There’s a change taking place on the Internet – and it has nothing to do with the exodus to the Cloud. It is darker and more sinister than that. As those of us using the Internet become smarter, as security software becomes increasingly more sophisticated, as more and more of us take the time to learn about the important, yet strange world of the Internet — those who would try to trick us have had to come up with new ways to do it.
It used to be that criminals and greedy companies without scruples could make a flashy smiley program – or another seemingly useful free program – and entice us to download it simply by putting a FREE sign up. But as the Web is maturing, so are those who use it. Companies like FunWebProducts are seeing fewer and fewer downloads – they now rely on brand new users for victims. Those who have been on the Web a few years are wiser – more suspicious, and they have learned too well the true price of free.
So what are criminals and greedy companies without morals to do? They have found a new way to surprise and trick the unsuspecting. It’s called scareware by some – and rogue security software by others. Almost every one of us would be concerned if we were browsing the Web and suddenly we are confronted with a message that looks like it’s coming from our own computer or our own security programs saying we are infected with a terrible Trojan or virus or some other malicious software program. And what’s the typical reaction? Exactly. Panic. And the criminals know this. How many of us really think when we panic? Not many. Panic induces reaction – not thoughtful action.
The most ubiquitous threat you face on the Internet today is not spyware, viruses, Trojans or adware, it’s scareware. We’ve encountered it, our children have encountered it, many of you have encountered it, and if you haven’t encountered it yet, if you do much Web browsing, you’ll encounter it.
But if you’re prepared and you understand the nature of scareware – which should be called panicware actually – the less likely you’ll panic when you encounter it. So here are some tips to help you should you encounter panicware/scareware/rogue security software.
1. NEVER ASSUME
Never assume that any warning that suddenly appears on your screen is valid. Always assume it’s scareware. Take your time and look at the warning. If it is a genuine warning from your security software the name of your security software – like Microsoft Security Essentials, SUPERAntiSpyware, Avast, etc – will be displayed on that dialog. Some scareware/rogues use Windows-sounding names like Windows AntiVirus 2011 or XP AntiVirus 2010. Those won’t be the names of any security software you are using. Those are rogues. So your first reaction when a warning suddenly and unexpectedly appears warning that your computer is infected should be skepticism – not panic. Remain calm and do not panic. It’s your computer we’re talking about – not your heart, OK? You first thought should be it’s a hoax – it’s “scareware!”, your initial reaction should not be “Oh my goodness, I’m infected!” Panic never leads to good things. Don’t panic.
2. NEVER CLICK WITHOUT THINKING
Most rogues will display wording like “Your computer is infected with __________ (fill in the blank with some realistic, malicious-sounding name). Click the Scan button to scan your computer now. Don’t click. Think. Don’t click anything. Don’t click the “x” in the top right corner. Don’t click “No Thanks!” Don’t click “Continue without scanning”. Don’t click “Click here to remove this threat”. Don’t click anything. Shut down your browser, and if you can’t, open Task Manager by right-clicking on an empty space in your toolbar and choosing Task Manger from the menu. Click the “Processes” tab and find the browser’s process. If it’s Internet Explorer it will be iexplore.exe. If it’s Firefox it will be firefox.exe. If it’s Chrome it will be chrome.exe. Right-click on your browser’s process (or any one of them if there are more than one) and choose “End process tree” – ignore the warning Windows gives you about losing data. If the browser window with the scareware/rogue in it does not close, there must be another browser process running, right-click it and end its process tree. If you cannot access Task Manager or you can’t shut down your browser any other way, use the power switch on your computer to shut down Windows. Shutting down Windows will close everything – including all browser windows. But it’s a lot easier to restart Windows than it is to get rid of scareware/rogue security software.
3. DON’T PANIC TWICE
If the worst happens and you do panic, don’t panic twice. Panicking twice will only cause more problems and might cost you money. Scareware/Rogues offer to clean and fix your computer – ridding it of those imaginary Trojans and malicious files it said you were infected with – but never really were. Don’t fall for that ruse. Don’t panic twice. Think and follow these simple instructions:
Shut your computer down using the power switch (It’s OK it’s not going to kill your computer like it used to with Windows 95/98)
Boot into Safe Mode by tapping the F8 key continuously while Windows is booting. Choose Safe Mode with command prompt.
When Safe Mode with command prompt has loaded, you’ll be staring at a black screen. You’ll see a C:\ prompt. It may say C:\Widnows or something else. You’ll see a flashing cursor.
At the cursor type RSTRUI.EXE and press the enter key.
Go grab some coffee and wait while Safe Mode loads the System Restore User Interface. When it appears find a restore point from the previous day – before the scareware attack, and restore your computer using that restore point. The scareware will be gone and your computer will be back to the way it was before the attack. It will be as if it never even happen.
The more you know, the safer you are. Remember the panic can trump your knowledge. Don’t panic. Think!
Thank you so much: We are quite inexperienced with viruses etc: We will certainly follow your instructions
We apprecieate any assistance you can give us:
You mean ‘Safe mode with command prompt’ don’t you? Safe mode with networking gets you a desktop with internet access.
You’re correct – Safe Mode with command prompt. We’ve changed the article — Safe Mode with command prompt doesn’t load network drivers and so there is no networking available in that mode – which is what you want in that case.
Oops, I misread. You said “without networking” but is that right?
This is exactly the reason I do all my work on the web while in a sandbox. Anything nefarious that I might run into while in the sandbox, can be literally flushed when I exit the box. Currently I an using the FREE version of Sandboxie.
I don’t think there is any reason to do all of your word in a sandbox. Common sense, a little forethought, and some searching can usually provide safety – along with a good antispyware & antivirus. I found sandboxie a little rudimentary. If you like it, by all means use it.