinterpreting it.

  22. I have dealt with some of those same problems with other people personal computer and laptops. It is really hard to do anything with scareware on the computer. You can’t update programs, you can even get on the internet. After reading this, I have found myself in those situation and now I know what to do for the next time I am working someone else computer.

  23. I,ve been a customer for many years and PC PIT STOP and they have been truely been by far the best web site for the average user. I’m going to forward this to as many of my fello non guro’s. I want them to know that there is help out there for us.

  24. Great article, but it really beges yet another question: HOW DO WE KNOW THE ARTICLE IS GENUINE AND THE LINKS IN THE ARTICLE ARE SECURE/VALID AND NOT ANOTHER TRAP?

    Not that I distrust this particular e-mail, but the day will come where even an article such as this will be another trap!

  25. Good article. As a computer consultant I have seen Rootkit infected machines where the threats run in safe mode, or that have disabled access to safe mode. Therefore, I would change #4 to “might not be active” in safe mode.

Leave a Reply

Your email address will not be published. Required fields are marked *