Typically, users are initially exposed to these programs when visiting a website that is laced with the instructions to pop-up a fake warning that your computer is infected. These warnings look very similar to Windows screens and cause most folks to follow the prompts to 'scan' or 'fix' the problem.

Eventually, the 'fix' asks the user for a credit card number, which is when most folks realize something 'phishy' is going on, but by that time it's too late. The second that anyone clicks on the button to 'scan' or 'fix', it instructs your computer to install the evil code in the background while making you believe that it's scanning your computer for viruses.

It's by far, the most common reason that we are seeing 'patients' in our stores throughout the country.

This class of malicious software began appearing on the Internet in 2006 and has grown at a veracious rate simply because it is an effective way of getting into your computer. As of this writing, there are over 300 variants of fake security programs with new versions appearing on a weekly basis.

There is even a fake security program that calls itself 'Data Doctor 2010' which as you can imagine causes some confusion for our customers (we are not the authors, they simply made use of our name hoping to fool users).

Once they infect you, they can steal your credit card information, infect the machine for use as a silent soldier in a 'botnet' army, or install anything else that they so desire.

The reason your MacAfee antivirus didn't protect you is that it couldn't and neither would any other companies antivirus because you clicked on a button that told Windows and your security program that you wanted to install a program.

These malicious programs are very well written and look like any other program, like a screensaver or photo management program to your operating system and security programs.

Keep in mind, while these evil programmers are cooking up these concoctions, they have the ability to test it on every major antivirus program on the market before they launch it. In other words, they can keep working with the code until they know that your antivirus program will think it is a legitimate program.

Once they accomplish that, their only task is to fool you into clicking on a button to start the process of infiltrating your computer.

This, unfortunately, is why so many people are getting infected and your antivirus program is powerless to protect you from yourself.

Most folks that get infected immediately start searching Google for a way to get rid of these programs, which exposes them to yet more scams of programs that claim they can help if you pay.

The best information for removal will be the manual registry steps to eradicate the scareware code from the core of the Windows operating system, but even those instructions can be dated in a few short months.

The authors of the malware also scan the Internet to see how folks are removing their code, then they update their code to block or evade those removal instructions, so if you are searching for help on any specific infection, make sure to refine your search to only show you results from the past week (click on the 'Show options' link above the search results in Google).

In the future, pay very close attention to warning screens. In your case, you have MacAfee installed, so if the warning is not clearly coming from the MacAfee program, cancel the warning.]]> ken colburn, brandon disney, data doctor, ktar Fri, 29 Jan 2010 16:23:59 +0700 http://datadoctors.com/help/questions/question.cfm?id=21754 http://datadoctors.com/help/questions/question.cfm?id=21748 When you search for something on Google, their system for weeding out irrelevant websites for any given search phrase has been their 'secret sauce' and allowed them to dominate in the world of search.

They process more than 150 million search requests per day, making them far and away the most popular search engine on the planet.

But any technology that attracts that many users will attract those with malicious intent who will focus all their energy on finding ways to exploit those users.

Google is constantly working on ways to deal with something called "SEO poisoning' that is allowing hackers to get malicious websites listed sometimes on the first page of popular Google searches.

SEO stands for 'Search Engine Optimization' and is a process used to optimize a website for the highest possible ranking in search engines. The closer to the first position in the search results you can get the more people that will click on it.

Most folks feel comfortable with the search results from Google never giving any thought to whether a link is safe or not. Most assume that if Google presents it as a result, it must be safe.

Unfortunately, those days are long gone; the bad guys have figured out how to sneak malicious websites into Google's results and have been doing it for some time.

The most common search terms that are being targeted (but not the only ones) are very current events as they are occurring; things like 'swine flew' or 'Tiger Woods mistress' that generate a large number of searches in a very short period of time.

The scammers either quickly create websites that are rigged with hidden malware and optimized to rank highly for these breaking events or they will compromise a legitimate website that is highly optimized for these types of searches to unknowingly infect or exploit visitors to the sites.

Researchers have found as many as 50 percent of the top search results on the first few pages of a Google search for fast breaking stories are laced with malicious links.

And just recently, the malware writers started targeting folks that click on the Google 'Doodle' which is usually a date specific image that graces the Google logo above the search box.

An image of Santa Claus on Christmas, Christopher Columbus on Columbus day, etc. which if clicked generate a search for the subject being represented by the imagery.

Most recently, the 'Esperanto flag' displayed on the 150th anniversary of founder L.L. Zamenhoff's birthday was targeted and resulted in 27 of the first 50 results containing some form of malware according to a research scientist at Barracuda Networks.

As a result of all of these tricks, a number of companies have created programs that can help the average user avoid being exploited by stepping in and warning them such as McAfee's Site Advisor or Norton's Site Safety.

Two of my favorites are actually free and easy to use. The first is K9 Web Protection ( http://www.K9WebProtection.com ), which a solid parental control program that also does a great job of blocking access to websites that have suspicious coding on them.

If you don't want or need the parental controls, you can turn them off and just use the malware protection that is one of the best I've tested.

The other is a plug-in to most popular browsers called Web Of Trust ( http://www.mywot.com ) that uses the entire community of users to help warn others of suspicious sites. The warnings extend beyond malware to warn against sites that might have adware, phishing attacks, browser exploits, Internet fraud and spam but because the ratings are user based, it will have more false positives.

Households with children, especially teenagers that tend to have no fear of clicking on anything should strongly consider using one of the many tools for warning against or blocking malicious sites and have a frank discussion about this fast growing way of getting infected online with everyone on the network.]]> ken colburn, brandon disney, data doctor, ktar Wed, 16 Dec 2009 19:45:48 +0700 http://datadoctors.com/help/questions/question.cfm?id=21748 http://datadoctors.com/help/questions/question.cfm?id=21740 This is just another example of the creative methods that are constantly being generated to trick folks into installing fake security software onto their computer, which then coaxes them to purchase the 'fix' for a fake infection.

A recent study claimed that over 250 different types of 'scareware' programs are in circulation and this is just the most recent attempt to get people to give up credit card information for a fake infection.

In general the subject line refers to a 'Conficker.B Infection Alert' and the body of the message reads:

Dear Microsoft Customer,

Starting 18/10/2009 the 'Conficker' worm began infecting Microsoft customers unusually rapidly. Microsoft has been advised by your Internet provider that your network is infected. To counteract further spread we advise removing the infection using an antispyware program. We are supplying all affected Windows Users with a free system scan in order to clean any files infected by the virus.

Please install attached file to start the scan. The process takes under a minute and will prevent your files from being compromised. We appreciate your prompt cooperation.

Regards,

Microsoft Windows Agent #2 (Hollis)

Microsoft Windows Computer Safety Division

_________________________________________________________________________________

The message is accompanied by a file attachment that has varying names, but usually has the .zip extension.

If you are paying attention, you should be able to spot many red flags from this message.

The first one is the date format (18/10/2009) which is not common in the U.S. and the second is the poor grammar (unusually rapidly).

What isn't as obvious to non-technical users is that Microsoft would never be contacted by your Internet provider if your network was truly infected. If anything, your Internet provider would shut your connection down or disable your ability to send e-mail if your system was infected with many of the silent malware programs that silently spew out spam.

Microsoft would never send a file attachment (they always use links back to their website) and you should never trust any .zip files (compressed files that could contain virtually anything inside) unless you are absolutely certain of the contents.

Finally, I have yet to see any official Microsoft e-mail messages that had a salutation that started with 'Regards' and there is no such thing as the 'Microsoft Windows Computer Safety Division'.

The only security warnings that you will ever get e-mailed to you from Microsoft would come as a result of you pro-actively signing-up for their 'Security Bulletins' and the format of the messages always starts with "Begin PGP Signed Message".

A good practice for the future whenever you receive any suspicious e-mail warnings is to copy the first paragraph and paste it into Google as a search. If the information is legit, you will find websites that will confirm the information and if it's a fake, you will quickly get confirmation as well.]]> ken colburn, brandon disney, data doctor, ktar Fri, 23 Oct 2009 14:07:51 +0700 http://datadoctors.com/help/questions/question.cfm?id=21740 http://datadoctors.com/help/questions/question.cfm?id=21729 A DDoS attack is generally used to render a website useless because the attackers have an agenda that is served by wreaking havoc on the site. In most cases, it is financially motivated (blackmail) or cause motivated (we want you to change the way you do business, etc.), but we have yet to understand the motivation behind this attack.

Think of it as a very popular radio station contest that generates so many callers that no one can get through. A DDoS is simply the ability to get a large number of computers to all simultaneously bombard a single website with thousands of requests, which makes it impossible for regular traffic to get through (we all get a 'busy' signal).

Since Twitter was not the only site attacked, it's very likely that someone was using this as a demonstration of a powerful 'botnet'.

As we have discussed in this column before, botnets are a collection of infected computers that can be remotely controlled by a single computer to perform any instruction that is sent out.

Many of today's viruses and worms are designed to slowly and silently 'recruit' agents for these networks as the larger the botnet, the more damage, spam, identity theft and other malicious activities it can generate.

This means that many of you that are reading this column are unknowingly participating in these attacks, because your computer has silently been infected and recruited as an agent on a botnet.

Once the network of compromised computers gets big enough, it's offered out to the Internet underworld as a 'rental by hour' weapon to do whatever the renter wants to do with it.

Unless you have built a business around your ability to use Twitter, you shouldn't really be too concerned about the attack as DDoS attacks of various forms have been going on for over a decade.

Past high profile DDoS attack victims include CNN, Yahoo, E-bay & Microsoft just to name a few and these types of attacks will continue to plague the Internet.

The real awareness from this event should be that if we all made sure that our computers were kept up-to-date and avoided dangerous activities that expose us to becoming a silent agent, these types of attacks would be less likely.

Unfortunately, far too many Internet users are 'asleep at the wheel' when it comes to keeping their computer maintained and protected from the daily threats.

You are most likely to become infected by a botnet agent if you don't relentlessly keep your operating system (Windows, MacOS, etc.) and anti-malware programs up to date and especially if you are careless about what you click on or download (fake video scams are very popular at the moment).

Users of file sharing networks, adult content sites, crack code sites or any of the fringe activities on the Internet are at a much higher risk of being infected as what you think you are downloading or viewing is distracting you so the agent can slip in behind the scenes.

As I have said for years, if you live in a household with high-speed Internet and teenagers, you better make extra sure you understand what kind of activity is taking place on your computers.

Hackers know that teenagers are fearless on the Internet and the they always look to get something for nothing, so they plant infected files all over the Internet where they know teens like to congregate.

Botnet agents are very good at hiding from your security software, so in addition to keeping everything updated, if you notice that your computer's hard drive light or Internet activity lights are constantly flashing when you aren't doing anything, have a technically experienced person 'take a look under the hood' to make sure that you aren't unknowingly part of a botnet.]]> ken colburn, brandon disney, data doctor, ktar Fri, 7 Aug 2009 19:20:29 +0700 http://datadoctors.com/help/questions/question.cfm?id=21729 http://datadoctors.com/help/questions/question.cfm?id=21724 AMalum virus. The fix detailed below was created by CA.

This information is relevant ONLY for customers who are running CA Anti-Virus AND are getting messages regarding a Win32/AMalum virus or if you are being asked to insert a Windows SP3 CD to repair some files.

This information does NOT impact anyone else and does not need to be followed if you are not having these symptoms.

To fix this issue, take the following steps:

1. Open CA - You do this by double clicking on the CA Shield Icon in the bottom right corner of your screen down by your PC's Clock.

2. Update CA - Click on the update button. This will download the latest list of threats & fixes.

3. Open CA Anti-Virus advanced settings - Not anti-spyware... anti-Virus, you may have to click on CA-Anti-Virus to see the link.

4. Open the quarantine - you do this by clicking on the button on the left, now the fun part,

a. Look for items in the list dated AFTER JULY 4th, ignore any others.

b. Identify the following files, there may be one or several of each:

i. Net.exe

ii. Netsh.exe

iii. Verclsid.exe

iv. Reg.exe

c. We want to restore EACH of these files by clicking on the restore button above the file list for each file. Leave the "attempt to clean... " tick box blank.

d. Click OK to accept/confirm the restoration of these files... repeat for each file, we need to restore them one at a time.

5. Run a Virus scan - Click on Overview and then scan my computer for viruses.

6. Verify the scan found nothing.

This should bring your system back to normal operation. Additional information can be found at at this website.]]> ken colburn, brandon disney, data doctor, ktar Fri, 10 Jul 2009 10:05:42 +0700 http://datadoctors.com/help/questions/question.cfm?id=21724 http://datadoctors.com/help/questions/question.cfm?id=21710 This family of scams has been very successful in fooling folks into paying for relatively useless software and the stakes are starting to get higher.

The most recent variations will attempt to convince you that your My Documents folder is corrupted and offers a free "fix" to repair the problem.

Once again, this is a scam to get you to install a rogue program that, in this case, actually 'encrypts' your My Documents folder and then will hold you hostage when you try to get back into your files.

The 'ransom' for giving you the key to unlock the encryption is $50, which is why the security community refers to this type of malware as 'ransom-ware'(if you get infected with this scam, DON'T pay the ransom! Unlock tools have been posted around the Internet or consult a professional).

The authors of these programs used a generic sounding name (AntiVirus 2009) which is used by many companies and boxes that look a lot like they were generated by the Windows operating system.

This combination is fooling a lot of users into thinking that the warnings are legit.

In your case, if the warnings are not coming from PC-Cillin (Trend Micro) then you know that you should be suspicious. Likewise, users that have installed A/V software from companies like Norton, Webroot, McAfee, Panda or any of the major vendors should only heed warnings that are generated by the specific program that was installed as the protection system.

Paying attention to the details of the warnings is the best way to sidestep these types of scams. In addition to making sure that a warning message is coming from your A/V program, look at the header (usually the blue bar at the top of the warning box) to see if it has the name of your program in it.

If you see things like FreeWebScanner or FreeScan or FreeAntiVirusScan or anything other than your security software's name, don't respond (click the X in the top right corner).

In order to get these pop-ups in the first place, someone has likely ventured into fringe websites (gambling, adult content, hacker sites, warez software key sites, etc.), downloaded files from a file sharing network like LimeWire or KaZaa or fallen for one of the many new e-mail or social media video scam messages.

If you get any kind of message saying that an embarrassing video of you is up on YouTube or checkout this sexy video of a girl, etc. and when you go there to see the video, you are prompted to update your Flash player or video 'codec', don't fall for it (unless you are just getting started with a new installation, you have everything you need to see online video already).

Your chances of getting 'infected' by the AntiVirus 2009 scam is exponentially higher than every getting infected by any of the Conficker worms that captured the world's attention last week because it relies on gullibility.

As with all infections, the more you pay attention to what you are clicking on and the more suspicious you are of everything that you see, the less likely you will become a victim of these scams.

The bad guys know that you aren't paying attention out there and they are getting better at distracting those that aren't constantly on their guard, so don't let them fool you.]]> ken colburn, brandon disney, data doctor, ktar Fri, 3 Apr 2009 15:58:47 +0700 http://datadoctors.com/help/questions/question.cfm?id=21710 http://datadoctors.com/help/questions/question.cfm?id=21709 The third generation of this pest is being labeled Conficker C and it is far more dubious than the previous two versions.

The primary intent of the Conficker worm family is to infect computers with an agent that will turn them into a 'zombie' on a large network of infected computers referred to as a botnet.

Botnets are a collection of compromised Internet connected computers that can be remotely controlled by a single computer referred to as the command and control center to act as a group.

Once infected, any computer on a botnet can be given instructions from the command center to perform whatever function the remote hacker desires, including sending spam, infecting other computers or tracking keystrokes for the purposes of ID theft.

Conficker C is especially disconcerting because it is specifically designed to bypass and disable hundreds of popular security programs and websites and it has a trigger date of April 1st with a yet unknown payload.

To make things worse, Conficker C is very good at hiding from you and your security programs and has code that allows it to 'evolve' its ability to be detected and removed.

One of the first things it will attempt to do is turn off the automatic updates in Windows because it is exploiting a known hole in Windows. If your computer has not been patched, Conficker can take advantage of the hole and make sure your system doesn't automatically download the patch by disabling your automatic updates.

To check if the automatic updates have been turned off, go to the Windows Control Panel and double click on the Security Center icon to get to the Automatic updates link.

If you find that your automatic updates have been turned off, it doesn't necessarily mean that you are infected, however, if you know that it was previously set to automatically update and now it's turned off, you would be wise to have a technically savvy person do a deeper evaluation of your computer.

The rest of the symptoms for detecting Conficker C requires a working knowledge of the Windows Registry and many of the anti-virus and security firms on the Internet have posted very detailed technical instructions for detection and removal (search Google for "Conficker C removal").

If you don't have a tech savvy resource available and are near any of our Data Doctors locations (www.datadoctors.com/locations), we provide free checkups to help those with concerns determine their computer's status.

One of the many ways that your system can get infected in the first place is from the usual suspects: e-mail attachments, rogue links in e-mails or on malicious websites and from downloading files from P2P networks such as Limewire and KaZaa, but a most recent exploit seems to be where many folks are getting infected.

The popularity of online video and especially YouTube has created a new trick for malware writers to get into your system. If you click on a link that presents itself as a video, but when you go to play the video you get an alert stating that you need to update your "Flash Player" or you need a new 'codec', the chances are real good that it's a trick.

If you routinely view online video and you are suddenly told you need something new to view online videos, especially from a no-name website, be suspicious.

If a message comes up saying you need a new version of the Flash Player, don't accept the file that the website offers as an update. Instead, go to http://get.adobe.com/flashplayer to install the latest version of the free video player, then go back and try viewing the video again.

If the same message comes up with a prompt to download an updated Flash Player, you will know it's a scam for sure.

In the same respects, if you get a message telling you that you need a new 'codec' to view a video, the safe response is to take a pass until someone technical you trust can see if you're video playback software is really that old.]]> ken colburn, brandon disney, data doctor, ktar Thu, 26 Mar 2009 12:05:18 +0700 http://datadoctors.com/help/questions/question.cfm?id=21709 http://datadoctors.com/help/questions/question.cfm?id=21703 To review, botnets are a network of Internet connected machines that have been infected with a small program that allows a remote hacker to make use of the "zombie" computer at will. Any system that is connected to the Internet could easily and unknowingly become one of these silent zombie computers.

Large botnets can be made of up 10,000 machines or more which gives the person in control the ability to wreak some serious havoc.

Spammers will routinely "rent" a botnet to send out millions of spam messages by getting infected machines to send out a small amount of spam each (10,000 infected computers x 100 messages each = 1 million spam messages).

By using botnets instead of a single machine to send out the million messages, not only can the messages get out quicker, it is nearly impossible to detect any one computer as a spammer (because of the low volume) and even if one is discovered, they are only responsible for a small amount of spam.

Avoiding the infectious programs is unfortunately not a function of a piece of software; no software will guard you against the biggest threat to becoming a zombie on a botnet... YOU!

Careless user behavior can easily allow these rogue programs to sneak past whatever security programs you have installed. If you are an avid user of file sharing networks (Kazaa, aMule, BearShare, etc.), BitTorrent networks or fall victim to the various hoaxes that claim your computer needs a new program to view a video, you can become infected no matter how much security software you have in place.

Antivirus programs are pretty good at detecting the viruses that can introduce a botnet agent to your machine, but if they can sneak past your AV program (which can be easily accomplished by tricking you into installing a spoof program) then detecting the presence of an agent becomes much more difficult.

The malicious users that write the botnet programs have the upper hand because they know how today's antivirus, antispyware and other security programs function and can continually test their new creations until they figure out how to evade your security programs.

The key is in the clicks! If they can get you to click on a link in an e-mail, a link on a rogue website, a link from a communication on your Facebook or MySpace page, a link from an instant message or download a file from a file sharing network that is pretending to be something that it's not, you don't stand much of a chance.

The standard advice applies to reducing your chances of an infection from a botnet agent: Keep your Windows operating system up-to-date (the Apple OS is currently not a target of botnet infections because there aren't enough of them, YET), keep your anti-virus and anti-spyware programs up to date, make sure your software firewall is setup to stop any program from accessing the Internet from inside your computer without first asking for your permission.

These types of complex attacks unfortunately require complex defenses to fend them off and the bigger problem is that the actual methods of infiltrating your computer continues to evolve.

This underscores the importance of having trusted resources for keeping up to speed on the latest attacks. Those of us that are trying to help protect the general public are behind the curve because any new attacks are only discovered once they have been launched on the Internet.

The time between the discovery of a new threat and the likelihood of coming in contact with that new threat continues to decrease (often the same or next day), which is why keeping your protection programs up-to-date on an almost daily basis (all of them can be setup to check for updates every day) and finding resources that will keep you updated on the latest schemes designed to infect you is a good line of defense.

If you like what you read in our weekly columns, we provide weekly updates and warnings via our free newsletter which is located at: http://datadoctors.com/subscribe .]]> ken colburn, brandon disney, data doctor, ktar Fri, 13 Feb 2009 16:55:24 +0700 http://datadoctors.com/help/questions/question.cfm?id=21703 http://datadoctors.com/help/questions/question.cfm?id=21699 Dell has been embattled in allegations of misleading practices for years and it has finally come to a settlement on one of the larger cases.

On January 12th, 2009, the Attorney General's Offices of 34 states reached a $3.35 million settlement with Dell for allegedly misleading consumers about financing terms, warranties and rebates.

The states that participated in the settlement includes: Arizona, Arkansas, California, Connecticut, Delaware, Florida, Illinois, Iowa, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, Montana, Nebraska, Nevada, New Mexico, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Washington, West Virginia, Vermont and Wisconsin.

According to the details, Dell will deposit $1.5 million of the $3.35 million into an account for the payment of restitution to consumers (and yes, the attorney's fees and legal costs outpace the settlement to the consumers once again!)

The Massachusetts AG's website posted this explanation: "Today's settlement resolves allegations by the States that Dell misled consumers about financing terms; failed to pay rebates in a timely manner, if at all; and failed to provide prompt repairs and other customer support that Dell promised to its customers. The representations occurred both verbally via telephone customer service and in writing on their website. "

Even though only 34 states participated in the group action, other states have also settled with Dell, including Texas where Dell is headquartered, so check with your state's Attorney General's website to determine if you are eligible and for instructions for downloading forms and filing a claim.

If you made a purchase from Dell after April 1, 2005 you must fill out a claim form and provide supporting documentation to be considered as a claimant.

Eligibility for restitution includes one or more of the following:

A problem with a Dell financing offer

A problem with a Dell rebate

A problem with Dell financing

A problem with a Dell repair, warranty or servicing

Filing a claim does not necessarily entitle you to restitution and having supporting documentation is not critical when you initially file the claim, however, the more documentation you have to support your claim (receipts, e-mails, phone records, etc.) the better your chances of getting some sort of restitution.

The restitution will be based on out-of-pocket expenses, not your original purchase amount. If, for example, you had to pay a third party to perform service for something that Dell should have covered but refused and you have the documentation to support your claim, you may be eligible for reimbursement of the third party expense.

If the total amount of eligible claims exceeds the settlement amount, then those qualifying will get a prorated amount based on the total number of claims.

If you believe you qualify for restitution, I would highly recommend that you file sooner, rather than later as the logistics of getting the supporting documents reviewed could become an issue if you wait until the last minute.

The deadline for filing a claim are those postmarked by April 13th, 2009.]]> ken colburn, brandon disney, data doctor, ktar Fri, 16 Jan 2009 10:23:52 +0700 http://datadoctors.com/help/questions/question.cfm?id=21699 http://datadoctors.com/help/questions/question.cfm?id=21698 Anti-virus/anti-spyware programs as well as firewalls are of no protection if the user of the computer decides to click on links that generate malicious code or download and run questionable files.

The user's interactions can easily override the installed protection and in some cases, actually disable your protection programs, but make it look like they are still running.

The fake antivirus program scams actually started last year as "Antivirus 2008" and it was so successful that it lives on as many variations including "Antivirus 2009". A clever author of malware discovered a sneaky way to fool folks into installing malicious software into their computers, THEN extract money from them by posing as a legitimate program for removing the malicious software.

The reason that this approach has been so successful is that they very closely mimic Windows warning screens and legitimate antivirus programs. Virtually every legitimate antivirus company has a product called Antivirus 2009, which further confuses the uninitiated.

The most common ways to come in contact with this infection include maliciously coded websites that popup a warning message that you are infected, e-mail messages that trick folks into clicking on a link, websites that claim you need to download software in order to see a posted video and links or downloads that are spread through social networking sites such as MySpace and Facebook as well as all of the Instant Messaging systems.

At this point in time, any form of popup or error message that refers to Antivirus 2008 or 2009 (including System Antivirus, Ultimate Antivirus, Vista Antivirus, Pro Antivirus or XP Antivirus followed by a number) should be considered extremely suspicious.

If you ever see any reference to a virus that is not specifically from the product that you have installed in your computer for protection, you should consider it to be a fake (Windows, itself won't ever alert you of a virus infection).

In the same token, any website that claims that you need to download a new video program or "codec" in order to view a video should be considered a threat.

Users of file sharing networks are at a high risk of contracting malicious software as it's often hidden within what appears to be a legitimate program (referred to as a Trojan).

The writers of malicious code count on users that are not really paying attention and at this point, they are fooling people by the millions around the Internet. This type of infection is amongst the worst that I have seen in my 20 years of servicing computers.

Getting rid of the code once it has infected your system can be very involved and is different for the various versions of the infections, so don't attempt this without help if you are a novice.

Start by identifying the exact version of the malware that you have and placing it in quotation marks followed by the words 'removal instructions' in Google (Ex: "Antivirus 2009" removal instructions).

WARNING: There are so many people infected with this family of malware that many new scam programs that claim to specifically clean the code have popped up. Some appear to be free programs that will only scan your system for free, but charge you to remove the code and often they don't even do that properly.

Since there are so many different variations of this infection, the exact steps are going to be based on the exact version of the malware that you have.

In our service business, we use a combination of several manual detection and removal processes (again, based on the exact version of the infection) along with multiple scanning programs to ensure that all potential re-infection avenues (temp files, restore points, modified dll files, etc.) have been removed or restored.

Depending upon how long and which version of the malware you have, you may also need to run a Windows repair after you remove the code as certain Windows files can become corrupted as a side effect.

If you know how to work with the Windows registry, operate in Safe Mode and have a current backup of your critical files, you should be able to find instructions online for removing the exact version of the infection that you have.

If not, consult a tech savvy friend or a professional as removing this infection properly (so that you don't re-infect) is not for the novice.]]> ken colburn, brandon disney, data doctor, ktar Thu, 8 Jan 2009 14:50:16 +0700 http://datadoctors.com/help/questions/question.cfm?id=21698