Internet Scare Wear Solution

[Colin Leake]

Scare ware is a term that has been coined of late to describe a new and rapidly developing hazard that is effecting many internet users. Those who develop it are some or the cleverest computer programmers in the World and use some of the most powerful computers in the Word. It's implications should never be underestimated. The information that follows comes from my son who is the Computer System Architect for one of the largest international banks in the world. If you are thinking you will not be attacked because your computer has protection from the likes of Norton or McAffe think again. My computer has a high degree of protection and you can imagine the degree of protection his has. Despite this we have both been attacked severial times and the last two attacks took between 6 and 8 hours to deal with. He has also had six of his staff attacked as well, all of whom are highly skilled computer experts.

 

When it first made an appearance it simply looked like a very convincing official message telling you that you had a problem with you computer and telling you to log on to fix it. Once you did so you were hooked and would then be told you need to buy software to fix the problem. The advice to avoid this early version was simply to ignore it and most definatly not click onto any part of it. Simply ignore it and carry on using your computer as normal as you do not have a problem.

 

With the latest version things have moved on. What they now do is to block all of the programs you would normally use such as email, and word etc. and tell you that your computer hard disc is not responding, your memory is corrupted etc. None of this is true but because you can't access programs it certainly looks as if they are. If this happens there are three golden rules. Firstly do not click on anything or any buttons, they may well not do what you expect! Secondly don't agree to pay for anything. They may or may not fix the problem for you but even if they do they will leave elements in your computer that can be utilized later. Also payment would need to be by credit or debit card and believe me these are not the sort of people you should be sending those details to! Thirdly don't assume your computer is knackered and dash out and buy a new one. There is almost certainly nothing wrong with it.

 

So on the face of it you would seem to be up a gum tree as it were with a computer that is useless. Fortunately the one thing they can't block is your access to the internet since they need this to make it possible for their scheme to work and this will allow you access to some tools that will enable to to restore your computer, comprehensively get rid off all malware bugs and provide some protection against the problem coming back.

 

Use a search engine to log on to the following two web sites. Malwarebytes' and Spybot. These sites are both registered as charities but they receive most of their backing from commercial operations who have vested interests in protecting the integrity of the web. Both are free but you will be invited to make a contribution to their running expenses when you log on. If you do you may be sure they are secure and safe. They are manned full time by experts devoted to countering the problem and are constantly being updated. The whole process is going to take 6 to 8 hours but for much of this time you can just leave the computer to get on with.

 

Down load both into you computer and install them following their step by step instructions. Use the Malwarebytes' site first and select the quick scan option. This will take about one hour so you can take time off for a cup of tea. When this process is completed it will either automatically delete what it has found or tell you and ask you to select an option to do so I can't remember which. You should now find your computer is operating as normal but you will not have completely sanitized it at this point so you need to keep going.

 

Come out of this programme and go into Spybot. This has severial options but the first one you need is the one that enables to to build a wall to prevent any new incoming attack that may take place whilst you are attacking the remains of the malware on your computer. Whilst it does this you will see it graphically building a brick wall! This will take about one hour or may be a little less. Once you have done this the next step is to tell it do do a full search. This will take around two hours and it will find any problems that the original quick search failed to find and list them for you. You can then elect to deal with these. This is quite a quick process at the end of which it will show what problems it has been able to deal with. It will also tell you that some could not be dealt with because they were attached to files you were using. Now you need to do a restart on your computer and open only Spybot. Next tell it to perform a full search and destroy. Two hours later you will have a computer that has been fully sanitized and is well protected by the new wall you have built.

 

The threat is constantly evolving and if you want to maintain the best possible protection for you computer you will need to log on to Spybot and download the latest updates and rebuild the wall at least once a week. Takes about an hour but remember once you have set the process in motion you don't have to stay watching the computer. Just to put your mind at rest both these sites are very safe and in case they should remove anything they should not have done in error they hold what they have removed in tempory files.

 

What can you do to protect your computer. Using Spybot to build and maintain a wall is the best option but if you don't want to go that far then the best advice we have at the moment is to use Microsoft Internet Explorer 8 as your browser. One its many advantages is that it has an Anti-Malware function built in that is updated every 24 hours. It's not yet fullproof but it will greatly improve your chances and is getting better all the time.

 

Finally you may feel the need to call in outside help if the problem strikes but remember that because of the time it takes that may be expensive and it is perfectly possible to carry out the work yourself. If you do take this route I suggest you show them this as many may not know how to cure the problem. I know of one case where a consultant effectively gave up and recommended buying a new computer.

 

I hope if not alarmed to many and that you don't come across the problem but at least you now know that all is not lost and how to deal with it.

 

[spospe]

Excellent post Colin.

 

I have recently had one of these 'scareware' attacks and my advice is to firstly close your browser and secondly re-boot the PC.

 

Do not 'click' on anything other than the browser close button and those steps needed to re-boot.

 

I agree about having Spybot and Malwarebyte installed on the PC and in addition would also suggest adding Spyware Blaster (also free).

[Bulletguy]

Colin Leake - 2010-11-22 4:35 PM

 

Scare ware is a term that has been coined of late to describe a new and rapidly developing hazard that is effecting many internet users. Those who develop it are some or the cleverest computer programmers in the World.....we have both been attacked several times and the last two attacks took between 6 and 8 hours to deal with.

 

When it first made an appearance it simply looked like a very convincing official message telling you that you had a problem with you computer and telling you to log on to fix it. Once you did so you were hooked and would then be told you need to buy software to fix the problem.

 

Blimey.......not so sure about 'scareware' Colin but you certainly know how to install 'exhaustion wear'!

 

As for taking 6-8 hours to sort out......why bother? Whats all the fuss about?

 

These viruses/malware progs are nothing new at all and anyone using the internet is fair game for getting hit no matter what fancy anti this 'n that AV progs they have installed to 'protect' their pc. I was hit myself with a daft Google redirect virus which basically began to shut my pc down. I've also been hit by the fake Antivr scanner which is designed to look like the real thing, but isn't.

 

The answer is quite simple really. I run a small (80gb) C drive which I use only for windows and programmes, anything I want to keep I transfer over to one of two other much larger drives.

 

Any serious virus infection I just simply reformat the C drive and get rid straight away. As it's only an 80gb drive I can do a total reformat with Windows back up and running in less than a couple of hours. I'm certainly not going to bother messing around for half a day trying to sort out some silly virus.

 

 

 

 

[Guest pelmetman]

Am I right in thinking that these virus's enter via emails :-S

[spospe]

The ones being mentioned here are not virus at all, they are hijackers that get onto your system via browsing a dodgy website.

[Guest pelmetman]

How do you tell if its a dodgy website 8-)

[Guest peter]

pelmetman - 2010-11-22 7:33 PM

 

How do you tell if its a dodgy website 8-)

It's one where, if your wife caught you looking at it , she would probably throw a wobbly. If you get my drift. :->

[Guest Tracker]

Thanks for the info Colin.

In my humble view, the better informed we are the better chance we have of staying safe and I for one appreciate the time that you took to offer advice. Thanks again.

 

PS I already have Spybot, Malwarebytes and Spyware Blaster!

[Guest pelmetman]

peter - 2010-11-22 9:04 PM

It's one where, if your wife caught you looking at it , she would probably throw a wobbly. If you get my drift. :->

 

You mean like outandaboutlive (lol) (lol)

[Bulletguy]

spospe - 2010-11-22 7:27 PM

 

The ones being mentioned here are not virus at all, they are hijackers that get onto your system via browsing a dodgy website.

Not necessarily true about 'dodgy' websites.

 

They choose any site at random to latch their rubbish to. At the time I got the fake Antivr I was browsing through an international property website. So contrary to popular belief it's not only porn sites where you may get hit.....you can get hit on any site and it's important to remember that.

 

Quite who and why they do it and exactly what they want to achieve other than screwing up peoples pc's is quite beyond me.

 

 

 

 

[Guest JudgeMental]

what about "superantispyware" is that any good as I use to use spybot but changed to this for some reason a while back :-S

 

or should I uninstall it, and stick spybot and Malwarebytes on - I am not very techhy but a t least have the common sense to delete everything at all suspicious if its the bank they can write to me, they make enough out of me.......:-S

[Bulletguy]

JudgeMental - 2010-11-23 6:14 AM

 

what about "superantispyware" is that any good as I use to use spybot but changed to this for some reason a while back :-S

 

or should I uninstall it, and stick spybot and Malwarebytes on - I am not very techhy but a t least have the common sense to delete everything at all suspicious if its the bank they can write to me, they make enough out of me.......:-S

 

Judge

 

At the time I got hit I had Malwarebytes and AVG. AVG isn't really much good and have since installed Zone Alarm which can be a bit of a pain at times but is far better than AVG.

 

Forget your 'super blasters' and all the other daft stuff. The bottom line is by far the best, and quickest, is to reformat as soon as possible. Using a small C drive simplifies this in that it won't take you long to do. Of course if you don't have the original OS software you are pretty much stuck!

 

Another useful tip is to remember to keep all passwords, id names to sites, banking details etc in MS Word on a CD ready to stick back in.

 

Reformatting may seem a bit overkill but it has it's benefits, one of which is it clears out a lot of useless crap you didn't know was there!

 

 

[Colin Leake]

Re formatting or rebuilding your computer will work just fine if you have a spare hard drive and all your original driver and soft ware discs and passcodes etc to hand. However this is not always a quick and simple process. For instance the contour maps used by the Garmin gps systems used by walkers need to be linked to the hand sets and in some cases this means new codes need to be obtained from Garmin.

 

Rebuilding may be simple for those who know how to do it but it would have been difficult for me to describe so I chose to explain a simpler if long winded method. Do bear in mind that using the method I described may take a long while but for most of that time you will not need to be present at the computer.

 

Exiting from the browser and rebooting the computer works on some of the older versions of such malicious software but not on the latest versions. Obviously being quick it is well worth trying as a first step.

 

This malicious soft ware is normally picked up from various sites. The big sites like banks and Amazon are likely to be safe as they obviously take extensive precautions to make sure this is so. My last and worst attack came when looking at sites selling folding bikes for which I did have my wifes permission!

 

The problem is that the perpetrators use yours and my computers to spread the soft ware to these sites. With millions of computers all over the world unknowingly doing this they are virtually impossible to stop.

 

This is one of the reasons I recommend following the procedure I have outlined or a similar one in that you finish up with a computer that it completely sanitized and will not spread the problem to any new sites.

[Colin Leake]

Bulletguy - 2010-11-22 6:00 PM

 

Colin Leake - 2010-11-22 4:35 PM

 

Scare ware is a term that has been coined of late to describe a new and rapidly developing hazard that is effecting many internet users. Those who develop it are some or the cleverest computer programmers in the World.....we have both been attacked several times and the last two attacks took between 6 and 8 hours to deal with.

 

When it first made an appearance it simply looked like a very convincing official message telling you that you had a problem with you computer and telling you to log on to fix it. Once you did so you were hooked and would then be told you need to buy software to fix the problem.

 

Blimey.......not so sure about 'scareware' Colin but you certainly know how to install 'exhaustion wear'!

 

As for taking 6-8 hours to sort out......why bother? Whats all the fuss about?

 

These viruses/malware progs are nothing new at all and anyone using the internet is fair game for getting hit no matter what fancy anti this 'n that AV progs they have installed to 'protect' their pc. I was hit myself with a daft Google redirect virus which basically began to shut my pc down. I've also been hit by the fake Antivr scanner which is designed to look like the real thing, but isn't.

 

The answer is quite simple really. I run a small (80gb) C drive which I use only for windows and programmes, anything I want to keep I transfer over to one of two other much larger drives.

 

Any serious virus infection I just simply reformat the C drive and get rid straight away. As it's only an 80gb drive I can do a total reformat with Windows back up and running in less than a couple of hours. I'm certainly not going to bother messing around for half a day trying to sort out some silly virus.

 

You clearly know what you are doing and you are quite right in what you do. However getting hit by such a problem may not be a big deal to you but to most computer users with a single hard drive and no specialist computer skills it is a very big deal indeed and these are the users I am trying to help get out of a hole that they would otherwise find it impossible to escape from. Unfortunately this sort of malicious software is becoming an ever increasing problem!

 

 

 

[Colin Leake]

pelmetman - 2010-11-22 9:33 PM

 

peter - 2010-11-22 9:04 PM

It's one where, if your wife caught you looking at it , she would probably throw a wobbly. If you get my drift. :->

 

You mean like outandaboutlive (lol) (lol)

 

One hopes not but technically it's not impossible even if they are taking precautions!

[spospe]

When I mentioned 'dodgy' sites above, I was not just referring to porn sites, but to any sites which have less than perfect housekeeping in place to ensure their integrity.

 

For these 'scareware' tactics to work, the perpetrator has to plant the necessary code onto the website that you are browsing and this can only be done a) with the complicit agreement of the webmaster, or b) by hacking into the site and piggy-backing the scareware onto the original website.

 

If you click onto any part of the scareware pop-up, this will be taken as your acceptance of the pop-up and will instruct your anti-whatever software to allow it to remain. This will lead to it attaching itself to your PC and will be difficult to remove. The rule is, do not click on any part of the pop-up.

 

Formatting the hard drive is not a good idea in my opinion; it is a desperate last resort. Some of the really nasty scareware / spyware / virus will actually scan your PC for additional drives that they can copy themselves onto and so re-formatting your Windows drive will not help in those cases.

 

As an aside, I have noticed that some people with both Spyware blaster and Spybot have not installed them fully. After installing and updating, you must both check for updates and then allow / immunise fully for them to take effect. Spybot is particularly bad for this, as you can think that you have downloaded all the updates (which you have) and that is it (which it is not, until you have used the 'immunise feature).

 

Be aware ;-)

 

[Guest pelmetman]

When you say dont click on any part of a pop up, I presume its ok to click on the x button to close it (?)

[enodreven]

Hi,

 

I had Avast, S&D which I update every other day and allow teatimer to run and Malwarebytes running and still got hit just by going to a site that was on a Google seach list that i ran (Not Porno I hassen to add LoL)

 

The way I cured it was restarting the computer and pressing Ctrl-Alt-Del as it was rebooting and entered into the Task manager and ended/stopped the rouge process/application from starting/running then loaded windows as normal and deleted the offending small program.

 

Hope that makes sense, only if you let windows load fully the rouge program will have reloaded also, you must stop it in its process of loading.

 

 

[Guest JudgeMental]

pelmetman - 2010-11-22 9:33 PM

 

peter - 2010-11-22 9:04 PM

It's one where, if your wife caught you looking at it , she would probably throw a wobbly. If you get my drift. :->

 

You mean like outandaboutlive (lol) (lol)

 

 

No like THIS sort of ting! :D

 

CENSORED*****LINKS REMOVED BY MODERATORS*****CENSORED

 

 

 

 

Edit: honestly! we are all adults aren't we!

 

It was only a link to Derek's infamous dogging website anyway *-)

 

 

 

 

[Guest pelmetman]

JudgeMental - 2010-11-23

 

It was only a link to Derek's infamous dogging website anyway *-)

 

 

Is it about labradors (?) :D

[Dave Newell]

Out of pure coincidence I suffered a scareware attack last night, I searched for a photo of a Winnebago and the first hit got me a flashing message in the middle of my screen saying my computer was infected and it needed to be scanned. I closed Firefox by using ctrl/alt/delete to bring up the task manager and ended firefox from there so I didn't click on anything in the web browser. Launched IE and downloaded Malwarebytes, ran it overnight and it found 37 infections, removed them and rebooted and all seems well so far.

 

D.

[Derek Uzzell]

JudgeMental - 2010-11-23 6:48 PM

 

pelmetman - 2010-11-22 9:33 PM

 

peter - 2010-11-22 9:04 PM

It's one where, if your wife caught you looking at it , she would probably throw a wobbly. If you get my drift. :->

 

You mean like outandaboutlive (lol) (lol)

 

 

No like THIS sort of ting! :D

 

CENSORED*****LINKS REMOVED BY MODERATORS*****CENSORED

 

 

 

 

Edit: honestly! we are all adults aren't we!

 

It was only a link to Derek's infamous dogging website anyway *-)

 

 

 

 

How did you find out it was my website? (I must be more careful in future.) :D

[spospe]

pelmetman - 2010-11-23 4:26 PM

 

When you say dont click on any part of a pop up, I presume its ok to click on the x button to close it (?)

 

For safety close the browser, do not click on any part of the pop-up. After the browser has closed, re-boot the PC and run your anti-whatever software.

[Colin Leake]

spospe - 2010-11-23 3:53 PM

 

When I mentioned 'dodgy' sites above, I was not just referring to porn sites, but to any sites which have less than perfect housekeeping in place to ensure their integrity.

 

For these 'scareware' tactics to work, the perpetrator has to plant the necessary code onto the website that you are browsing and this can only be done a) with the complicit agreement of the webmaster, or b) by hacking into the site and piggy-backing the scareware onto the original website.

 

If you click onto any part of the scareware pop-up, this will be taken as your acceptance of the pop-up and will instruct your anti-whatever software to allow it to remain. This will lead to it attaching itself to your PC and will be difficult to remove. The rule is, do not click on any part of the pop-up.

 

Formatting the hard drive is not a good idea in my opinion; it is a desperate last resort. Some of the really nasty scareware / spyware / virus will actually scan your PC for additional drives that they can copy themselves onto and so re-formatting your Windows drive will not help in those cases.

 

As an aside, I have noticed that some people with both Spyware blaster and Spybot have not installed them fully. After installing and updating, you must both check for updates and then allow / immunise fully for them to take effect. Spybot is particularly bad for this, as you can think that you have downloaded all the updates (which you have) and that is it (which it is not, until you have used the 'immunise feature).

 

Be aware ;-)

 

Thank you for making this clear you are quiet right. I refered to it as building a wall which in a way it is but their term for it is immunise. At the monent I would recommed doing teh update followed by immunise once a week. I usually do this when ending a session on the computer and just leave it to get on with the immunise which taeks about an hour on its own.

[Colin Leake]

pelmetman - 2010-11-23 4:26 PM

 

When you say dont click on any part of a pop up, I presume its ok to click on the x button to close it (?)

 

No remember these people are clever the X button nor any other part of the pop up should eb clicked on. It will as we say have been got at!