Barney's Blog

Blog archive

Mailbag: Cautionary Scareware Tales

Have you been hit by scareware? These readers share your pain. As pomised, here are their stories about how they got hit, and how they dealt with the problem:

We're a non-profit providing low-cost computers to low-income disabled and low-income seniors. The majority of our clientele are new to computers, and when presented with a big warning in large letters, they will click "Fix it!" This is a real problem, since our people have no clue as to how to remove the infection (and I've done it and it isn't easy or quick). What a pain!

I just finished a full factory restore on a friend's laptop because he clicked on a pop-up for Antivirus 2008. This "free" virus checker completely trashed his machine. Luckily, I was able to save most of his documents prior to the machine becoming completely unusable.

I am an IT pro, have been for 30 years. There is a lot to be said for the old dumb terminals that did not have Internet! Since Aug. 1, we have had 15-plus machines get the Antivirus 2008 or some variant thereof at work, and at least that many employees' personal home machines, which has earned me some additional pocket money.

But my own personal machines at home (two) also got it -- the first thanks to one of my daughters, and the second I have to take the blame for. And before I found a great tool for removal, I spent days trying to clean them up. In fact, for the one my daughter did, I accidentally deleted some files in the Windows folder that from that point prevented me from logging back into the machine, period. I had to change hard drives and make the original C drive D to be able to back up the 75GB of stuff she had on it. Another week of restoring and re-installing, and she was back up. Lawsuit is not punishment enough -- theses companies should be tarred and feathered!

One of our office machines was playing music from the Internet through Media Player and a window popped up declaring, "You have been infected with horrible Trojans, you need to download this now." Thankfully, I was there and they asked me what was going on. I found out that this was that bogus Antivirus 2009 that has been showing up in various places. What really surprised me was that this site not only showed up as an advertisement on the site Media Player was pointed to, but was a sponsored site on Google and Yahoo and probably other search engines. I am truly amazed that these search sites don't screen their advertisers better than this. Apparently, these scammers are willing to pay to appear on search engines because we are gullible and will fall into their trap.

The other thing that surprised me was that even while I was telling the user that this was bogus, they kept saying, "It looks so official, so genuine." I pointed out that they would hardly make it look fake if they really want to fool people, and they still kept saying, "It looks so real." Yes, it does.


I'm there right now with a PC hit by scareware. Our HR manager brought in his home laptop and he swears he only visited the GA Bulldog Web site. The laptop has been taken over by one of those "Your PC is infected" scams. It's infected, all right! I'm at the point now where the only recourse is to erase the hard drive. I hope there will be teeth in whatever is done to go after these companies!

XP anti-spam, or something similar, got onto my daughter's computer. I used Symantec's eradication instructions, but it took days of effort, and I learned more about registry than I wanted to know.

I had a situation recently where my son got attacted by one of these programs. I did eventually fix it, but it took three days, a lot of investigation and a copy of bootable Linux to get to the root of the problem. It was almost as bad as a rootkit to get rid of. Normally, I would probably have just reformatted the hard drive and reinstalled, but I was bound and determined that some punk was not going to get the best of me. Since then, I have heard of a number of other people infected with this crap, and I just wish I would have documented what I had to do to fix it and post the fix on the Web. Maybe next time.

One of our employees approached me and said his home computer had gotten some type of virus and had become unusable. Being the compassionate IT manager that I am, I told him to bring it in. When I turned it on and booted it up, I could not do anything but stare in disbelief, and then laugh. Basically, his background wallpaper was red with a virus symbol and the words "You have a virus" or something to that effect. A pop-up box with a bogus scan started running and messages started popping up everywhere saying all types of virus and spyware were detected. I watched amused as Norton AntiVirus helplessly tried to get things under controll, but it was way out of its league and was probably making things worse. I could not click or open anything except a dialog box that popped up saying that I needed to buy the full version of Vista Antivirus 2008 to fix the problem.

Apparently, while he was surfing the Web he came upon a site that popped up a dialog box that would "scan his computer for free" for viruses and spyware. My solution for him? Boot from the XP CD, stay away from questionable Web sites and do not click on links that promise to clean your PC. Well, you can guess...the rest is history.

I am a division chief with a south Chicago suburb fire department and also the IT manager for the same municipality. I have had about 30 PCs that have been infected by these seemingly legitimate pop-ups. I advise my users to just pull the power plug when one appears, no matter what they're doing. For the unfortunate ones that didn't, or just clicked the "X" in the top-right corner, they paid the ultimate data processing price. Their hard drives went to alphabet heaven. A few were recovered by purchasing other anti-virus software and these actually did clean up the mess. Most weren't so lucky. The impact of this is that a lot of these firefighters have had to use their personal PCs for training. Hours and hours of PowerPoint presentations, movies and lessons that firefighters and paramedics use went up in smoke.

The problem with this latest round of "You're infected" pop-ups is that they have the look and feel of a real Microsoft window. When a virus takes on the look and feel of an operating system, the average user is not going to have the tools to decide between "Oh, this one is real" and "Uh-oh...yank the plug." Microsoft and the DAs of the states -- if not at the federal and international level -- should hunt these authors down and prosecute them fully with felony charges.

Got a comment of your own you'd like to share? Let us know! Leave a comment below or send an e-mail to [email protected].

Posted by Doug Barney on October 06, 2008


  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Microsoft Expands Copilots with Finance and OneDrive Additions

    New Microsoft Copilot generative artificial intelligence products and capabilities were described this week.

  • Microsoft Surface Hub 2S OS Upgrades Available

    Microsoft Surface Hub 2S users can now upgrade those devices to run the Teams Rooms on Windows operating system at no extra cost.

  • Windows 11 Upgrade Prompts Coming in April

    Microsoft plans to issue messages to Windows users in April, prodding them to upgrade to Windows 11 version 23H2.