Some sites are full ads, banner, pop-ups.
Eventually you will click on one of those undesirable ads.
The result of this click is some times a new self called Anti-Virus installed on your machine.
Some may seem pretty real. Software simulate scans of you computer files. Alerts you to a possible danger and infections.
So how can you check if this software is real? Here are some hints to help you.
- Did you installed this new software by yourself? Did you buy this new software that is running in your machine? Did you downloaded a new antivirus from a secure site and installed it in your pc? If the answer is no you are most likely infected with some kind virus.
- Real Anti-Virus Software proudly publishes their company or product name in the software. Check this new so called antivirus for product or company names. If the product/company name does not ring a bell it's most probably a virus itself.
Here is a list of some real antivirus: AVG, Avast, Norton, Kaspersky, Trend Micro, McAfee. This list is for sure incomplete. If you have any doubts about the software just go google it. Be sure to type the exact name on the software. Open the company page and check the content. Check for solid info about removing virus, product details, partners, etc. If still not sure google again in forums or computer science related sites for opinion about this product.
So if you are infected, how can you remove this software?
This type of virus had some evolution. Their first appearances were simple windows that would redirect you to a website with the intention to sell their "fish". Some would block the whole screen with a message.
I named this Chapter 1 because some of this software has new undercover functions. New variants added some functions like disable Administration.
I you have a simple software variant of this virus on your computer it's quite simple to resolve. Follow the next steps to clean your computer:
- Reboot you Windows to safe mode. To reboot Windows to safe mode press F8 on computer startup.
- If you are still using Windows XP immediately after startup you will be prompted to start system restore. If you are using another Windows version search for "System Restore". This will guide to a wizard that will help you in the process. The goal for this is to set you computer as it was on date before your infection. So be sure to choose a date prior to infection.
- After System Restore you will be prompted to reboot you system. Startup you computer in regular mode. If the unwanted software disappeared you still should do some additional steps. Go to Step 7.
- If system restore did not solve your issue you will have to struggle a bit more. Usually this software is located in the temp folder or application data folder. Search for your user folder in your system drive. If you are still using Windows XP it should be Documents and Settings\[user]\Local Settings\Temp. If you are using using other newer version of Windows it should be Users\[user]\Local Settings\Temp. After you find this folder delete all content.
- Locate folder Application Settings. In Windows XP "c:\Documents and Settings\[user]\Local Settings\Application Data" on other Windows "c:\Documents and Settings\[user]\Local Settings\Application Data". Locate executable files (with extension .exe) in this folder and all subfolders with odd names. Like A00001.exe. Rename suspicious files changing their extension. By changing the .exe extension, Windows does not know what to do with that file when it's called. Example rename file A00001.exe to A00001.zzz.
- Repeat steps 4 and 5 for all other existing user profiles on your computer.
- Go to Control Panel and Internet Options and delete all history, temporary internet files and cookies.
- If you have other browsers installed, like Google Chrome, Mozilla Firefox, Safari, etc.. look delete browsing history. On Google Chrome and Mozilla Firefox press Crtl+Shift+Del and clean all browsing history.
- Scan all files from your computer with a real anti-virus.
The war against computer virus is never won. It's a daily battle. For sure this post "Chapter 1" will be completed or revised in the future considering new virus evolution and features.
I hope this post helped you with your issue.
You are welcome to complete or comment this article.
