A friend of mine at work today said she was infected with something yesterday on her home PC and asked for help removing it. I thought it might be a good idea to explain to the world the scam that these Antivirus folks are pulling.
Here’s their game…You visit a website and you see a popup and there is malicious code in their popup that runs in the background… OR it pops up on your machine because some OTHER piece of spyware is already on your PC…You could see something that probably reads like this.
It doesn’t matter if you click OK or Cancel, since it is a pop-up, they have coded both buttons to install the bad guy. The only way out of this is to just close the browser completely…best bet is a CTRL+ALT+DELETE, kill browser.
OK so if you don’t see that pop-up, they have an even trickier way to get you to install their crap…check this out...
Holy crap, you say…It looks like my C: has bad guys, man, I’m infected all over the place! But….please notice….the address bar! It’s a web page you are viewing, not your My Computer. It’s a web page built to LOOK LIKE it is your “My Computer”. They even go so far as to animate the red text areas and show it counting up from 0 infections to 362 infections so it looks like your PC is actually being scanned right in front of your eyes and it is finding bad guys. This is then when the pop-up to clean the system shows…Most people click the OK, POW you’re infected…some people click the Cancel, POW you’re infected. Either way, POW….right in the smooch factory.
OK now on to the real meat and potatoes of this stuff. Once you’re infected, you will probably get some odd shield looking graphic that appears down by your clock…and every once in a while it’ll say “Hey, you’re infected….we need to run the cleaner.” You open the program and wow, wow, wow does it look official. It looks like a real anti-virus program. This image is one derivative of their software, there are many similar looking ones...
Alright, so it’s on your system, it runs and tells you to scan….now what…why do they do this? Well, because the same a-holes that make this program ALSO make the $60 software to clean it. They want you to “register”, and by “register” that means they want you to pay them the $60 to remove it off your machine. It’s the equivalent to me coming to your house, breaking a window, and saying “Hey, I can fix that window for $60…” and you giving me the cash to fix it. Same principal...
OK, so here’s where it gets really scummy. Let’s say you register, you give them the $60, they “remove” their spyware from your machine that they put on in the first place. Well now, ya big dork, the bad guys have your damn credit card number. They sell it to the Chinese or Russians and 3 months from now you end up with a $3000 CC bill for Playstation 3 Mod chips from Istanbul and a tanker boat full of potato chips made from kangaroo ass from New Zealand….neither of which you authorized, ordered, or had delivered to your abode.
If it is the 360 version, a Google search here or there will net results. It will NOT be cleaned by CCleaner, McAfee, Symantic, Norton, AVG, Spybot Search and Destroy… Most of these bad guys wont' be. And I can't offer much here in terms of a fix due to the evolving nature of these infections Best bet is to get clues from the program that is on your machine and Google search that specific program's manual removal steps...most will involve some sort of registry edits.
So if you can get the specifics of the bad guy, Google will result in cleaning options. If it involves you downloading a program or paying $x, it’s BS. Don't fall for this, as it's probably just another version of a similar spyware or malware problem. And for the record, it's "Mal" as in "malicious" not "Mal" as in "Mol". And also for the record, warez is pronounced "ware-s" not "war-ez". Don't pirate, folks!
-Corby-