Data Doctors: Q. I have a pop-up telling me that I am infected and to buy this software, or that I need to run a scan when my current PC-Cillin is running a scan. What is this worm called, and can you tell me how to remove it? - Jim
Q. I have a pop-up telling me that I am infected and to buy this software, or that I need to run a scan when my current PC-Cillin is running a scan. What is this worm called, and can you tell me how to remove it? - Jim
A. Your description sounds like the long-running "scare-ware" program generally calling itself AntiVirus 2009 (formerly AntiVirus 2008).
This family of scams has been very successful in fooling folks into paying for relatively useless software, and the stakes are starting to get higher.
The most recent variation will attempt to convince you that your My Documents folder is corrupted and offers a free "fix" for the problem. This is a scam to get you to install a rogue program that, in this case, actually "encrypts" your My Documents folder and then will hold you hostage when you try to get back into your files.
The "ransom" for giving you the key to unlock the encryption is $50, which is why the security community refers to this type of malware as "ransom-ware."
If you get infected with this scam, DON'T pay the ransom! Unlock tools have been posted around the Internet, or consult a professional.
The authors of these programs used a generic sounding name (AntiVirus 2009), which is used by many companies, and boxes that look like they were generated by the Windows operating system. This combination is fooling a lot of users into thinking the warnings are legit.
In your case, if the warnings are not coming from PC-Cillin (Trend Micro) then you should be suspicious. Likewise, users who have installed anti-virus software from companies like Norton, Webroot, McAfee, Panda or any of the major vendors should only heed warnings that are generated by the specific program that was installed as the protection system.
Paying attention to the details of the warnings is the best way to sidestep these types of scams. In addition to making sure that a warning message is coming from your anti-virus program, look at the header (usually the blue bar at the top of the warning box) to see if it has the name of your program in it.
If you see things like FreeWebScanner or FreeScan or FreeAntiVirusScan or anything other than your security software's name, don't respond (click the X in the top right corner).
To get these pop-ups in the first place, someone has likely ventured into fringe Web sites (gambling, adult content, hacker sites, warez software key sites, etc.), downloaded files from a file sharing network like LimeWire or KaZaa, or fallen for one of the many new e-mail or social media video scam messages.
If you get any kind of message saying that an embarrassing video of you is up on YouTube, or check out this sexy video of a girl, etc., and when you go there to see the video you are prompted to update your Flash player or video "codec," don't fall for it. Unless you are just getting started with a new installation, you have everything you need to see online video already.
Your chance of getting infected by the AntiVirus 2009 scam is exponentially higher than getting infected by any of the Conficker worms that captured the world's attention last week.
As with all infections, the more you pay attention to what you are clicking on and the more suspicious you are of everything you see, the less likely you will become a victim of these scams. The bad guys know that you aren't paying attention out there, and they are getting better at distracting those who aren't constantly on their guard. So don't let them fool you.
Ken Colburn is president of Data Doctors Computer Services and host of the "Computer Corner" radio show, which can be heard at noon on Saturdays on KTAR (92.3 FM) or at www.datadoctors.com/radio. Readers may send questions to firstname.lastname@example.org.