Rogue Antivirus Programs

One of the most important subjects in computing today is virus and spyware infection. The amount of lost productivity, time and expense with even one infection can be extensive, due to the continually-evolving nature of malware. Several very intrusive “rogue antivirus” software packages exist that can seriously affect the operation of your desktop or laptop. These fake antivirus programs are installed through “drive-by” web pages and bogus missing video codec messages. Once installed on your machine, these programs, a partial list of which is here, will seriously affect the operability of your system, lock the installation of new software and redirect your browsing, making it nearly impossible to use your PC. Most antivirus software WILL NOT prevent these programs from installing if you click on an infected link. Even after “purchasing” the software, the messages and changes that the program has wrought will not cease, and will eventually damage the operating system and render it unusable, requiring a full reinstallation. A typical rogue antivirus infection can severely affect productivity and can take hours to research and sometimes more than a day to remove correctly. In some cases, they cannot be removed once they have infiltrated an infected machine with hundreds of randomly-named files in an attempt to continue installing themselves.

There are, however, certain good practices an internet user can follow that will ensure that these programs do not attach themselves to their PC. First and foremost, DO NOT install anything that seems to be for free or wants to scan your PC for free. A common scam is to notify you through a popup that your PC is “infected” and you should initiate a scan by clicking OK or SCAN. Once this “scan” is completed, you will most likely have let the rogue software install itself on your PC, whereby you will then be told that to clean the infections you must purchase the software. Unfortunately, by then you’ve been had, and the software will continue to propagate and annoy you ceaselessly until you do something about it. Even after “purchasing” the software, it will continue to tell you that your machine is infected and will eventually start to damage your system files.

Secondly, DO NOT install any “missing video codecs” on your PC. This is also a ruse to get you to click on a link which will download a small .exe file to your PC and begin the infection process. If you do happen to come across a website that is telling you that you’re infected or to install a codec, click on the red “X” (close) icon on the popup until it goes away. DO NOT click “cancel” and DO NOT click “OK”. If all else fails and you cannot seem to close the popup, hit CTRL-ALT-DEL and look in PROCESSES for iexplore.exe. Highlight it with a single mouse click and then click “End Process”. This will ensure that your browser closes completely and you are away from the malicious site. In many cases, popup blockers do not work with these websites, as rogue software is very slick and professionally-written. It has been reported that an actual team of cyber criminals are behind the development of these programs and it has furthermore been speculated that over 200 million dollars has been made on these rogue programs in just one year. A very lucrative business, hence the large number of web sites that will attempt to infect you.

How to clean the infection once you have it: It is very difficult to remove a rogue antivirus program once you have been infected by one. It will continually try to reinstall itself and will create randomly-named files that are tough to spot and tougher to delete since they will be in use by the system even if you can find them. If you have installed a program such as Malwarebytes, a completely free malware removal tool, before you have been infected, you will be able to remove it. Once the computer is infected, it will direct you away from antivirus websites and prevent installing new programs, and will sometimes prevent antivirus programs even from running, and you may need to rename the antivirus progam’s .exe file to allow it to run correctly. This is why it is imperative that these infections be prevented in the first place. Searching the internet (on a non-infected computer) once you have been infected, for the name of the malicious program will return a wealth of information on the program and how to remove it. Unfortunately, most rogue antivirus programs must be removed manually, making it very difficult for the average person to do so, which only reiterates the fact that you must be diligent in keeping these programs off your home and business PC’s. So, remember, DO NOT install anything to your PC from a web page and DO NOT click on any strange links or popups. Diligence in this will keep you virus-free and you’ll have a lot less headaches.