STOP RIGHT THERE!! Before you go any further, read this carefully. Since about 2008, there has a been an astronomical increase in the number of programs which look like antivirus programs (for example, Win 7 Internet Security 2012. Only when you click on them are you then infected. This article does have tips for removing those viruses, but I also include several pictures to increase awareness of these official-looking-but-entirely-bogus programs. If you know what to look for you, you may be able to safely back away without actually getting infected.
This article was originally written in March of 2009, updated in February 2010, and is now being updated and re-published a third time on February 26th, 2012.
2012 tips: my advice for you, this year, is this: DON’T CLICK ANYTHING. If you see a screen like the one above, don’t even try to close it. Immediately use the task bar at the bottom of the screen to switch back to anything you need and save it. Then, click the start menu, and SHUT DOWN THE COMPUTER. If you don’t click on the button to ‘stop the scan’ or ‘clean infected files’ or anything like that, you’ll be in good shape. At this point, it’s just an official looking popup window, but nothing’s actually been installed on your computer. But we’re going to play it safe.
With the computer shut all the way down, boot in to “safe mode with networking.” To do this, locate the “F8” key on the top of your keyboard. See it? Hit the power button to turn on your computer and immediately start tapping F8, at least once a second. It should bring you to Windows Advanced Startup Options. There you can use the arrows on the keyboard to select Safe Mode with Networking. Then log in to Windows the way you normally would – safe mode will look a little different, but work with it, you should be safer in here. If the viruses pop up immediately, when in Safe Mode, you’re going to need more help than we can provide in this blog. If you’re in safe mode, keep reading.
From here, we’re going to use two tools, both free. Open your web browser and go to SuperAntiSpyware.com and click on the link for Super Anti-Spyware Portable Version. Run a full system scan using that tool and remove anything it finds. Then, for best results, I would also advise downloading, installing, and running the free version of Malware Bytes Anti-Malware. Use the “download now” link on the website to obtain their free edition.
Both prorams are somewhat complex but also self explanatory. Don’t let them overwhelm you. With Super Anti-Spyware you simply choose your languge, then click the “Scan Your Computer” button. Once both scans have completed (depending on the age of your computer, size of your drive, and number of files, the process can take nearly an hour per scan), and you have removed the reportedly infected files (both programs make it very simple to clean the files they have found to be malicious), reboot your computer. It will boot normally back in to Windows, and hopefully your issues are resolved.
Below are the original two revisions of this article and some additional screenshots.
This is a rewrite of a bulletin I put out in March of 2009. I still find this to be a common issue which I feel needs addressing.
Recently, a slew of my friends, family, co-workers, and just people on the street, have come to me with the same question: “I think I have a ton of viruses, how do I fix it?” The simple fact is: you probably don’t have a ton of viruses!
Antivirus 2009/2010 (looks like Windows Security Center) and Antivirus 360 (looks like Ad-Aware) are new POP UP PROGRAMS, usually contracted while surfing the internet – even on legitimate websites. This anti-virus lookalike program will pop up with the sole purpose of making you panic, telling you that you need to click to fix the problem NOW. If you then click the “REMOVE ALL THREATS” or “FIX THIS NOW.” If you’re lucky, at this point, it will ask you to BUY their “special” virus and “mal-ware” removal program.
If you’re unlucky, it will actually start to install a virus on your computer. It LOOKS like it is there to help, warning you have several viruses, but when you click on the banner to “fix this problem” you are actually installing the very bad payload, which is, itself, a virus. The virus then disables your ACTUAL anti-virus program (if you have one); it blocks the ability for your antivirus program to retrieve updates capable of fixing this problem. All in all puts you in a very deep hole of problems.
What you need to know: If you did not tell the computer to do a virus scan, and suddenly it pops up and says you have dozens or even hundreds of viruses, it is one of these FAKE pop ups! No doubt in my mind. Most Virus Scanners can find one or two viruses when they’re running their automatic scans in the background. If you did not start a manual Full System Scan, your computer will never tell you that you have 300+ viruses – it can’t find that many without doing a manual scan. So if something ranomly tells you that you’re sunk, don’t panic, take a deep breath and laugh it off: you already know their tricks!
If one of these pops up on your computer: your safest practice is to immediately save anything you are working on, and restart your computer. Do not try to close the window that is alerting you of all of the viruses; shutting down the computer will close the pop up. If it does happen to be a legitimate problem or something is actually installed on your computer, and it will pop back up next time you turn on the computer. If it does not come up after a restart – it was likely nothing more than one of these fake pop ups, and nothing has been installed on your computer!
I personally dealt with one of these pop ups, recently, where even when you clicked the “X” in the top right, to close the program, it refused to exit. It would say “are you sure you want to close” then as soon as you clicked “YES” – another window popped up with the same “virus alert!” It is trying to trick you in to clicking the wrong thing, thus installing the “payload” which could do anything from causing the computer to go slow by infecting other computers, to stealing files off of the computer, to even crashing the whole thing, requiring a complete rebuild. That is why I recommend immediately shutting down and/or restarting the computer.
If you have accidentally “installed” one of these “antivirus” programs, in an attempt to solve the problem it created, you might not be entirely out of luck, as the website MalwareBytes.org has an anti-malware “removal tool.” At this time, it is the only recommended removal software I have come accross, earning recognition from several “tech” websites as the best possible solution to those who may have clicked on a fake anti-virus banner, next to wiping the computer clean and rebuilding it.
Above, I have included a few “screen shots” of what these fake antivirus programs might look like, these are only a few variants, there are literally dozens popping up (no pun intended) right now.
Thanks for reading, I hope it was more “edu-taining” than jargon heavy gibberish!
If you’re really interested in the technology part, check the ISC’s article.