Another Rogue Strikes Again!

By | February 11, 2012

Sally was attacked by an online virus scanner and couldn’t get away.
I want to thank you for everything you do and for providing common sense, plain English answers to our computer questions.

Recently I was browsing the Web and suddenly a window appeared saying I was infected with something. But it wasn’t my AVAST it was something else.  I tried using the F4 key to close the window but it wouldn’t let me, it said something about if I close this window I might damage my computer. So, thanks to your newsletter I knew better than to click “Close” on that box. I had no choice but to shut down my computer by turning it off using the power button. Luckily when I turned my computer back on, everything was normal. Afterwards I scanned my computer with Avast andSuperAntiSpyware but found nothing. What happened? Thanks!

Our Answer
Hi Sally – thanks for your nice comments. Rogues are the most common form of malicious attack you’re likely to encounter these days. You’re much more likely to encounter a rogue as you are a virus. You cannot F4 yourself out of this one.  But you did very well in not clicking any “Close” buttons or in trying to close these windows by clicking the “X” in the top-right corner. You would have ended up installing VirusDoctor – a rogue, malicious program most likely another AntiVirus2011 clone from the world of rogue security software.

Here’s a tip for you the next time you find yourself in a similar situation. If the ALT+F4 key combination does not work, don’t panic.

  • Calmly right-click on an empty place on your taskbar and right-click it. Select Task Manager.
  • When Task Manager opens, click the Processes tab and locate your Brower’s exe file. Internet Explorer is called iexplore.exe and Firefox is called firefox.exe.
  • Right-click on the browser’s exe and choose “End process tree”. Ignore the warning and proceed. This will close your browser immediately regardless of whatever tricks the site may be playing.
  • If you have more than one instance of your browser running you may have to individually close each instance. Simply repeat the steps above.
  • If all else fails – turn your computer off at the switch.

For the benefit of those who’ve not had the misfortune to encounter these kinds of rogues, here are some screen shots we created when we intentionally went out and tried find one for you. We found it and we allowed it to begin its attack on our computer. We’re nuts, I know. But this will help you recognize a scam when you see it — and this, friends, is a blatant scam and a violation of your computer. This is a crime.

Cloudeight InfoAve
Fig 1.  “System Security” sounds like it’s a Windows function. It is not. It’s a deception. Do not click the “X” and do not click “OK”. Press ALT+F4. If ALT+F4 does not work, follow the steps outlined below.

Cloudeight InfoAve
Fig 2. Tricky, tricky, tricky. See how it looks like your own computer. It’s not. We did this on Vista on a computer with 4 hard drives. This is just a clever reproduction that could be anyone’s Windows XP computer. It couldn’t be a Vista or Windows 7 computer. Look at the folders and look at the name “My Documents”. On Vista and Windows 7 “My Documents” are called “Documents”. Again, never click the “X” or “OK” or “Cancel” , if you do you’re going the installation will start. Never click anything on these kinds of pages. Use ALT+F4. If that fails to close the browser use Task Manager to end the process and terminate your browsing session.

Cloudeight InfoAve Premum
Fig 3. Kind of hard to see this? Click on the picture to see the full-size image. Note our computer is “infected”. Why? Every computer is infected because this is just an graphic, everyone who gets caught in this trap sees the same picture. It’s used to scare unwitting users into downloading malware. Not only that, they’ll want you to pay to “clean” your computer. Can you say “scam”? We were using Windows Vista when we took this screen shot. Notice the graphic still showing a Windows XP computer. It can’t be a Windows 7 or Windows computer – but if you’re not paying attention you might THINK it is your computer – even if you are using Vista or Windows 7.

So there you have it. These kinds of scummy tricks go on every day on the Web. If you haven’t seen one yet, just wait, you probably will. But, now you know what to do. If ever the ALT+F4 key combination doesn’t work, don’t panic, don’t turn your computer off at the switch, use Task Manager to shut down your browser. If you can’t find it in Task Manager – then shut down your computer at the switch. It’s been than dealing with the damage installing one of these rogues can cause.

6 thoughts on “Another Rogue Strikes Again!

  1. Juel Hilton

    Many thanks,great advise, scares me silly these rogues, why can’t they put their brains to better use.
    Juel

    Reply
  2. A_Hippy_Hillbillie

    Wonderful information TC&EB, thank you!

    Juel, this is what warped deviant so-called brains are; [d]evil cover the [d] and what do you
    see?

    Reply
  3. Shirley

    Unfortunately I have a Rogue attack in my system since Jan 1st which started scanning right away.I sure wish I had this great tip before it happened.It turned my virus protection off and firewall off.I have no idea how to get rid of it other then have someone reformat for me.I am using Hubby’s system now.

    Reply
  4. Ann Hopper

    Unfortunately, I found out firsthand what these rogues can do to your computer. I was on (site name deleted) when it popped up saying I had several viruses and should clean my system. What really bothers me is that I know better, but clicked on it anyway. It took over and I could do nothing to get rid of it. I knew that Staples could remove these things from computers so I took it to them and they did get rid of it for me. This normally costs $199.00, but they were having a special and did it for $99.00. I’m going to be very,very careful not to click on anything any more.
    I wish there was a way to find out who does these things and to stop them.

    Reply
    1. infoave Post author

      We could have cleaned that off your computer for less than half that much in less than half that time. There was no reason to mention the site here – I removed it. I happen to know that you didn’t get that popup from that site — that popup requires a special kind of script page to be running and that site does not run that kind of script. Let’s keep our comments honest – and let’s not use them to denigrate others…ok?

      We’ve posted at least six articles on how to deal with them. Ultimately it’s your responsibility to understand that Windows does not launch popup windows telling you you’re infected — no legitimate site will do that either. So if you see any sort of popup that says your computer is infected — they it’s a scam. You have several options – the safest and quickest and surest way is to simply shut your computer down at the switch. If you do that you disconnect everything and you don’t get infected. If you click anything on those popups – if you click “No Thanks”, “Cancel” or the X in the top-right-hand corner – it’s the same as clicking “Download now”.

      There are other ways to get out of that kind of attack – like using task manager to end the browser process. Normally the Alt+F4 combo doesn’t work on some of those rogue attacks.

      Shutting down your computer at the switch isn’t going to ruin you computer as long as you don’t do it all the time.

      Reply
  5. Ann Hopper

    I was not trying to denigrate anyone and I was being honest. I was on that site when it happened, but i also had another site open at the same time. It must have come from that one. I happen to love that site and spend a lot of time there and trust it completely. I was just being truthful. As I said, I’ve read all your articles about that happening, but I must have been having a senior moment and forgot everything I learned. I could not have contacted you for help, because it wouldn’t let me do anything with my computer.
    I apologize for giving the wrong impression. I was not trying to blame anything on that site…just being truthful about where I was when it happened.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *