East Valley Tribune

December 26, 2011 | 12:54 pm
East Valley Tribune Facebook East Valley Tribune Twitter East Valley Tribune Mobile Version East Valley Tribune Facebook

Tips for sidestepping fake security pop-ups

Print
Font Size:
Default font size
Larger font size

Ken Colburn is president of Data Doctors Computer Services and host of the Data Doctors Radio Program, noon Saturdays on KTAR 92.3 FM or at www.datadoctors.com/radio. Readers may send questions to evtrib@datadoctors.com.

Posted: Monday, December 19, 2011 11:42 am

Q: I was told that when a fake warning pops up on my screen that if I click on the X to close it, I will get infected. Is this true? - Tony

A: Rogue software that pops up a warning that ‘your computer is infected' has become one of the biggest problems on the Internet. We have even started to see this scam aimed at Mac users, so this is not a Windows specific problem anymore.

This form of scamming people started popping up in 2005 and has evolved into one of the more difficult attacks to undo.

This type of attack can hit you from just about any corner of the Internet: e-mail, social media, instant messages, download sites and even if you Google search fast breaking news items or salacious images.

The more you or someone in your home or business engages in sketchy activities online, the more likely you will run into this scourge.

Since it isn't an actual virus, your antivirus program will do little to stop the fake warnings, which is why it's really important that you know what to do when you are confronted by one of these malicious pop-ups.

In virtually every case, they are trying to trick you into buying "the solution" to the incessant pop-ups and repeated warnings, which you never want to do. Not only will buying "the solution" not fix the problem, you will have given up your credit card information to criminals (if you fall for this scam, contact your credit card provider immediately to have your card numbers changed).

Most of the pop-up windows will have a "Cancel" button and something that looks like the X that allows you to close a window, both of which are not what they appear to be.

Most of these scam pop-ups are setup so that if you click on ANYTHING, you will essentially tell your computer to start installing the rogue program deep inside your computer's operating system (often including a root kit to take over control of your computer).

The early versions of this scam could be shut down by clicking on the X, but not anymore. The bad guys updated their code to take advantage of this natural user behavior and to exploit the early advice given by experts to click the X instead of the Cancel button.

To make things worse, the rogue programmers will often include code to disable your security software and block access to the Internet so you can't download tools that would allow you to clean the malware off your computer.

As of this writing, the best thing to do when you are confronted with a rogue pop-up is to terminate the session with the Task Manager in Windows or Force Quit in the Mac OS.

The Windows Task Manager can be launched by hitting Crtl+Alt+Del which should show you a list of running applications. Locate the pop-up window in the list, highlight it and then hit the "End Task" button.

Mac users can hit Command+Option+Esc to launch the Force Quit window. Highlight the rogue browser pop-up in the list and click the "Force Quit" button.

We've posted a video to show you the process in both platforms on our YouTube Channel if you prefer visual instructions: http://youtu.be/LP09QSwKE5Y .

If you fall victim to any of today's fake security scams, unfortunately, the steps for getting the malware off your computer will vary widely based on which of the thousands of programs circling the Internet hit you.

In most cases, you will need to boot from a clean boot device that contains the proper cleanup tools needed for the specific infection that hit you and lots of time to manually clean and/or reconstruct the Registry (Windows users).

If you don't understand what I just wrote, you should consult a tech savvy friend or a professional so that the malware is properly removed and any associated damage is repaired.

• Ken Colburn is president of Data Doctors Computer Services and host of the Data Doctors Radio Program, noon Saturdays on KTAR 92.3 FM or at www.datadoctors.com/radio. Readers may send questions to evtrib@datadoctors.com.

 

 

More about

More about

  • Discuss

Welcome to the discussion.

2 comments:

  • Squirrel posted at 5:43 am on Tue, Dec 20, 2011.

    Squirrel Posts: 2

    It takes nine paragraphs before it is referred to by its proper and long-established name, "malware." And then appears as if it's a term coined by the author. That could explain the curious absence of any reference to, "malwarebytes."

    The first call concerning a malware infection should go directly to the users Internet Service Provider. For the outrageous price subscribers pay today for their service, ISP's should be able to offer some semblance of software and/or a solution. In other words, actually providing, "service." We should also question why malware so easily bypasses any form of security provided by the ISP. That word again: "service."

    The lack of any viable solutions in the article is understandable considering the source. At worst, the system needs a low-level format followed by the installation of malware protection. Which, by the way, does exist.

     
  • sbwertz posted at 7:58 am on Tue, Dec 20, 2011.

    sbwertz Posts: 1

    This is a well written explanation of how to avoid this malware.

    I have had to remove several of these programs recently. Malwarebytes is probably the best tool, but you have to use several other programs as well, including rkill.exe. Most require the use of at least two other tools besides the malwarebytes. Also, many of the trojans will disable malwarebytes if it is on the computer, so you have to boot into safe mode with networking and reinstall malwarebytes. (sometimes it deletes the MBAM.EXE or other componants files from the malwarebytes folder and you have to put it back in manually).

    If the system is not totally frozen by the trojan, you can run rkill to stop the running processes. (The malware usually disables task manager). Then you can install and run malwarebytes. If all the files have disappeared from the folders, you have to run UNHIDE.exe as well. I would recommend keeping a flash drive with malwarebytes, rkill, and unhide as a safety net.

     

Rules of Conduct

Welcome!
|
Ken Colburn
  • Ken Colburn
  • E-mail: evtrib@datadoctors.com
  • Ken Colburn is president of Data Doctors Computer Services and host of the Data Doctors Radio Program, noon Saturdays on KTAR 92.3 FM or at www.datadoctors.com/radio