The fake antivirus attack
31 May 2011
Today, almost everyone use antivirus software to protect themselves. So have virus craftsmen given up? Nah, they’ve just adapted to the environment. A 2009 IC3 report warns that the fake virus scan attack is becoming more popular. It doesn’t surprise me, as I’ve seen it in action a fair number of times. Here’s how the attack works:
Victims reportedly receive ads warning them of the existence of threatening viruses and/or illegal content allegedly found on the victim’s computer. When victims click on the fake pop-ups, malicious code is downloaded onto their computers. Victims are directed to purchase anti-virus software to repair their computers, but in some instances this resulted in viruses, Trojans, or key loggers downloaded onto their computers.
The installed software often disables your legitimate antivirus program, allowing the beastly intruder to run wild on your operating system. When this happens, there are usually just a couple options that remain:
- Install ClamWin Portable on a USB key using an uninfected computer, then scan your computer by inserting the USB key into the infected computer. Just make sure to offload all other files on your USB key to prevent them from getting infected when you insert the USB key into the infected computer.
- Use Microsoft’s in-built System Restore feature if you’re using Windows XP, Vista, or 7. Restore your system to the farthest date in history you can stomach without fear of losing important system changes or files. The restore feature isn’t supposed to affect your workaday files, but don’t count on it.
Of course, you may want help doing either of these things, so consider taking your computer to a technician. If you’re in this situation right now, I wish you good luck.
If it’s not you, be wary that it could be if you’re not vigilant. The options for recovery are not wonderful, so it’s far better to prevent the infection in the first place. Remember, scan every file that comes onto your computer from another computer (whether by USB stick, email, internet download, or instant message) before opening it. No exceptions.
Read more about antivirus
Comment by andy — 2 June 2011 @ 4:38 am
While I understand that your recovery recommendations aren’t meant to be proscriptive, I’d like to make a comment on each of them:
1) Loading ClamWin on a portable USB stick isn’t sufficient for your virus-scanning needs. It is likely that ClamWin won’t find all of the vestiges of virus on a live OS and is also possible that the virus will jump to the USB stick the moment you put it in to the infected OS. A much more complete way is to create a bootable virus-scanning usb stick and boot off of that rather than the infected hard drive. I don’t know of any viruses that can jump from one OS (the one on your Hard Drive) to another (the one on the USB drive) as long as the infected OS isn’t running. I have a multi-boot USB stick based on the very slick YUMI multi-boot USB utility (http://www.pendrivelinux.com/yumi-multiboot-usb-creator/) It walks you through how to create a multi-bootable stick with free virus scan utilities and gives you a menu to decide which one you want into. On mine, I have, among others:
AVG Rescue CD (Antivirus Scanner)
Avira Antivir Rescue CD (Antivirus Scanner)
BitDefender Rescue CD (Antivirus Scanner)
Kaspersky Rescue Disk 10
Having all of them is probably overkill, but booting off of the USB stick is definitely not.
2) Windows recovery does not alter (restore or delete) static files. Your word documents and emails all survive the restore.
Comment by Ian Saxon — 2 June 2011 @ 5:03 am
You’re probably right, Andy. For many tenacious viruses, ClamWin isn’t going to be strong enough sauce. Do you have any suggestions for lightweight, bootable USB software for windows?
I agree that Windows Restore isn’t supposed to touch your files. Still, it makes me nervous.