Warning from Windows Protection Suite! A sample scan of your PC has found 20 potential threats.
“What’s this?” Ashley wondered. “Is this my security software? Do I even have security software?”
She was in a hurry, so she clicked, “Protect Now”. Now, the trouble begins.
This scene is repeated over and over on PCs all over world, thousands of times a day. An official-looking alert pops up. It warns that malware has been detected in the system and in order to remove it, you need to activate an anti-virus program. The alert seems rather convincingly to be coming from the system itself, and Microsoft Windows purportedly recommends this anti-virus program. So, what could go wrong?
Once activated, the anti-virus program seems to remove the malware and proceeds to run a full scan on the system as an extra precaution. Upon further scanning, more malware is detected and the trial version, which is limited in capability, won’t be enough. An upgrade to the full version is recommended at a small price.
Ashley’s PC has been disabled by scareware.
The above situation describes a typical encounter with a rogue anti-virus or security program, which uses scare tactics to push users into purchasing the product. Often, users end up with an incompetent product that does nothing. Turns out that aside from the rogue itself (and the program that downloaded it), the system is otherwise clean. The rogue is just pretending to perform a scan and removing a nonexistent malware.
However, there are instances where the product being “sold” is legit and is quite capable; only the selling method is shady. Usually carried out by affiliate vendors that collect commission for each copy sold, some extreme tactics include corrupting users’ files and to some level, installing an actual malware on the system, just to push users into making the purchase. If a security product is over sold to you in this manner, contact the maker of the product directly. Honest security vendors work hard every day to help eliminate the menace of their malicious imitators.
It is possible that you inadvertently installed the rogue on your system yourself, thinking that you were downloading the free version of a legitimate program. But it is more likely that the rogue is installed by another program such as a trojan-downloader. The trojan-downloader might have infiltrated the system through a drive-by-download method such as hitchhiking with another downloaded program or pretending to be another program that users trusted. For more information about Trojans, check out Alia’s quick and dirty introduction to the malware version of con men.
Removing a rogue could be challenging; some conventional anti-virus program might not be up to the task, perhaps due to the rogue’s non-malware characteristics or stealth techniques. One option is to use a special tool such as the F-Secure Easy Clean. Tools like Easy Clean can handle complex threats that may have escaped your anti-virus program.
If you’re an advanced user, you may want to perform manual removal. You’ll be required to delve into the system to locate and delete everything (files, directories, registry entries) associated with the rogue. Be careful. It’s a challenge.
If an unfamiliar alert suddenly flashes on your screen, do not panic and tuck your credit card away.
Rogues aim to scare you until you submitted to purchasing the product. Stay calm and conduct a Google search on this anti-virus product. If it is a rogue, you’ll find threads from credible sources mentioning about this fact, along with the instruction for removing it from the system.
If you are indeed in the market for a an anti-virus or security product, rely on credible names in the industry. Visit their website to learn more about the vendors and their products. Many vendors including F-Secure provide a free trial of their product or access to free security tools. Take advantage and play around with these resources to figure out which product suits you best.
If you woke up from a ten-year long nap this morning, you might be surprised…
July 26, 2017