My daughter got an offer at a song lyrics website that had a pop-up, and as
always she clicked âcancelâ to get rid of it, then it came back that she had
accepted the offer because clicking âcancelâ was to accept the offer! Now we
are having problems with the computer, especially application hangs. Did we
download spyware or adware inadvertently? So how can we remedy the situation?
Just an FYI, I cannot believe what tactics some of these websites will go to to
gain access to your PC. Shame on them!
Shame on them, indeed.
Yes, I think itâs very likely that your daughter â trying to do the right
thing â inadvertently allowed spyware onto your machine.
And yes, sometimes a cancel button isnât a cancel button at all.
While itâs possible to tell the difference, itâs not always easy.
]]>
Quick, without spending a lot of time studying them, if one of these just popped up at you would you be able to tell which is real and which is fake?
At first blush theyâre very, very similar. In fact, if you saw either one without the other to compare to, you might never even question it.
But question it you should, because thatâs exactly what spyware authors are counting on.
The first is an actual Windows XP confirmation dialog.
The second is an example of a fake. Itâs not a confirmation dialog at all, but a web page that has been carefully crafted to look like a confirmation dialog.
Now hereâs where it gets more devious. Since itâs a web page, the author of that page can pretty much have it do anything no matter where you click. It may look like there are âYesâ and âNoâ buttons, but in fact the page could be authored in such a way that both mean yes, or that even clicking anywhere on that popup at all could mean yes.
So youâre surfing along, you get this popup where the obvious answer is âNoâ, you click âNoâ and the popup treats it as if youâd clicked âYesâ, or does something thatâs completely unrelated â like direct you to porn, or initiate a download of spyware.
Itâs the later scenario that is the most troubling, and in fact the reason that spyware vendors do this at all.
Letâs say that the popup didnât ask about deleting âAll Your Workâ, but rather said something like âA virus has been detected, would you like to remove it?â
By posing as a Windows confirmation dialog, the spyware attempts to gain your trust. You think itâs Windows asking you something, you click on the button and then it asks you something again â like âare you sure you want this download?â. And because you think itâs Windows asking, and because it had asked a reasonable question to begin with, you say yes again.
And youâve just allowed spyware to be installed.
Shame on them, indeed.
There are many more scenarios that might not be as obvious, but this is one of the most basic: popups that attempt to fool you into thinking that theyâre not popups at all, but important messages from your system.
What can you do to avoid this?
It boils down to a three-pronged approach. And even though it shouldnât really be necessary, two of those prongs boil down to learning what to watch out for.
-
Technology: A good anti-spyware package with its real time protection enabled is a good start. So is making sure that you have a popup blocker enabled (fortunately theyâre now built into most web browsers).
-
Visual Characteristics: Look at those two dialogs above again and youâll see that the title bars â the blue areas at the top of each â are different in several ways. The most telling, perhaps, is that in the fake dialog you can see my browser â Mozilla Firefox â attempting to identify itself. More accurately system alerts typically do not have icons, and almost never have the Maximize button (the center of the three buttons on the far right of the title bar). There may be more characteristics youâll also come to see as âsuspiciousâ over time as you start to notice more of these attempts at fakery.
-
Behavioral Characteristics: Perhaps the most important, and the most reliable, is to develop a sense for when popups like this are unexpected, and therefore suspicious. After you surf the web for a bit and use your computer for a bit certain behaviours will start to stand out. Visiting a new web page, for example, by itself shouldnât result in a âvirus detectedâ warning â since thatâs not when virus detection happens. When you download something, yes, thatâs when your anti-virus toolâs real time protection would kick in, but just visiting a new page should not trigger this type of notification. Again, over time youâll get a sense for whatâs reasonable, and when.
I also realize that you started this by saying âmy daughterâ ⊠and that of course makes these last two items so much more difficult. Without knowing her age or expertise, it might not even be reasonable to expect her to learn these types of nuances (and they are admittedly nuances).
Thatâs when you rely most heavily on your anti-spyware software, good local network security, and of course a good backup regimen to help recover when the inevitable happens.
Which leads to the final point.
What do you do once youâve got spyware?
Sadly the news isnât much better than it is for viruses.
-
Try your up-to-date anti-spyware and other anti-malware tools to see if they can remove the infection.
-
Try a System Restore to a point prior to the infection.
-
Look for manual removal instructions out on the web specific to the infection you have.
Failing any of that there are only two approaches that are absolutely guaranteed to remove the spyware:
-
Restore from a full-image backup taken prior to the infection.
-
Backup, reformat and reinstall.
Fortunately in many cases, there are tools out there that can remove most common spyware, though it may require a little searching.
To close the dialogue without clicking Accept or Cancel hold down the Alt Key and press F4.
Should work on most windows/popups.
I used to click on the cancel button in the middle of the pop-up simply assuming that it meant what it said. Luckily in those cases it only opened another web-site offering a fak antivirus program or something similar. But if you click on the X in the upper right hand corner, that will really cancel the window as that X is put there by Windows (or what ever OS you are using, Mac puts it on the left)
Shortly after my last comment here I got on of those pop-ups. I use the Web of Trust http://www.mywot.com plug-in which gives a user rating of web-sites.In the case of aa website having a poor rating, the web site opens witn a warning that it is a site reated insecure by MYWOT users. When that happens I simply clost that tab or window. I highly recommend it.
Like Mark said, safest thing is to close the pop-up via X, not clicking buttons. Or have good pop-up blocker.
As far as virus warnings go I tend to ignore windows that simply pop up out of nowhere. I know which anti-virus program I use and how that program informs me when it detected something. Anything else itâs likely fake. If by any chance itâs a real warning then my anti-virus program will pick it up and deal with it anyway.
Be careful of just clicking on the X⊠there are some popups that are overlays and/or chromeless windows that have it that even if you click the X it still will act like an âacceptâ action. I find it better to just close the browser tab or window.
I found it amusing / ironic that whilst reading this page I got Leoâs âop-upâ asking me if I wanted the newsletter!! :-)
I wouldnât risk clicking the âXâ safest bet is doing a ctrl alt del & closing from the task manager.
use Ctrl+W or the âxâ on the browser Tab and then you do not have to click anything within the open Tab
As I do pc repair for a living, Iâve often seen spyware and virusâ attack this way. One of the worst is the â360 Virusâ, in which the pop-up looks almost exactly like a Nortan 360 Internet Security screen. Clicking on ânoâ, or even the red âXâ in the top right corner will download the 360 Virus, which can wipe out your pc in no time. What I do when I get such a pop-up is to just reboot the computer (without closing the browser). Do not click anywhere on the pop-up at all, as any part of it can be programmed to download a virus.
Hi, The only really safe way to close these Popup without harm is to close the window thru ALT + F4 keys sequence. there is no guessing as to where or how to click, the window is cancel period.
I was recently âattackedâ by a very genuine looking Cyber Security offer on my work computer. I tried to reject it but it still got onto my system somehow. Any further attempt to use Internet Explorer to access a regular work related site,met with a notice saying âThis site has been reported to Microsoft as suspicious âŠâŠrecommend its use be discontinuedâ. Spybot Search & Destroy was used to find and remove it.
I see several ways to deal with suspect sites in the above comments. Which one is best/safest?
common sense works well â before clicking or allowing pop-ups. but pop-ups should not even come up most of the time. try playing with security/pop-up settings in firefox (or whichever browser).
if i get a pop-up i click red cross (explorer window) or alt+F4 either way its gone.
I find the best way to get rid of these popups is to open task manager, find the popup and kill them that way. No restart of the computer needed (as suggested by Dave)
Yes is the answer. The thing is, the popups are hand coded, as part of the javascript and itâs very very easy to create a popup box where both the yes and no buttons do the same thing. However, the top right hand âxâ canât be hand coded and is hard coded into java itself. Clicking on that will close the dialog box.
Richard Tanfield-Johnson
Web Designer @ IT-Green
I just faced the problem with chrome (which I always thought had a built in pop-up blocker).
Anyways, there was no red button in the upper corner for me to close it down.
So I tried to close the tab with the cross (x) on the tab⊠Even that did not workâŠthe pop-up did not allow me to close the tab⊠it was of an annoying company (mackeeper or something like that) telling me to clean my mac⊠Hell NO!!!
But I found a solution to get rid of that nonsense:
I dragged the tab away from all other tabs. So it openened as in a single new windowâŠ. and tadaa!!! there was the red button in the left upper cornerâŠ. Gone was the SPAM pop-upâŠ
hope it works in other browsers as wellâŠ
cheers