Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is this message that I'm infected a hoax?

Question:

I wonder the about the origins of viruses. I mean, are things detected as
viruses really viruses, or its just a way for anti-virus software to make us
feel good about running their products? Or perhaps the anti-virus companies
also make the viruses, so that we have a need for their product? And could the
scanners get confused by other problems that are mis-identified as viruses?

There's a gut instinct to react to this question by saying "boy, you sure
are paranoid". I mean, the question implies some heavy-duty conspiracy is at
play.

The problem is that, as with any fear, there's a grain of truth to it. That
means that if you ask me "is this 'you're infected' message a hoax" the best I
can offer is "maybe".

We need to check a few more things before we can really say one way or the
other with any certainty.

Let's look at a few of those things...

Become a Patron of Ask Leo! and go ad-free!

First off, if you are running a legitimate, name brand, anti-virus program,
and it tells you that it has found a virus ... then it's not likely to be a
hoax, and you most likely do have that virus on your machine.

So, what's a "legitimate, name brand, anti-virus program"? There are several
clues that you can use:

  • It's recommended, or at least discussed, by more than one tech or
    software recommendations resource. Obviously I make mention of several anti-virus programs,
    but I'm not enough. You should be able to find similar mention or
    recommendations other places as well. For example computer magazines are a
    great place for periodic software reviews. Even Microsoft has a page listing
    Anti-Virus Software partners. Any
    of those can be considered "legitimate".

  • It's available in more than one place. If you see it on the shelves of your
    local computer store, or you an purchase it on-line at places like Outpost.com
    or Amazon.com, then you can consider it "legitimate". You can buy it wherever
    you like, but the fact that it's available in multiple places gives it much
    more legitimacy.

  • If you've never purchased it, and you suddenly get a pop-up that says "you
    might be infected! Buy this software to protect yourself!" it's probably
    not legitimate.

That last one is particularly important, and leads to my next point.

"If the 'solution' involves downloading or purchasing
more software, don't do it."

Some less-than legitimate software vendors have taken the approach of trying
to scare you into purchasing their product. You might get that message "You
might be infected!", or worse "You are infected!", as a popup in your browser
or elsewhere. If the "solution" involves downloading or purchasing more
software, don't do it.
Especially if you are already
running anti-virus software, and especially if the message doesn't look like
anything a message from your anti-virus software. That is a hoax.

It's almost a form of phishing - the vendor is presenting a sales message
that looks like an error message, but it is not. Don't click on the
message - even if it looks like it has an OK, or "No Thanks" or any other
kind of button in it
. Why? Because those buttons are often fake and lead you
to the vendor's website whether you want to go there or not. Click on the
little "x" in the upper right corner of the message window instead, to close
it.

What's important here is that you need to be able to tell the
difference between a legitimate alert popped up by your anti-virus software and
a fake warning showing up elsewhere. Two quick tests:

  • Your anti-virus software will include the name of the anti-virus software
    (which you should recognize - you should know what package you're running on
    your machine). The fake will not, or will have the wrong name.

  • Your anti-virus software will not pop up a message in a browser window.
    (ALT+TAB, and you'll see the icon for your browser, say Internet Explorer or
    Firefox, and not that of the anti-virus software.) Many hoaxes do, as you are
    browsing the web.

So if there are some folks out there who are using these slimy marketing
tactics to scare us into buying their product, could they in fact also be
writing viruses that only their package can remove?

The answer is an emphatic "No" for all the legitimate
makers of anti-virus software listed above. They would instantly lose all
credibility once discovered.

The answer is also a reluctant "Yes" for the scam artists out there. There
have been cases of viruses written in order to sell the solution to the
specific virus. It's occasionally referred to as "hostage-ware". You are
infected, and your machine is held hostage until you purchase the specific
solution. The good news is that this never lasts very long. The legitimate
anti-virus vendors quickly add each new virus to the list of those that they
catch as well. If you're already running a good anti-virus program, then you'll
typically need do nothing but stay up-to-date with its database updates.

Can an anti-virus be fooled? Of course.

Occasionally an anti-virus program will alert to a virus that isn't actually
present - it's called a "false positive". Legitimate anti-virus vendors move
quickly to update their definitions so as to remove these when they are
detected.

Similarly, viruses are constantly trying to hide, and slip through the
anti-virus scanners. And again, the vendors are constantly on the alert for
when this might happen, and update their definitions accordingly.

That's one of the many reasons that keeping your anti-virus program's
database of known viruses up to date is so critically important.

One last point I do want to make is this: anti-virus programs rarely say
"you are infected", but rather something along the lines of "I found this
virus". The difference is subtle, but important.

A virus can exist on your machine, but not be "installed" or activated. A
good example is an executable file that you've downloaded which contains a
virus. It exists on your machine, and the anti-virus software will catch it,
but you are not actually infected.

Once you run the executable, and the virus also has a chance to run, that's
when the infection actually occurs.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

1 thought on “Is this message that I'm infected a hoax?”

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.