Fake Anti-Virus -- RED ALERT!!!!

Greetings readers! I wanted to alert the world to something that we've been seeing a whole lot of since around 2008. Its called "Rogue Security". Essentially, something pops up saying "You may be infected click here to fix it!" As Admiral Ackbar would say "Its a Trap!"

Needless to say, these Rogue security products have made their way into probably about 70% of the computers I see. At least once. With an average of 3 computers a day, thats 2 out of 3 have had some sort of Rogue Security program on them.

Where do they come from? They come from places like Facebook and twitter. Places that have large amounts of people that mostly don't know what not to click on.

Most of the time, they look a lot like the image to the left. Over the years, they've begun to spread into things like the "Master Boot Record". Because of this, they can reinfect the system everytime the operating system is booted. This causes a lot of issues for people trying to remove them while running Windows.

Its in these cases, that its usually a time to call in the pros. Geek Squad being my company, has a lot of experience doing these, and on-site can usually remove them within 2 hours. We use a company-created utility that lets us load the operating system off of our disc, which then eliminates the virus's capability to re-initiate itself, and gives us the capability of removing it. For do-it-your-selfers, there are similar programs called Bart PE, or Linux "Live CD" that allow you to go around the installed OS. Wiping the HDD will sometimes NOT yield results, as its in the boot file.

As the last image shows, sometimes they hijack the DNS connection, and will redirect websites, that look 100% legitimate, to their own nefarious sites. This can sometimes include sites like google, or hijacked search results. Sometimes it can show sites in the search results that lead you towards installing their full program. Or just paying for it with a credit card.

I urge EVERYONE not to do this, ever. I've personally gotten an infection in the past, and found one freebie AV software that can actually take out a Master Boot Record infection. Dr Web Cureit

Because its free, its also fairly limited, and not updated nearly as much as paid antivirus software such as Webroot AntiVirus, which is actually "Sophos", one of the leaders in virus detection. I've found this software to be one of the most trustworthy on the planet, and it definitely detects more than most other companies. There are others though, Trend Micro for instance which has something called "Titanium", and is designed to be least intrusive for the consumer. It doesn't slow down the computer nearly as much as other products, and has a fairly high detection rate.

Needless to say, failure to have any anti-virus, is the worst defense ever. Most viruses have a goal of hijacking your system, without you knowing it. Sometimes they will just wait for you to login to websites, and steal your logins. These are typically called "Spyware", and can manifest themselves MONTHS if not YEARS after they've been downloaded. "Worms" are also another type of malware and can lay dormant until the creator cares to activate them. They typically infest parts of the programs on the victim's computer, and you won't even know you're running them until its too late.

So don't skimp on security software. Even if its the free stuff like Dr Web, or AVG, you want to run scans at least once a week to be safe. If you want better detection, support, etc., look into paid anti-virus software. Webroot and Trend Micro are my recommendations, but you could also look towards Norton, or Kaspersky.

Just remember, if something on a website can "detect" that you may be infected, or wants you to "Find and Fix" registry errors. You probably already have an infection, and want to run a full scan with the software YOU have.