We’re seeing a rash of Internet Antivirus 2010 and Security Center malware
installations in customer computers. Do you have any information concerning
where these infections are most likely coming from (email, web browsing, etc)
and what are the best recommendations for catching infection attempts before
they wreak havoc?
Hi Leo, Can you please tell me what is this “Vista Spyware 2010”. It seems
like an unwanted program and shows me messages every now and then claiming my
system is infected and I should subscribe their software.
What they are is pretty easy: malware.
As these two questioners point out, there’s been a rash of infections
related to both of these two. In fact, it’s looking like an annual event, since
we seem to have seen an “antivirus 20xx” every year for the last few years.
The good news is that they’re fairly easy to prevent with a little diligence
on your part, and several reputable anti-malware tools will also remove
These forms of malware typically arrive due to clicking on a misleading popup window or advertisement while browsing the web.
That misleading message is using something along the lines of “a virus infection has been detected, click here to download a free removal tool”. That popup is simply a web page and nothing more. It also lies: no scan was performed, and no infection was detected at all.
I’ll repeat that: the popup lies – your machine is not infected. Yet.
The whole point, of course, is to fool you into clicking on the popup to download the so-called removal tool. That removal tool is just the opposite: running it is what infects your machine. (I use the example “removal tool”, but in fact the popup could refer to just about anything that might entice you to click on it. The result is the same: infection.)
Prevention is actually pretty straightforward: don’t click on anything that claims to be a malware alert unless you’re certain that it’s from the software you have installed on your machine.
That implies, of course, that you know your anti-malware software, and learn to recognize its messages. Any anti-malware tool is going to include its name in any message that it displayed. If that name is not present, then it’s very possible that the message isn’t from your installed software at all, but a malicious popup.
Naturally, it’s important to have anti-malware software running so that – hopefully – that software can catch the attempted infection even if you do click on the link. The problem here is that not all anti-malware software will catch all malware, and malware is constantly changing and evolving so as to avoid detection. The best defense is your own good understanding.
(Normally I’d also say to make sure that your browser is configured to block pop-up windows, but in fact most are by default, and even so there are popup technologies that are often quite difficult to block.)
Knowing You’re Infected
Being infected looks a lot like the scenario that got you infected in the first place.
Typically, the malware will present you with repeated pop-ups telling you that you’re infected (which by now you are). The messages will indicate that in order to remove the infection you need to purchase a specific program. Naturally, that specific program will likely not work at all, but you won’t find that out until you’ve spent the money, or worse, handed over your credit card information.
Don’t do it.
It’s a simple as that. If your machine is infected, don’t follow the instructions of the virus. You’ll only make things worse – possibly much, much worse.
If you search the web for things like “Antivirus 2010 removal” you’ll find several sites that have explicit step by step removal instructions.
However, there’s a good chance that those are unnecessary. Naturally, since this is a fairly common infection, many of the major anti-malware tools are racing to keep up. In particular, MalwareBytes Anti-malware has a pretty good reputation for being able to remove these pests.
So that’s the path I would take:
Avoid getting infected in the first place
Make sure your anti-malware software is up-to-date, and run complete scans – it may remove the infection.
Use a tool like MalwareBytes Anti-malware to attempt to remove the infection
Search the web for specific removal instructions and follow them carefully.
Finally, if all else fails, there’s my prior article: How do I remove a virus?