A new type of computer virus called “Scareware” (also called Rogue Viruses) has been spreading like wildfire. The viruses try and scare the user into giving out their credit card number and paying to have it removed.
There are many different types of scareware that look and behave differently. Most scareware viruses will look exactly like legitimate antivirus software, and will report that the computer is infected. It will then ask for money to remove the “viruses”.
Another example of a scareware program is one that will lock the user out of the computer and bring up a window that warns that the FBI has locked their computer for breaking the law, and that you need to pay money in order to get your computer unlocked and avoid prosecution or jail time. Obviously the FBI doesn’t lock people out of their computers, and they certainly wouldn’t ask for money to avoid punishment.
Scareware viruses all have one thing in common, the virus will try and scare the user into giving their credit card number. It’s likely that once you give them your card, they will keep locking you out and charging you again.
The scareware plays on the fact that smart people will do stupid things when afraid, and the viruses are very effective and making a lot of criminals rich.
HOW DO I KNOW IF HAVE SCAREWARE?
1. You are all of a sudden locked out of your computer and not able to load any programs or change most settings.
2. You are told that you need to pay money to fix the problem.
3. Some type of “scary” window pops up and warns you of a problem, but requires your credit card number in order to fix the problem.
HOW DO I REMOVE SCAREWARE?
1. Boot to “Safe Mode With Networking” by turning off the computer, turn it back on, and immediately tap the F8 key repeatedly.
2. Download and install SuperAntiSpyware and do a complete scan.
3. Then download and install Malwarebytes, (while still booted to Safe Mode With Networking). While installing Malwarebytes, at the end of the installation it will ask if you want to start a trial of the PRO edition. Don’t do the trial or there is a chance Malwarebytes will conflict with your regular antivirus software. Open the program and do the updates as suggested. Then run the “Full Scan”, and remove anything it detects.
4. Restart the computer and see if the problem still persists. If so, use the advanced manual removal instructions located below. NOTE: (You should probably uninstall Superantispyware after you are done, because by default the program will run in the background at all times and could slow down your PC, or possibly conflict with your Antivirus software.
(For Advanced Users)
1. Boot to “Safe Mode With Networking”. (See step one above for instructions)
2. Most scareware viruses will leave an icon on the desktop for the program and are almost always located in the hidden folder “AppData” or “Application Data”. RIGHT click on the icon, and select “properties”. (DON’T left click or open the file!) A window will load that will give you the exact location of where the scareware virus is located.
3. Copy and paste the location, but remove the last part of the path so that you don’t include the executable file. For example if the path for the scareware virus is located at “C:\Users\user\AppData\Local\Temp\aa88ee\12345.exe” , only copy the “C:\Users\user\AppData\Local\Temp\aa88ee” and manually punch in that path. For XP you can click “Start—-> Run”, and then type the path and press enter. For Vista/7, click the “Start” button, and type the path into the search box and press “Enter”.
4. You will now see the virus, highlight the file or files, (Don’t open them!), and while holding down the “Shift” key on, press the “Delete” key which will permanently delete the file and bypass the Recycle Bin.
5. Now load up the “System Startup Utility”, (For XP go to “Start” —-> “Run”, and then type msconfig) (For Vista/7, go to “Start” and in the search box, type msconfig)
6. Select the Startup tab, and disable the scareware virus by unchecking it’s entry. (You can identify the virus by looking at the path’s since you know where the virus was located from using the instructions above)
7. Click the Services tab, and check the box for “Hide Microsoft Services”. Look for an entry for the scareware virus and disable if possible.
8. Click apply and restart the computer. Boot to regular mode.
9. Run a full scan with Malwarebytes.
You should now have a much better understanding of what Scareware is and how to remove it. If you have any questions, please try our free Computer Help Chat by volunteer geek technicians.