So…right before I go to bed last night, I start getting these weird security pop-ups that LOOK like Windows Security warnings. They prevent me from opening almost any programs. And I notice an unusual icon in the system tray, that opens up to “AntiVirus Suite” and an apparent scan that says my computer is LOADED with viruses and malware.
A quick Google search leads me to the knowledge that “AntiVirus Suite” is malware itself, its scan is fake, and its purpose is to scare me into paying for the program. Now, I’m currently aware that it’s all a scam…“hostageware” or “ransomware”. What I want to know is which of the several methods for getting rid of it are genuine? I found a couple that ask me to download their particular anti-malware program to remove this “AntiVirus Suite” but I don’t know if they, themselves are legit, or if they’re more of the same, claiming they’ll remove it but ending up hijacking my computer even further.
Any of the IT people on the board know what the best genuine cure for this is?
I’m running Windows 7 Home. I’m running Antivir free edition, which this thing just completely jumped over, apparently.
MalwareBytes is reputable and stands a good chance of removing it. I used it the other week on a workmate’s laptop for what sounds like exactly the same piece of ransomware. I think this may be one of those pieces of malware that works within a limited account, and so cannot do system-wide damage. Or maybe you’ve disabled UAC.
Based on your question of “What’s UAC?”, I’m going to diagnose that you are running your computer in a full blown Admin account and you’ve likely turned off UAC. I will also wager that you like to “download” programs and easily click yes when prompted to install something to play a game or watch a video.
If you were running in a Standard User account with UAC on instead of an Admin account, you wouldn’t have been pwned so easily. At least not without you allowing the program to install through a UAC prompt.
Well, I haven’t “turned off” anything, that I’m aware of. And I’m using Windows as it came on the computer. Instead of berating me, how about telling me what I should have done to prevent this?
The first rule – anything that pops up and says you have a large number of viruses on your computer is almost certainly a fake. If you see it, shut down your browser (press Ctrl-Alt-Delete, bring up the task manager, and the close any browser instances you see).
Second, familiarize yourself with what a real virus warning looks like on your computer. Here are samples. They may be outdated, to to be sure, search for the EICAR test file and download it. It will generate a virus warning (the file is harmless), but you can see what a warning looks like. Take a screenshot if you need to and put it near your computer. If the warning isn’t like that one, it’s a fake.
User-Account Control. In the old days of Windows (e.g. XP), most people, on their Windows home computer, were set up as “Administrator” type users - meaning a user with the privilege to do anything on the computer, install any software, etc. This made it easier for virus-type programs to install themselves on your computer.
With Windows Vista, Windows tried to encourage people to not run as Administrator-level users any more - instead you run as a user with limited privileges, and you would be asked “is it OK to do this?” any time a program tried to do something that required Administrator privileges. If you were using your computer with limited privileges, it would be harder for a virus to install itself on your computer. Unfortunately, many applications are written with the assumption that the user running the application has Administrator privileges, so older programs might not be happy if the login name you used to login to the computer didn’t have Administrator privileges. Also, with Vista, many people complained that the User-Account Control system (UAC), that would try to stop you from installing software without permission, was giving so many dialog boxes asking “is it OK to do this?” that it was annoying.
With Windows 7 (basically a minor upgrade to Windows Vista), Microsoft tried to make the UAC prompts less obnoxious, amongst other things. In theory, you should set up your computer so that there is an Aministrator-level user (the login name can be Administrator or something else), but for your day-to-day use, you would have a “jayjay” login and the “jayjay” login would not have Administrator privileges. You would set this up through the appropriate program in the Control Panel. (Sorry, I don’t have Windows 7 in front of me right now so I can’t describe exactly how to do it, but the previous post has a link with instructions.) If all the programs you use are written to be smart enough to run without Administrator privileges, then you would be OK using your PC most of the time without being an Administrator-level user.
UAC is a great security feature when run with a Standard User account. It is easy to use and prevents the vast majority of security snafu’s. That is unless the user wants to install the game/codec/pirated program laced with malware.
When I booted my computer this afternoon it didn’t load the ransomware, so I downloaded MalwareBytes and I’m officially clean again. Now off to set up UAC…
The thing that confuses me is that everyone makes a big deal out of being an admin with UAC lowering your privileges–that it’s a huge security problem with Windows. But that’s exactly what, say, Ubuntu and any other distro that allows in place escalation. Everyone talks like SUDO is the greatest thing in the world.
Is not a limited Administrator account in Windows functionally the same thing as a user with SUDO privileges in Unix?
I think there’s a certain amount of confusion in this thread (either that, or their is a certain amount of confusion in my head) - UAC does not apply to standard (limited) user accounts. It applies when you are using an account with Administrator privileges, as Windows users are wont to do. In that case, UAC creates two security tokens, one with admin privileges and one with the privileges of a limited account. The latter token is used until access is requested something that requires admin privileges. Then, the UAC prompt pops up, you enter your password, and the other token is used for that task.
So it is like sudo in reverse – you use a powerful account which most of the time is limited.
I’m not aware of people making a fuss about UAC being a security risk. There is some disagreement over its effectiveness, but if it does actually work it’s got to be better than the most people running as admin all the time.
It doesn’t matter as long as you create another Admin account and switch the current over to a Standard User. It’s is easier this way since you retain all your program settings.
A problem I had with a virus last week was that it did not allow me to run malware bytes. It seems this is a common problem now - the virus knows you are going to try to get rid of it so it prevents you from running any program that will delete it. I was able to get rid of it anyway.