Barney's Blog

Blog archive

Mailbag: Cautionary Scareware Tales

Have you been hit by scareware? These readers share your pain. As pomised, here are their stories about how they got hit, and how they dealt with the problem:

We're a non-profit providing low-cost computers to low-income disabled and low-income seniors. The majority of our clientele are new to computers, and when presented with a big warning in large letters, they will click "Fix it!" This is a real problem, since our people have no clue as to how to remove the infection (and I've done it and it isn't easy or quick). What a pain!

I just finished a full factory restore on a friend's laptop because he clicked on a pop-up for Antivirus 2008. This "free" virus checker completely trashed his machine. Luckily, I was able to save most of his documents prior to the machine becoming completely unusable.

I am an IT pro, have been for 30 years. There is a lot to be said for the old dumb terminals that did not have Internet! Since Aug. 1, we have had 15-plus machines get the Antivirus 2008 or some variant thereof at work, and at least that many employees' personal home machines, which has earned me some additional pocket money.

But my own personal machines at home (two) also got it -- the first thanks to one of my daughters, and the second I have to take the blame for. And before I found a great tool for removal, I spent days trying to clean them up. In fact, for the one my daughter did, I accidentally deleted some files in the Windows folder that from that point prevented me from logging back into the machine, period. I had to change hard drives and make the original C drive D to be able to back up the 75GB of stuff she had on it. Another week of restoring and re-installing, and she was back up. Lawsuit is not punishment enough -- theses companies should be tarred and feathered!

One of our office machines was playing music from the Internet through Media Player and a window popped up declaring, "You have been infected with horrible Trojans, you need to download this now." Thankfully, I was there and they asked me what was going on. I found out that this was that bogus Antivirus 2009 that has been showing up in various places. What really surprised me was that this site not only showed up as an advertisement on the site Media Player was pointed to, but was a sponsored site on Google and Yahoo and probably other search engines. I am truly amazed that these search sites don't screen their advertisers better than this. Apparently, these scammers are willing to pay to appear on search engines because we are gullible and will fall into their trap.

The other thing that surprised me was that even while I was telling the user that this was bogus, they kept saying, "It looks so official, so genuine." I pointed out that they would hardly make it look fake if they really want to fool people, and they still kept saying, "It looks so real." Yes, it does.


I'm there right now with a PC hit by scareware. Our HR manager brought in his home laptop and he swears he only visited the GA Bulldog Web site. The laptop has been taken over by one of those "Your PC is infected" scams. It's infected, all right! I'm at the point now where the only recourse is to erase the hard drive. I hope there will be teeth in whatever is done to go after these companies!

XP anti-spam, or something similar, got onto my daughter's computer. I used Symantec's eradication instructions, but it took days of effort, and I learned more about registry than I wanted to know.

I had a situation recently where my son got attacted by one of these programs. I did eventually fix it, but it took three days, a lot of investigation and a copy of bootable Linux to get to the root of the problem. It was almost as bad as a rootkit to get rid of. Normally, I would probably have just reformatted the hard drive and reinstalled, but I was bound and determined that some punk was not going to get the best of me. Since then, I have heard of a number of other people infected with this crap, and I just wish I would have documented what I had to do to fix it and post the fix on the Web. Maybe next time.

One of our employees approached me and said his home computer had gotten some type of virus and had become unusable. Being the compassionate IT manager that I am, I told him to bring it in. When I turned it on and booted it up, I could not do anything but stare in disbelief, and then laugh. Basically, his background wallpaper was red with a virus symbol and the words "You have a virus" or something to that effect. A pop-up box with a bogus scan started running and messages started popping up everywhere saying all types of virus and spyware were detected. I watched amused as Norton AntiVirus helplessly tried to get things under controll, but it was way out of its league and was probably making things worse. I could not click or open anything except a dialog box that popped up saying that I needed to buy the full version of Vista Antivirus 2008 to fix the problem.

Apparently, while he was surfing the Web he came upon a site that popped up a dialog box that would "scan his computer for free" for viruses and spyware. My solution for him? Boot from the XP CD, stay away from questionable Web sites and do not click on links that promise to clean your PC. Well, you can guess...the rest is history.

I am a division chief with a south Chicago suburb fire department and also the IT manager for the same municipality. I have had about 30 PCs that have been infected by these seemingly legitimate pop-ups. I advise my users to just pull the power plug when one appears, no matter what they're doing. For the unfortunate ones that didn't, or just clicked the "X" in the top-right corner, they paid the ultimate data processing price. Their hard drives went to alphabet heaven. A few were recovered by purchasing other anti-virus software and these actually did clean up the mess. Most weren't so lucky. The impact of this is that a lot of these firefighters have had to use their personal PCs for training. Hours and hours of PowerPoint presentations, movies and lessons that firefighters and paramedics use went up in smoke.

The problem with this latest round of "You're infected" pop-ups is that they have the look and feel of a real Microsoft window. When a virus takes on the look and feel of an operating system, the average user is not going to have the tools to decide between "Oh, this one is real" and "Uh-oh...yank the plug." Microsoft and the DAs of the states -- if not at the federal and international level -- should hunt these authors down and prosecute them fully with felony charges.

Got a comment of your own you'd like to share? Let us know! Leave a comment below or send an e-mail to [email protected].

Posted by Doug Barney on October 06, 2008 at 11:52 AM


  • Dell Slashes 6650 Jobs

    Dell is cutting five percent of its workforce (6,650 jobs), the company announced on Monday.

  • Microsoft Committed to Mixed Reality and HoloLens 2

    Microsoft is reassuring the public that it still is focused on mixed-reality products, including Microsoft Mesh and the HoloLens 2 headset.

  • ChatGPT Integration Added to Microsoft Viva Sales

    Microsoft announced on Thursday that ChatGPT 3.5 AI model is now available in Microsoft Viva Sales.

  • Microsoft's AI-Driven Teams Premium Now Live

    Microsoft Teams Premium, which features OpenAI technology, is now available.