My mom just fell for an "antivirus" scam

Miscellaneous and Personal Stuff I Must Share
1

Last night my mom called me up. While my mom is an incredibly smart woman in a whole lot of ways, it is impossible to talk to her about anything that requires a chain of thoughts strung together in a rational cause-effect fashion (she will always assume that she knows what you want to ask, jump to that, and half the time will be wrong), and we had a rather frustrating (even more frustrating in retrospect) conversation that went something like this:

Mom: Internet Explorer is giving me this error where it doesn’t want me to go to this web page because it says it may be dangerous.
Me: Okay, there’s a reason for that. Don’t go there. Where did you get the web page information from, anyway?
Mom: There was a guy at Staples who said I should get antivirus software.
Me: Did he give you the link?
Mom: So I am trying to get free antivirus software.
Me: You should not do this.
Mom: But my computer is telling me I might have a virus. The computer message says to click here for antivirus software. But would it fix it if I already have a virus?
Me: I don’t know. Some of them do. Um - DO NOT CLICK ON THAT LINK.
Mom: But I can’t get into gmail.
Me: Actually, we were about to eat dinner. Can I call you back?
Mom: Okay, maybe I’ll turn off the computer.
Me: That sounds like an EXCELLENT idea.

So, we eat, and my husband’s parents call as we’re finishing up, so it takes me maybe an hour to call her back.

Mom: So I bought some antivirus software.
Me (a little worried): Uh, from Staples?
Mom: No, online.
Me (more worried): From where?
Mom: From Microsoft, I think. Or maybe Dell.
Me (slightly relieved): Oh, so, like, from the Microsoft web page?
Mom: Uh, no… I clicked on the link. From the computer. But the web page was something else.
Me (not relieved in the slightest): SEND ME THE RECEIPT RIGHT AWAY.

…You can finish it from there. My mom rebooted the computer, and when gmail still didn’t work, clicked on the virus link I expressly told her not to click on (my husband even vouches that I explicitly told her this) and gave her credit card and $70 to spammers on the interwebs for the privilege of infecting her computer with Antivirus Live Platinum malware. AGH AGH GAH. I also feel like I am to blame a little bit because I told her not to get free antivirus software (obviously there’s some stuff, like ZoneAlarm, which isn’t chock full of malware, but you can see why I didn’t trust her to find it) which apparently was her cue to go out and BUY some.

She tends to freak out about stuff, so I was glad that at this information she did not freak out that much, although she was mad about losing her $70. I couldn’t sleep last night for fear she’ll get her identity stolen, her computer will crash, she’ll lose all her data… She is calling her credit card company to make sure no unauthorized charges are made (if it were me I’d cancel the card), and she’s visiting next week so we can try to fix her computer then, although now I’m worried she’ll infect OUR network (and my husband has already said she is barred from using our desktop). GAH.

2

My mom is a very very low-level user, but she does know not to click on links like that. It more than makes up for having to go to her house to do the simplest things for her. Plus she thinks I’m some kind of genuis… :smiley:

3

I’d file a dispute with the credit card company and also ask them to reissue her a card with a new number.

I don’t know what the odds of her getting her money back are, but the more disputes that are filed against those sorts of jerks, the less profitable their scams are.

4

Ouch. I just arrived at my mother’s house earlier today to find her computer infected with something called Internet Security 2010, which has been on here for about a month. It pops up half a dozen warning messages every few minutes, wouldn’t let me access the Task Manager, and even hijacked search engines so I couldn’t find out information on Google. I ended up having to type the search string in the address bar and used the Cached pages to find this link for instructions on how to remove it.

We have Zone Alarm on her computer since the last time she downloaded a virus and my brother had to reinstall Windows. But this virus was able to get around ZoneAlarm’s prevention and not be detected by an anti-virus scan.

5

Those removal instructions are INSANE. 18 steps?!?!

6

Why? Would you leave the virus on because you don’t want to follow all that steps?

Actually, the number of steps is long because it’s designed for people who aren’t computer geeks. Every step is listed in order for it to be clear, but if you know what you’re doing, you can summarize it as “Download rkill, and then download and install Malwarebytes and run a scan.”

7

Hell, I could get sober in 2/3 of that.

8

Sober, but still infected.

9

My father fell for a scam similar to this and we went and got him an anti-virus from the store just so he’d feel protected and not feel the need to go looking on his own again. What seem to click for him was I told him not to put anything he didn’t buy from a physical store on his computer without asking me about it first. I figure that should keep him pretty safe.

10

Hmm. Weird. I had this very thing happen to me on Sunday night. Couldn’t access any websites except the one trying to sell me antivirus software. Even Google was denied. It’s probably the same bogus antivirus software they tried to sell me. It kept me from opening any program, always saying that “ is infected.” I even posted a question in GQ about it, before I realized that the sticky had all the info I needed.

Fortunately, it seems simple to get rid of. Malwarebytes got rid of all the malware causing the issue, and my computer is no worse for wear. Booting the computer into Safe Mode allowed me access to all of my programs and let me run the malware scans.

11

I just finished cleaning up that god damned “Antivirus Live” malware, which is similar to the OP’s issue, and that thing is a bitch. My computer was completely hijacked to where I couldn’t install or open any anti malware programs (including rkill) or the task manager, and IE was repeatedly opening sites to the point that my connection was slowed and I couldn’t access the settings to turn off the proxy (which is step 1 in the directions I found). I use Mozilla, so I could at least look for tips on how to get rid of it (I’m not really an IT guy), but I couldn’t even print out the steps, as the printer drivers were blocked by the hijacker.

It’s not that complicated once you figure out what to do, but the Malwarebytes program took an hour to scan and remove everything.

Don’t know where I picked it up. I looked through the browser history and didn’t see anything out of the ordinary. Also, since I have Vista, I apparently can’t just remove IE7, which seems to be a big part of the problem. By the time I was done, I was thinking that death by burning was an appropriate punishment for malware authors.

12

There seems to be a lot more malware popping up on “safe” sites lately. I’ve gotten warnings from both the dope and from one of my webcomics sites. Avast stopped it, but I was surprised to see it there.

13

I had just come back from a long stay at my folks’ house and was using their internet connection the whole time. I literally just booted my computer up for the first time in at least two weeks on Sunday. I had gotten to two sites, CNN and this one, before I got the messages about being infected. Before yesterday, there had been no indications of any infection. I really don’t know how it sneaked in so quickly.

14

This #^*% is always a probelm, but every out-of-work geek writes one, whenever the economy tanks.

Regular as clockwork.

15

What really irks me is that this is the same woman who has issues with buying things from Amazon with her credit card. Sigh.

statsman, were you using IE or Firefox? We were speculating that her using IE might be a large part of it, but of course we don’t know. Thanks for the tips.

jk1245, yeah, that sounds like the malware she got. Oh, boy, it sounds like we have our work cut out for us… at least we have some uninfected computers to get the instructions and malware removal tools from. But I think she might be barred from connecting her computer to our network after that. Just in case.

16

Juts to reassure, it’s not that hard once you figure out what to do. The main thing is to stop the program from running, either by entering safe mode, using rkill, or by using the task manager to stop the program (looks like it’s IS2010.exe for yours, mine was sysguard.exe). Trick is you can’t run rkill or the task manager once the malware starts up, so you need to do right away at system start. After that. it’s easy to download and run Malwarebytes and let it do its thing. Also, Firefox worked fine (except for slowness caused by dozens of IE windows) throughout, so I could use that to figure out what to do.

Once that thing starts though, yeah, you can’t do anything and need to restart the computer. Good luck!

17

raspberry hunter:

I only use Firefox (sorry…that came out as fanboy-ish. I really just like it better :slight_smile: ). I knew something was up when I clicked on the bubble on the bottom right of my screen that supposedly would start my antivirus program, and IE opened up to a page trying to sell me bogus software.

18

I know that the guys behind WinAntivirus and variants (Which I believe have been mentioned in this thread) are also targeting ad servers; If they can get an infected ad past any checks at the ad company, they try to hit any exploits in the browser, hence why you can get hit on ‘safe’ sites sometimes.

19

I had this one too, on both my work and home computers. Seconding (or thirding) malwarebytes - it does the job.

I use Firefox at home so I don’t see how my IE was even hit by this.

20

My dad did the same thing. On MY computer. He was actually crying when he told me, thinking he screwed it up permanently. I rebooted in Safe Mode, looked up the virus .exe online, used Malwarebytes to get rid of it, and then used the Internet info to make sure it was gone. Reboot, and everything was back to normal.

(Of course, he never did try to buy the upgrade, but, if he had the money, I’m sure he would have considered it before actually having to tell me–he was that upset. And I don’t know how he saw the ad, as such ads are blocked. Adblock normally makes a pretty good security program.)