It’s been my firm view that malware doesn’t infect folks’ computers. Folks infect their computers with malware as a result of laziness or carelessness.
Well, I still hold that view. Properly patched computers with up-to-date anti-malware from a well-respected anti-malware software vendor, operated by users who practice safe surfing and generally safe computing practices are… safe.
But folks get careless or lazy and don’t keep their OSes and applications up-to-date, don’t run regular full scans with their anti-malware, do visit “risky” sites (and don’t have or don’t pay attention to link scanning software), etc.
Recently two very (very) smart people I know did infect themselves with some malware by CLICKing on a popup “warning” that looked very much like a Microsoft Security Essentials window. One told me he thought as he clicked on it, “Oh, no! I shouldn’t have done that!” but by then it was too late. Took about an hour and a half to fully clean his system (only about 15 minutes on my part, since I could trust him to do the rest of the procedure himself, after having it lined out for him). The other person? Knew she’d infected herself and what she’d done to do so but had no clue how to extricate herself from the problem.
OK, I’m going to give some general Windows guidelines for avoiding infection from the kinds of fake anti-malware infectors these folks(and many less smart folks who had NO idea where or how they’d “been infected”) infected themselves with, and a couple of hints on manual fixes if you’ve gone ahead and infected yourself anyway:
1. No! Do NOT click on that warning! Not anywhere! No, don’t do it!
2. Instead, hit CTRL+SHIFT+ESC to bring up the Task Manager. Look through the Processes list and find the offending popup Window. It won’t be anything you’ve deliberately installed (I hope *sigh*). Kill the process by CLICKing the “End Process” button and then the End Process” button again in the popup that asks if you’re sure.
If it’s a popup in a web browser window or tab, close either the window or the tab, NOT the popup itself! Mess with the fake popup “warning” in ANY other way and you will infect yourself.
3. Now, restart your computer in Safe Mode with Networking (reboot and keep pressing F8 while the boot process is progressing, until the Boot Menu appears, then simply select Safe Mode with Networking).
4. If the offending app appears again, repeat step 2, then use Task Manager to start explorer.exe if your desktop doesn’t show (just a black screen, for example). File>New Task (Run)>*type in* explorer.exe *and press Enter*
5. Now you can access your web browser. Download one of the following free anti-malwares that you do not already have installed on your computer, then run it (still in Safe Mode with Networking):
Also, give Eset’s or Trendmicro’s free online scanners a whirl, after using one of the two above.
Once you are pretty well sure you’ve cleaned your computer, use CCleaner, Comodo System Cleaner or Glary Utilities to scrub up your Registry. Or, look up the malware you infected yourself with and find a manual cleaning method that will allow you to muck about in the Registry yourself looking for known bad keys. I usually prefer manual cleaning for things like this, but for normal users, it’s dangerous. (The manual method is recommended ONLY for folks who are already familiar with and confident in their registry management skills. But be warned: mucking about in the Registry can render a Windows computer unbootable, if you’re ham-handed about it. I did that once on one of my computers and learned to be more careful in how I handled the Registry.)
After cleaning house, download a fresh copy of your preferred anti-malware (if you bought yours,you should still be able to do so), uninstall your old copy and reinstall from the new download. Update and run a deep or full scan.
You should be OK, now, but if not, reboot with your installation DVD and select System Restore. (Or, if using XP, boot to Safe Mode and perform a System Restore OR perform a Repair Install of XP as a next-to-last resort) select Choose a Restore Point from before your problem. Then reinstall your anti-malware as before and run a full scan.
So, OK, I still hold that users infect themselves through laziness and carelessness, but given these two recent self-infections by some (very) smart people who simply allowed themselves to become momentarily distracted (lazy and careless, but still… :-)), I guess I’m willing to cut users some slack. The first time. *heh*
Note: all the software I’ve mentioned here is available in free versions that work quite well.
And do also note: CCleaner only works on 32-bit portions of a-bit Windows install. Joy. Apparently v3 of CCleaner is-bit aware.