Scareware? Maybe (Destroyware? Definitely)

image So, you picked up a “scareware” infection. Should you, as the name implies, be “scared”? In my experience, scared doesn’t really cut it, nor does shocked, or alarmed. No, horrified is perhaps the best way to describe that sinking feeing that occurs following a scareware infection. You’ll see why.

While it may be true that this type of malware, otherwise known as “rogue security software”, is scary, it is so much more than that. A more accurate name for this parasitic infectious software is “destroyware”, since the effect it has on a victim’s system is just that.

Rogue security software can write itself into multiple parts of the operating system, and in many cases it can hide its files, registry entries, running process and services, making the infection virtually impossible to find and remove without causing operating system damage.

Once infected by this type of malware, the chances of a safe system recovery are essentially non-existent. The installation of such malware invariable leads to a critically disabled PC. A reformat and a system re-install, are more than likely in the cards. (A good reason to have multiple partitions on your Hard Drive).

Yes, I know, there are literally hundreds of sites that will walk you through the process of attempting to eliminate this type of scourge, but simply put – if your computer becomes infected with the current scareware circulating on the Internet, you are, in most cases, wasting your time attempting to save your system.

If you doubt this, take a look at “My scareware night and how McAfee lost a customer”, in which the author (Larry Dignan of ZDNet), describes a system recovery attempt which was ultimately successful, but…..

The best advice? Have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage.

If you have become infected by scareware (rogue software), and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix – available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

When surfing the web: Stop. Think. Click

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all email attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Anti-Malware Tools, Browser add-ons, Don't Get Scammed, Don't Get Hacked, downloads, Firefox Add-ons, Free Anti-malware Software, Freeware, Internet Explorer Add-ons, Internet Security Alerts, Malware Advisories, Manual Malware Removal, Recommended Web Sites, Rogue Software, Rogue Software Removal Tips, Windows Tips and Tools, WOT (Web of Trust)

4 responses to “Scareware? Maybe (Destroyware? Definitely)

  1. Bill,

    Perfect timing on this article… I recently assisted a neighbor who called me and said he had a “little” infection LOL… That little infection required a complete recovery and hours and hours of time to get it back to a safe useable state… I attempted to clean the system and really thought I had it and then the floodgates opened. Nothing like I have ever seen before… It basically disabled everything that was security related and shutdown access to safemode… Real nasty from the underbelly of the internet.

    Rick

    • Bill Mullins

      Rick,

      Your statement “I attempted to clean the system and really thought I had it and then the floodgates opened”, says it all. Even if it appears that the infection has been removed, there’s virtually no way to be sure that it has. Even if the system appears to be functioning properly it may still be compromised – e.g. bottnetted.

      A serious infection requires a reformat, a disk wipe – since some malware can survive a reformat, and an OS reinstall. It’s unfortunate, but some tough choices have to be made.

      Actually, at the moment I’m writing a similar tale of a friend who got caught with a scareware infection because he let his Norton “trial version” expire. Where have we heard that one before?

      Thanks for commenting.

      Bill

  2. Pingback: Tweets that mention Scareware? Maybe (Destroyware? Definitely) « Bill Mullins’ Weblog – Tech Thoughts -- Topsy.com

  3. Pingback: Scareware? Maybe (Destroyware? Definitely) « Bill Mullins' Weblog … | psikopatenan