Okay, I usually don’t do posts about technical computer stuff, but I want to make sure to spread the word about this one because it’s REALLY, REALLY sneaky. It almost got me.
It’s called XP Security 2012.
It gets onto your computer and installs itself without permission, then it shuts down all virus-check programs and runs itself at start up. It looks like a Microsoft Anti-Virus program. REALLY looks like it. No broken English, all the right icons, appropriate fake websites, everything. It’s scam is that it runs a “scan” on your computer and tells you that you’re infected with a bunch of viruses. Then it has a button for removing the viruses, which redirects you to a page where you are asked to purchase a copy of the “virus protection” software. So, that way they get your credit card number. If you click, “Remind me later” it will nag you to remove the problems or “continue unprotected”. Very heavy-handed virus protection, huh? Then, whenever a program tries to use the internet, it blocks it (giving you a “helpful” message alerting you to this and claiming that the program is infected). Often it will block the program from running entirely. Everything except a browser, of course, which it needs to keep working so you’ll finally give up and give it your credit card number.
I have this one on my laptop. Man, it almost got me too. I only didn’t give in because I was pissed at the idea of having to spend a bunch of money AGAIN to get the stupid computer clean. Well, I do need to spend more money, but not with that program. I talked to ComputerMan in Olathe (the shop I always take my computers to) and they said that they’re getting A LOT of these and it’s takes about 4 hours to get it cleaned off. It’s really convincing and they’ve had a bunch of customers admit that they gave the thing their credit card number, not realizing it wasn’t legitimate. I came VERY close to doing the same thing.
So, BE WARNED!
Here’s an article with more information:
2 thoughts on “VIRUS ALERT! This is a sneaky one!”
Over the years there have been several versions of the “Security Tool” virus. It is indeed tenacious. Malwarebytes will remove enough of it so you can once again run programs. To completely remove it run ComboFix. If you are not a geekess, have someone who is run ComboFix. Cheers, Cliff
I ended up getting it a second time after getting it cleaned by a computer shop. I removed it again, then got something that kept me from being able to access windows update. So, I just gave up and restored it to it’s factory settings and reloaded everything. This time with McAfee, which I’d been using for my other computer without any problems. Hopefully, everything’s good now.
Thanks for the tip about Malwarebytes and ComboFix. I know they used Malwarebytes to clean the machine at the shop (and I used it myself when I got it a second time) but I hadn’t heard of ComboFix. Hopefully I won’t need it now. 🙂