My desktop background has disappeared and been replaced with some
kind of warning, and I’m getting some kind of message that my computer
is infected. I recall some kind of earlier message from Microsoft about
“anti-virus” which I told it to go ahead and do, and now I can’t get
rid of these. What do I do?
The above question is actually a distillation of a friend’s phone
call, followed by what I discovered after a fair amount of research once
he brought his computer to my home.
Yes, my friend’s computer was infected by one of the latest nasty
viruses to make the rounds.
Let’s see what we can learn from the experience.
The first clue is a subtle one: “some kind of message from Microsoft”. Unfortunately, I don’t have an image of that message, but it’s where I believe the problem went from bad to worse. He probably followed the instructions presented by that message.
Here’s the deal: anyone can pop up a message that can be made to look like it came from Microsoft. Just like phishing attempts can make emails look like they came from your bank, it’s actually very easy to create a pop-up message on your machine that looks very official and very important … and totally bogus.
There are typically two types of these messages:
Browser Popups – these message are nothing more than web pages, or single images loaded from a web page, made to look like some kind of error or warning message. Most of the time they’re easy to identify because a) they pop up as you’re browsing, and b) the “title bar” across the top of the window includes the phrase “Internet Explorer”. For example, even when visiting Google.com, the title bar still includes the browser name:
If you get a popup message that includes the browser name in the title bar, chances are you’re simply looking at a web page designed to look like an error message, nothing more, nothing less. (Note that the address bar – with http://www.google.com in it in the image above – need not be present.)
Application Popups – these are more difficult to identify on sight, because they’re generated from applications actually running on your machine. Applications can easily create popup messages or windows that look like anything they want them to. The worse news here is that if you’re getting a bogus message from an application already on your machine – well, it’s already on your machine; you’re infected.
There’s another aspect to identifying bogus messages on your machine, and it’s frighteningly easy, and yet frighteningly easy for malware creators to fix should they ever get a clue.
Most malware messages suffer from very bad English, in both spelling and grammar.
Here’s (most of) a desktop warning that was present on my friend’s machine when I first saw it:
As almost any English speaker can see, the grammar is absolutely horrific in this case. It’s clearly not written by an English speaker, and is thus highly suspect. No legitimate company should ever produce a message that awful.
Similarly, the popup warning that was appearing at the same time:
Again, horrible English, and totally bogus. OK, not totally bogus, in the sense that it’s actually accurate: its very presence is the infection.
The problem is that clicking on these messages may cause more malware to be downloaded, or may take you to sites that offer to sell you a solution and either do, or perhaps don’t, but collect your credit card information anyway.
So, what’s the take-away from all this?
Be skeptical. Always.
If you get an error message you’ve never seen before and don’t understand, don’t blindly follow its instructions. Check it out first. Try to get a sense of where it came from. Try searching for the exact message text – Google and see what others might be saying. Ask someone. Learn the difference between a well-disguised web page and a real error message. Get familiar with your own anti-malware software so that you’ll recognize it when you see it.
But be skeptical.
Particularly if the message is in broken English.
I’ll address the specific steps and software I used to (hopefully) clean up this machine in a future article.