I have MacAfee antivirus installed but still got infected by a fake security program that completely took over my computer. Should I be using something else for protection?
This question was answered on January 29, 2010. Much of the information contained herein may have changed since posting.
In the world of computers, there is currently a ‘scareware pandemic’ in play that is fooling millions of users every day.
Scareware refers to rogue programs that scare folks into doing something that, in this case, actually infects their computer.
Typically, users are initially exposed to these programs when visiting a website that is laced with the instructions to pop-up a fake warning that your computer is infected These warnings look very similar to Windows screens and cause most folks to follow the prompts to ‘scan’ or ‘fix’ the problem.
Eventually, the ‘fix’ asks the user for a credit card number, which is when most folks realize something ‘phishy’ is going on, but by that time it’s too late The second that anyone clicks on the button to ‘scan’ or ‘fix’, it instructs your computer to install the evil code in the background while making you believe that it’s scanning your computer for viruses.
It’s by far, the most common reason that we are seeing ‘patients’ in our stores throughout the country.
This class of malicious software began appearing on the Internet in 2006 and has grown at a veracious rate simply because it is an effective way of getting into your computer As of this writing, there are over 300 variants of fake security programs with new versions appearing on a weekly basis.
There is even a fake security program that calls itself ‘Data Doctor 2010’ which as you can imagine causes some confusion for our customers (we are not the authors, they simply made use of our name hoping to fool users).
Once they infect you, they can steal your credit card information, infect the machine for use as a silent soldier in a ‘botnet’ army, or install anything else that they so desire.
The reason your MacAfee antivirus didn’t protect you is that it couldn’t and neither would any other companies antivirus because you clicked on a button that told Windows and your security program that you wanted to install a program.
These malicious programs are very well written and look like any other program, like a screensaver or photo management program to your operating system and security programs.
Keep in mind, while these evil programmers are cooking up these concoctions, they have the ability to test it on every major antivirus program on the market before they launch it In other words, they can keep working with the code until they know that your antivirus program will think it is a legitimate program.
Once they accomplish that, their only task is to fool you into clicking on a button to start the process of infiltrating your computer.
This, unfortunately, is why so many people are getting infected and your antivirus program is powerless to protect you from yourself.
Most folks that get infected immediately start searching Google for a way to get rid of these programs, which exposes them to yet more scams of programs that claim they can help if you pay.
The best information for removal will be the manual registry steps to eradicate the scareware code from the core of the Windows operating system, but even those instructions can be dated in a few short months.
The authors of the malware also scan the Internet to see how folks are removing their code, then they update their code to block or evade those removal instructions, so if you are searching for help on any specific infection, make sure to refine your search to only show you results from the past week (click on the ‘Show options’ link above the search results in Google)
In the future, pay very close attention to warning screens In your case, you have MacAfee installed, so if the warning is not clearly coming from the MacAfee program, cancel the warning.
About the author
Posted by Ken Colburn of Data Doctors on January 29, 2010