John says that Microsoft Security Essentials let him down!
In the middle of trawling though some websites on Google in search of an article, my screen was suddenly taken over by a glaring warning that my computer was in danger of being taken over by “Trojan-BNK.Win32.Keylogger.gen”. I was then informed, quite bluntly in fact, that the only solution lay in downloading and installing XP Antivirus 2012 – FOR $70 . Only then would this Trojan threat be removed. Yet I had Microsoft Security Essentials installed, as you have recommended, and it should have been on guard! Why did it not pick this Trojan up and eliminate it FREE OF CHARGE?
I seemed to have no choice. My computer was effectively locked up, rendered useless unless I paid up. I feel as though I have been taken for a $70 scam. What is the story here please? Has any other subscriber to Cloudeight experienced this? I have great confidence in your knowledge and capacity to make complex things clearer so I am hoping you will help me understand what was at work here. Thank you for being there for us all. John H.
Thank you for your nice comments, John. We’re sorry to tell you that you are yet another victim of scareware (a rogue security program). You should immediately call your credit card company and report this – and get your money back. You’re dealing with criminals so you might want to keep on the lookout for fraudulent charges on your credit card.
Almost everyone we know (including both of us) have confronted rogue security programs, also called “scareware”. The reason that Microsoft Security Essentials didn’t detect the Trojan is because it didn’t exist in the first place. If EB and I would have visited that same poisoned site that you did, we’d have received that exact same warning. And so would the next 10,000 visitors. All of us would have been “infected” with a non-existent Trojan.
A lot of people are fooled by these scareware attacks. They are created by highly skilled programmers and graphic artists – the warnings and dialogs all look like they’re coming from your Windows computer. And once you encounter a rogue security program, you’re in for a rough ride even if you recognize it for what it is. You cannot close the dialogs or the download by clicking the “X” or “cancel” or “close” – you may not even be able to close your browser except by accessing Task Manager, going into “Processes” and ending the process tree of the browser’s executable. If you don’t close your browser fast enough, the rogue will be downloaded, your security programs may be disabled, and your screen will be covered with huge dialog from the rogue – and you can’t access anything on your computer until you click “Buy Now”. You did and you’re out $70 unless you call your credit card company and tell them you’ve been a victim of rogue security software / scareware.
And if you leave the rogue security program you bought on your computer – you’re in danger of having information on your computer gleaned and sent to the criminals you purchased the rogue from. It may only be your browsing data, or it may be email addresses, or it may be even more sensitive information. You not only paid $70 for a worthless program, you paid $70 for what is most likely spyware, malware, and/or adware.
Rogue / Scareware is easy to recognize if you keep your head and you know what to look for. For instance, how in the world would a web site know your computer was infected just a few seconds after visiting that page? Did they scan your computer without your permission – no. It takes several minutes – most of the time even longer to scan your hard drive, and a web site can’t do that – not without you knowing. The first clue that you’ve encounter scareware / rogue is when you visit a site and you get a warning that your computer is infected with a Trojan or some other nasty malware. It’s a scam. You need to close your browser pronto and get away from that site as quickly as possible. Your computer can become infected by the rogue in less than a minute – so the key to staying out of trouble is to close your browser immediately. If you can’t use the “X” at the top-right corner of your browser during the attack, right-click on an empty space on your taskbar and open Task Manager, click the Processes Tab, find your browser’s exe (firefox.exe for Firefox; iexplore.exe for Internet Explorer; chrome.exe for Google Chrome), right-click on it, and choose “End process tree” – you’ll get a Windows warning but it’s all right , go ahead and click “OK” to terminate the process. If you can’t even access Task Manager, the best thing to do is shut your computer off at the power switch. That will close everything and stop the scareware attack – but only if you do it quickly. If you don’t, no matter what you do, your computer is infected and if it is, your screen will be covered with a huge dialog from the rogue that will cover your taskbar and you won’t easily be able to access any programs or functions until you pay the ransom.
If you find you couldn’t close your browser down fast enough, don’t panic. You can still make it like it never even happened. See this article we wrote a couple months ago.
MSE didn’t necessarily let you down. Most security programs don’t detect rogue security programs – because they mimic regular Windows programs – they don’t mimic viruses, Trojans, spyware or other malicious software. Also many rogues will actually turn your security software off. And even if some security software recognized some rogues – it wouldn’t recognized them all because there are dozens of new ones popping up every day.