- A screen shot of a Fake Anti-Virus program
Fake Anti-virus software, also sometimes called a Rogue, is installed by tricking the user into downloading and running an infected file from a website which was also designed to look like legitimate Anti-virus software.
So you’re just surfing along and suddenly your window turns into an Antivirus program alerting you that your computer is heavily infected with Trojans. You click “Remove All” and then “Run”. Now you’re really infected because you clicked run. Doh!
As stated before, it all starts when a user visits an infected website. The website, as if by magic, will take the form of a real program that tells the user that their computer is infected with a ton of viruses. In reality it’s just a web page. It will then attempt to convince the unsuspecting user, in a panic, to click a button to “Remove the Infections”. Clicking this button starts a file download, which usually has a Save or Run option. In most cases, people click run. Up until the point where they actually run the file, the computer has not yet been infected.
What Can I do When I See a Rogue Website?
- Screen shot of a Rogue Website
Notice the “Remove All” button in the picture to the left. They will all have some kind of button for you to click. Sometimes it says “Repair” or “Remove All”. Whatever the case, when you click the button your web browser will ask if you want to Run, Save, or Open the file. (DO NOT RUN OR OPEN THESE FILES)
When you see one of these websites that look like a real Anti-virus program you can try to close or exit the window, but it will try and make you stay on the page. You can close the window with the task manager if you know how, or just restart the computer. Just know that your web browser might try to reopen the web page the next time you start it. Some browsers, like Internet Explorer, will ask if you want to open the last session or go to your homepage, in which case your homepage is the best choice. In any event, you should then run a full scan using your own Anti-virus software.
What if I Ran The File to Remove Infections?
- A screen shot of a Fake Alert
When the infected file runs or opens, it installs itself into the computer and will start each time the computer starts. These viruses can do many things to prevent you from cleaning or using your computer at all.
Usually, the purpose of this virus is to give the appearance of more infections and to pressure the user into purchasing the removal of the virus. There are many reasons the hacker might want you to give them your credit card information and I’m sure you can guess why. Credit card fraud and stolen personal identities are the major reasons. These types of malware come with a variety of names. Some titles include System Tool 2011, Antivirus 2011, Antivirus XP 2011, Windows Emergency System, or other similarly named programs. They can become very pushy or persistent in their mission to get the users attention and in most cases prevent them from removing the infection if at all possible.
If you were tricked into running the file from the website, the real virus was installed and the nightmare begins. You can attempt to remove it with your Anti-virus software if you can even use your computer at this point. In most cases the Trojan takes over your screen and wont let you disable it. It can also disable or even uninstall your real Antivirus software.
Contact me if you have any questions or need help with your computer.
