John says that Microsoft Security Essentials let him down!
In the middle of trawling though some websites on Google in search of an article, my screen was suddenly taken over by a glaring warning that my computer was in danger of being taken over by “Trojan-BNK.Win32.Keylogger.gen”. I was then informed, quite bluntly in fact, that the only solution lay in downloading and installing XP Antivirus 2012 – FOR $70 . Only then would this Trojan threat be removed. Yet I had Microsoft Security Essentials installed, as you have recommended, and it should have been on guard! Why did it not pick this Trojan up and eliminate it FREE OF CHARGE?
I seemed to have no choice. My computer was effectively locked up, rendered useless unless I paid up. I feel as though I have been taken for a $70 scam. What is the story here please? Has any other subscriber to Cloudeight experienced this? I have great confidence in your knowledge and capacity to make complex things clearer so I am hoping you will help me understand what was at work here. Thank you for being there for us all. John H.
Our answer
Thank you for your nice comments, John. We’re sorry to tell you that you are yet another victim of scareware (a rogue security program). You should immediately call your credit card company and report this – and get your money back. You’re dealing with criminals so you might want to keep on the lookout for fraudulent charges on your credit card.
Almost everyone we know (including both of us) have confronted rogue security programs, also called “scareware”. The reason that Microsoft Security Essentials didn’t detect the Trojan is because it didn’t exist in the first place. If EB and I would have visited that same poisoned site that you did, we’d have received that exact same warning. And so would the next 10,000 visitors. All of us would have been “infected” with a non-existent Trojan.
A lot of people are fooled by these scareware attacks. They are created by highly skilled programmers and graphic artists – the warnings and dialogs all look like they’re coming from your Windows computer. And once you encounter a rogue security program, you’re in for a rough ride even if you recognize it for what it is. You cannot close the dialogs or the download by clicking the “X” or “cancel” or “close” – you may not even be able to close your browser except by accessing Task Manager, going into “Processes” and ending the process tree of the browser’s executable. If you don’t close your browser fast enough, the rogue will be downloaded, your security programs may be disabled, and your screen will be covered with huge dialog from the rogue – and you can’t access anything on your computer until you click “Buy Now”. You did and you’re out $70 unless you call your credit card company and tell them you’ve been a victim of rogue security software / scareware.
And if you leave the rogue security program you bought on your computer – you’re in danger of having information on your computer gleaned and sent to the criminals you purchased the rogue from. It may only be your browsing data, or it may be email addresses, or it may be even more sensitive information. You not only paid $70 for a worthless program, you paid $70 for what is most likely spyware, malware, and/or adware.
Rogue / Scareware is easy to recognize if you keep your head and you know what to look for. For instance, how in the world would a web site know your computer was infected just a few seconds after visiting that page? Did they scan your computer without your permission – no. It takes several minutes – most of the time even longer to scan your hard drive, and a web site can’t do that – not without you knowing. The first clue that you’ve encounter scareware / rogue is when you visit a site and you get a warning that your computer is infected with a Trojan or some other nasty malware. It’s a scam. You need to close your browser pronto and get away from that site as quickly as possible. Your computer can become infected by the rogue in less than a minute – so the key to staying out of trouble is to close your browser immediately. If you can’t use the “X” at the top-right corner of your browser during the attack, right-click on an empty space on your taskbar and open Task Manager, click the Processes Tab, find your browser’s exe (firefox.exe for Firefox; iexplore.exe for Internet Explorer; chrome.exe for Google Chrome), right-click on it, and choose “End process tree” – you’ll get a Windows warning but it’s all right , go ahead and click “OK” to terminate the process. If you can’t even access Task Manager, the best thing to do is shut your computer off at the power switch. That will close everything and stop the scareware attack – but only if you do it quickly. If you don’t, no matter what you do, your computer is infected and if it is, your screen will be covered with a huge dialog from the rogue that will cover your taskbar and you won’t easily be able to access any programs or functions until you pay the ransom.
If you find you couldn’t close your browser down fast enough, don’t panic. You can still make it like it never even happened. See this article we wrote a couple months ago.
MSE didn’t necessarily let you down. Most security programs don’t detect rogue security programs – because they mimic regular Windows programs – they don’t mimic viruses, Trojans, spyware or other malicious software. Also many rogues will actually turn your security software off. And even if some security software recognized some rogues – it wouldn’t recognized them all because there are dozens of new ones popping up every day.
Thank you very much for that explanation. My confidence in you is well founded. Once the emergency was sorted, to a degree, I went in search of explanations elsewhere and think I managed to get rid of any lingering traces of the bl**dy thing. I also contacted my card company, filed a rte[port and they cancelled my card. A new one will be delivered soon.
It is a pity all that the wonderful investigative and tracking computing tricks we watch on TV shows like NCSI-LA, CSI and others don’t exist to track down and squash these rogue “highly skilled programmers and graphic artists’ you mentioned.
But thank you again for your very clear explanation of what happened. John
So guys, exactly WHERE is this article. Your link goes only to your own site and another copy of this page. On behalf of all scareware victimes, Iwould like to read that article and find out what to do when you aren’t fast enough to close the process tree. Thanks for being the Very Best Site on the Web!
https://thundercloud.net/infoave/new/?p=2260
Yep – same thing happened to me. I wanted to read that article as well.
I have been extremely successful in ridding all of my friend’s computers of scareware using Malwarebytes and several other tools I’ve gleaned off the internet. I get calls daily!!! I understand there have been some arrests involving this whole operation – so maybe this problem is finally coming to an end…
The problem is – most of these attacks don’t come from the USA – many are off-shore operations or they are located in countries who are either backward or don’t really care.
I’m like Patricia. the links “https://thundercloud.net/infoave/new/?p=2260″in the above article takes me no where.. just to CE website and when i click on “Enter web site” brings me back to John’s article/answer above.
As I understand it – the arrests have been worldwide.
There are over 5000 kinds of scareware at least. These companies come and go so quickly – counting on the police to stop it is like counting on the police to stop murders in Detroit. You’d be far better off to not count on news reports about these “arrests” worldwide. Countries like Romania, North Korea, and others don’t care how people make money as long as they cough up their share to the government. For every one easy catch, the police miss thousands.
Again, the responsibility does not rest with software or the police – it rests with you. To make an issue of the police capturing some of these criminals is putting your faith in a fairy tale. Scareware/Rogues are the biggest threat you face on the Internet right now. You’re much more likely to see these as you are ever to see a virus.
We will continue to take responsibility for our own safety – and we urge everyone else to do so as well – through education, software and most of all – common sense.
I have the Microsoft Security Essentials on my computer. They had another program before this, and I’ve never had a problem. But I do know it has happened to me that all of a sudden a program comes on wanting to scanned my computer and I know it isn’t Microsoft, so I shut my computer down right away. Then when I put my computer back on I go into Microsoft and have them scan it, and it always comes up with nothing. So then I know something was trying to take over my computer. When they scam outfits come on and want to scam it won’t take “no,” for an answer you have to push an “okay,” button. That’s when I just go down to the “Start,” button and push turn off computer. The thing is these scam outfits make the scan look so official as though it’s Microsoft. Also if you do have a Trojan a little box from Microsoft will pop up in the right hand corner of your screen, and you push on it and it will take you right into your Microsoft Security Essentials screen. You just have to learn to distinguish who is real or who is a scam.
I was also looking high and low to get this article and finally found it:
https://thundercloud.net/infoave/new/?p=2265 this is the article people are after….
Cheers π
Both links given return us to the same page and not the older article.
This is another case for Reimage. IF you are hit with this “bug” and you can’t shut your computer off fast enough, Reimage will help fix it. They had to go into the registry by remote for me on that one. It really mucked up the system something fierce because my son in law didn’t know enough to shut ‘er down quick.
I haven’t tried image searching through Bing yet but Google is being hit hard with that rogue.
Thanks SO much for the push on Reimage – they’re super people and well worth the investment.