Consider this post a public service announcement. Yesterday my desktop computer got attacked by the Fake Microsoft Security Essentials Alert trojan. This virus looks like a legitimate security alert, but in fact it’s a trojan that tries to trick you into going to a bogus website and downloading a rogue program to your computer.
Yesterday I was looking at news sites trying to get more information about the shooting at UT Austin. (My daughter went to that school, and even though I knew she wasn’t there yesterday, it was one of those things you watch with grim fascination because you know the place.) I don’t know which site caused the problem; I had several tabs open in my browser. But all of a sudden Windows Media Player opened (I hadn’t selected a video to play) and this window popped up:
I clicked the “Clean computer” button, and was told that Microsoft Security Essentials couldn’t remove the threat. The program then “searches online” for software that, it claims, will fix the problem and shows you the “results”: five bogus sites mixed in with legitimate, recognizable anti-virus sites like AVG and Kaspersky. But the only sites with software to fix the problem, according to the fake alert, are these: AntiSpy Safeguard, Red Cross Antivirus, Peak Protection, Pest Detector, and Major Defense Kit.
Ever hear of any of those? There’s a reason why not: Each one is a rogue program. If you download one, the next time you start your computer the rogue program starts up and pretends to run a scan. The fake scan announces numerous threats (this is bogus) and directs you to buy software to remove them. So ultimately, this trojan is after your money and your credit card info.
But I never got that far, because by now I was suspicious. There was no button in the Taskbar to indicate that Microsoft Security Essentials was running. And why would Microsoft be sending me to sites I’d never heard of to download free software not associated with their company?
It got worse. The trojan shut down my web browser, and I couldn’t open Firefox or Internet Explorer. When I pressed Ctrl+Alt+Del, Task Manager would start for a second and then shut down immediately. I opened Malware Bytes to do a scan, but the program couldn’t update.
I booted my laptop and searched for “Microsoft Security Essentials” and the name of one of the supposed fixes. Google brought up a long list of sites describing the trojan, including this one, which has helpful advice on getting rid of it. In the end, I had to download the latest version of Malware Bytes on the second computer and transfer it to the infected computer via flash drive. That updated Malware Bytes on the infected computer; I ran a full scan, and it got rid of the trojan.
The whole “adventure” wasted about three hours of my time on a day when I was trying to get a little bit ahead on work. I upgraded my Malware Bytes from the free version to the paid version, which offers real-time protection, because my normal antivirus programs let this nasty trojan slip through.
I don’t usually blog about this kind of stuff, but I thought I’d mention it because (a) I hadn’t heard about this one before it hit my computer and (b) it’s designed to scare you into compliance by presenting legitimate-looking—but totally fake—security warnings. I didn’t download a rogue program, but it’d be easy to do so, thinking you were protecting your computer. So watch out.
(I know, I know . . . get a Mac. LOL. But I need a PC for work.)