The Web is getting trickier and trickier. We received several emails from users who use airfare watchdog to get airfare alerts. And we’ve used airfare watchdog before and have always considered it a legitimate site.
This week our own EB received an alert from airfare watchdog (and, yes it was really from them) and when she clicked on the link in the alert this dialog appeared (see below):
The following dialog window appeared. Darcy was using Windows XP at the time and you can see it looks like a standard Windows dialog, but it is not. This is a rogue and clicking anywhere on that dialog, or attempting to close it will result in your system being infected by a rogue. And your antivirus won’t warn you and our antispyware won’t warn you because it’s not a virus or Trojan or spyware. Rogues are a different breed because they pose as normal Windows security programs. They’re ransomeware and they will attempt to hijack your computer until you purchase the program to “clean” the “problems” it finds. Of course, there are no problems and when you pay for this rogue it will clean nothing but of course since it stole your money – the problems it found will be gone.
Look at the above dialog. The key to the rogue is the title bar. It says “Message from webpage”. No webpage is going to find “critical process activity” on your computer. And what the heck is critical process activity anyway? There is always critical process activity on your computer — Windows has many critical processes running all the time — if they weren’t running, you would not be reading this.
If you see any of these dialogs — look at the title bar — it’s a dead giveaway. If it were a Windows Dialog or a program running on your computer — it Ctrl + Shift + Esc to bring up the Windows Task Manager. Click the process tab and right click all each of browser’s processes and chose “End process tree”. Say OK to the Windows warning. If there are more than one instance of your browser running, right-click each one – one at a time and choose “End Process”. Then clear your temporary Internet files.
Here are the names of the processes for most popular browsers:
Internet Explorer (all versions) iexplore.exe
Firefox (all versions) firefox.exe
Chrome (all versions) chrome.exe
Safari (all versions) safari.exe
You can order the list in Task Manager alphabetically by clicking on “Image Name”.