If you’ve seen a message on your computer saying something like “Warning! You’re in danger!”, “Windows has detected spyware infection!” or “Your computer might be infected with spyware or adware !!!” then you could be the next target for a sting.
These messages are produced by malware (more specifically a trojan) that installs itself on your computer and then tries to scare you into buying fake anti-spyware and PC cleaners. No windows process or software from a legitimate vendor gives you a warning message and then tries to push you into buying a particular product.
The recommended products are either useless fakes or just install further malware and advertisements – but they try and get real money from you along the way.
So just to recap, this malware installs itself on your PC, nags you with fake warnings to buy a worthless piece of software that does nothing or further compromises the security of your PC (for example, some of this malware reduces the security of Internet Explorer by changing the settings and disables the windows task manager, so you can’t shut down rogue processes).
Well, now you know that these warnings are fake, you know you shouldn’t buy the software.
Unfortunately, the malware that generates the warnings is very persistent, intrusive and difficult to get rid of. In some cases, it will produce a fake Blue Screen Of Death (usually a screensaver) or change the desktop background to a big, ugly warning and then disable Desktop Settings, so you can’t remove the warning. So what should you do?
You should realise that it will take some persistence to get rid of the malware but step by step you can reclaim your computer.
While you are looking at how to remove the trojan, malware or adware, you should take some steps to ensure it doesn’t happen again. A lot of this type of malware made use of weaknesses in Sun’s Java Runtime Environment (most especially version 1.5), so make sure your Java is up to date.
The next most popular route is through flaws in the Windows OS, now I know you’ve heard this before, but please make sure you download and apply Microsoft’s critical updates.
Another, less orthodox route, is a fake codec for a video. Ever tried to open a video file in Windows Media Player and have it say it doesn’t understand the format and do you want to download a codec that can play the file? Unfortunately, that facility was open to abuse and there were a lot of fake files put out with the sole purpose of tricking a user into downloading a fake codec that was really just malware. Of course, the fake video file would be named something like “Angelina Jolie – nude movie”. Something that a lot of people would really want to see and be willing to go through the trouble of getting a codec for. Of course, when they get the codec, they’re stuck with nasty malware and a clip of pure garbage.
To remove the spyware, you will need a good spyware remover – I recommend you avoid any of the following as they have all been associated with being promoted via malware or are regarded as being fakes – AdawareDelete, AdwareBazooka, AdwareSheriff, AlfaCleaner, Amaena, Antivirus Pro, BreakSpyware, CurePcSolution, DriveCleaner 2006, ErrorSafe, ExpertAntivirus, PerfectCleaner, SpyAway, SpyCut, SystemDoctor, SystemStable,WinAntiVirus, and Winfixer.
For a step by step guide to spyware removal, and a discussion of spyware tools please visit my Squidoo Lens, featured below.
After removing the spyware, use CCleaner from Piriform to clear up any mess left behind. I suggest you hunt around on their site for the portable version.
If you find that you still can’t perform certain normal actions like access the task manager or change your desktop settings, then I suggest that you use the fixpolicies tool written by Bill Castner at malwareremoval.com.
After that, I hope that you will keep safe by updating critical system components, as recommended above and make sure you have an up to date browser and firewall.