This post has been taking shape in my mind for a month or two now, and its writing becomes more pressing every time I visit a customer who ends up with one of these problems.
I'm getting a steady stream of customers coming to me asking for help in cleaning off stubborn infections like this. Recent examples include -
- Internet Security 2010
- Antivirus 2010
- Antimalware Doctor
- AntivirusGT
- Security Tool
The problem usually starts with an email, or a website, or website popup window that puts a message on your screen stating that some sort of action needs to be taken by your antivirus software; for example, a problem has been found and needs to be fixed urgently. The problem is that this is often a picture made to look like a genuine window with buttons to click on and adorned with colourful shields that look just like those used by Windows and popular security packages. These are designed to tempt you to absent-mindedly click your agreement (probably thinking you're helping to protect yourself).
Once you make that first click you are often taking steps to install a replacement for your current security measures, which will then do some or all of the following, and often a lot worse -
- install other malware, viruses or adware
- pretend to scan your computer, report falsely that it has infections
- demand payment to 'upgrade' your protection to a version which can remove the infections (whether real or not)
- slow your pc down
- stop you accessing many administrator features of Windows in case you use them to try to remove the problem software
- disable or divert Windows Security Centre alerts
These infections are increasingly difficult (but thankfully not impossible) to remove, so prevention is better than cure.
So the next time you get a message in a window like this and before you click anything - have a think about the following points -
- is this really a message from my own antivirus, or does the logo look a bit different
- is this just an advert type message in a web browser sidebar or popup window
- is the name or wording a bit different to what you normally see
- go to your current antivirus or security software control panel and see if any problems are reported there too
- if in doubt don't click, close all windows and get your existing software to start a full system scan
- don't install or replace security software without being very sure of its source and where you're downloading from or what the source of the program is
With increasing capability in Windows these programs now often rely on tricking you into clicking something to allow the program to be installed. Don't unwittingly be part of one of these rogue programs getting onto your own machine.
Update 07/11/10 - BBC Click has recently covered the same issue
For help removing one of these problem programs, for preventative advice, or help installing better security protection contact Addingham IT.