Beware: Virus Alerts are Not Always What They Seem
My dad called me this weekend. An utter computer novice, he was faced with a warning from Microsoft Security Essentials and didn't know how to deal with it. A little too cocky, perhaps, I took over his PC using CrossLoop. And proceeded to make things much, much worse.
Apparently, Security Essentials had detected a Trojan infection and couldn't eliminate the problem on its own; it recommended downloading a solution online. I clicked a few times to allow Security Essentials to do its thing and then -- unexpectedly -- my remote connection was terminated. Over the phone, my dad described what sounded like a secure desktop -- devoid of a Start menu -- with only one option: Paying money to remove the Trojan.
The computer was being held hostage, and this was a ransom demand. I had gotten scammed.
So here's what appeared to have happened: What my dad saw was not Microsoft Security Essentials at all, but was instead a Web pop-up that was designed to look exactly like MSE. I am guessing that if I had explored the UI in more detail, I would have discovered this, but I was in a hurry, 3000 miles away on a remote connection, and trying to click my way through what I figured was a 5 minute tech support call. At this point, my dad's PC had not been compromised.
When I downloaded the online component, that's when the virus took over. And I have to admit: This thing is thorough. It managed to block my efforts to start Task Manager until I instructed my dad to boot into Safe Mode, and even after killing the task, it never surrendered its closed-off desktop to allow me access to the Start menu. Various Web sites claimed to have instructions for removing the virus, but none of them worked for me. It has been about a week, and I still can't figure out how to fix my dad's PC short of paying him to take it to a repair shop.
There's a moral here. If you see a virus warning from your security software, don't trust it unless you launched the scan yourself. If you didn't, close the app and run a manual scan to see if you can reproduce the same result. I've learned an important lesson, and perhaps someday I'll get my dad's PC fixed. Wish me luck.
More on BNET: