Scareware infections are malicious pieces of software which pose as legitimate anti-virus programs. It is the simplest type of ransomware also called as deception software and the purpose is to frighten people into purchasing and installing it by bombarding you with alerts and pop-ups.
Scareware will attach themselves to infected websites and will ask you to scan your computer to remove potential infections. If you choose to scan the machine the virus will activate.
Scareware, which generates pop-ups that resemble Windows system messages, usually purports to be antivirus or antispyware software as shown below:
Scareware has become a multimillion dollar scam business, and thousands of users fall for this online scam every month. Scareware scammers use fake versions of virus alerts and other system problem messages. These fake screens are often very convincing and will fool 80% of the users who seem them.
Some examples of Scareware Attacks are:
- Accessing your credit card: scareware will deceive you into paying money for fake antivirus software.
- Identity theft: scareware will surreptitiously invade your computer and attempt to record your keystrokes and banking/personal information.
- "Zombie" your computer: scareware will attempt to take remote control of your machine to serve as a spam-sending zombie robot.
Preventive measures against Scareware:
- Use only a legitimate antivirus/antispyware product.
- Read email in plain text than in HTML Format.
- Never open file attachments from strangers
- Be skeptical of any online offers, and be ready to close your browser immediately.
- When you see any pop-up window, then press Ctrl Alt Del keys on your keyboard to access the Task Manager > Application > highlight the offending web page in the Task Manager > click End Task. This should shut the web page down. If this does not work you can try and log off, or restart the machine. Do not click the pop-up box at any time as the Scareware may install.
Removal of Scareware Infections:
Unfortunately, unless you know what to look for you may have already been infected by Scareware. If this is the case, perform the following:
Firstly, you may notice that you are unable to access the Internet. This is because the Scareware, changes the Proxy settings on the web browser. To resolve this, go to Internet Explorer > tools > internet options > connections > Lan settings, ensure that you check the ‘auto detect settings’ option there rather than ‘use a proxy server for your Lan’.
Secondly, we need to stop the virus from running in the current Windows session, we can use Rkill for that which is a simple program that runs when double clicked and automatically terminates many of the malicious processes associated with the Scareware.
Finally, you should download Malwarebytes, install and update it, and run a full scan. If you are unable to download the files above because the Scareware will not let you connect to the Internet, you can download them from a clean machine and copy them across using a USB stick or other portable media.
- Sometimes, you may also need to start the machine in Safe Mode if you find you cannot stop the Virus in Normal Mode. Restart the computer and tap the F8 key repeatedly as soon as the machine starts to boot. This will bring up a Startup Menu. One of the options will be Safe Mode with Networking, use the Arrow keys on the Keyboard to navigate to Safe Mode with Networking and press the Enter key to select. Repeat the steps above to try and remove the Scareware once the machine starts in Safe Mode.
We should be aware of late viruses and malware that hit the market and we should learn how to scan and remove those in order to keep our gadgets safe and secure.
Authored By - Suryabhargav R
TCS Enterprise Security and Risk Management
Rate this article: