Watch out . . .

Consider this post a public service announcement. Yesterday my desktop computer got attacked by the Fake Microsoft Security Essentials Alert trojan. This virus looks like a legitimate security alert, but in fact it’s a trojan that tries to trick you into going to a bogus website and downloading a rogue program to your computer.

Yesterday I was looking at news sites trying to get more information about the shooting at UT Austin. (My daughter went to that school, and even though I knew she wasn’t there yesterday, it was one of those things you watch with grim fascination because you know the place.) I don’t know which site caused the problem; I had several tabs open in my browser. But all of a sudden Windows Media Player opened (I hadn’t selected a video to play) and this window popped up:


I clicked the “Clean computer” button, and was told that Microsoft Security Essentials couldn’t remove the threat. The program then “searches online” for software that, it claims, will fix the problem and shows you the “results”: five bogus sites mixed in with legitimate, recognizable anti-virus sites like AVG and Kaspersky. But the only sites with software to fix the problem, according to the fake alert, are these: AntiSpy Safeguard, Red Cross Antivirus, Peak Protection, Pest Detector, and Major Defense Kit.

Ever hear of any of those? There’s a reason why not: Each one is a rogue program. If you download one, the next time you start your computer the rogue program starts up and pretends to run a scan. The fake scan announces numerous threats (this is bogus) and directs you to buy software to remove them. So ultimately, this trojan is after your money and your credit card info.

But I never got that far, because by now I was suspicious. There was no button in the Taskbar to indicate that Microsoft Security Essentials was running. And why would Microsoft be sending me to sites I’d never heard of to download free software not associated with their company?

It got worse. The trojan shut down my web browser, and I couldn’t open Firefox or Internet Explorer. When I pressed Ctrl+Alt+Del, Task Manager would start for a second and then shut down immediately. I opened Malware Bytes to do a scan, but the program couldn’t update.

I booted my laptop and searched for “Microsoft Security Essentials” and the name of one of the supposed fixes. Google brought up a long list of sites describing the trojan, including this one, which has helpful advice on getting rid of it. In the end, I had to download the latest version of Malware Bytes on the second computer and transfer it to the infected computer via flash drive. That updated Malware Bytes on the infected computer; I ran a full scan, and it got rid of the trojan.

The whole “adventure” wasted about three hours of my time on a day when I was trying to get a little bit ahead on work. I upgraded my Malware Bytes from the free version to the paid version, which offers real-time protection, because my normal antivirus programs let this nasty trojan slip through.

I don’t usually blog about this kind of stuff, but I thought I’d mention it because (a) I hadn’t heard about this one before it hit my computer and (b) it’s designed to scare you into compliance by presenting legitimate-looking—but totally fake—security warnings. I didn’t download a rogue program, but it’d be easy to do so, thinking you were protecting your computer. So watch out.

(I know, I know . . . get a Mac. LOL. But I need a PC for work.)


About nancyholzner

6 responses to “Watch out . . .

  • Ravenne

    Sorry to hear of this attack. It happened to me as well. I learned not to pay attention to that alert. I still get it even though I’ve cleaned my puter up. Another thing, I recently got a notice to verify my paypal account. It looked authentic, but when it asked for my credit card info I got suspicious. I closed it out and went to paypal through my bookmark. Contact revealed it was an attempt to steal my info.

    So be careful. Never use a sent email to go to your account. Always go yourself and check out anything they’ve sent.

    Congrats on working on the 3rd book of your “Deadtown” Series.

    Laurel W.

    • nancyholzner

      If you still get it, then the trojan isn’t completely gone from your system. You might want to do a full system scan with the latest version of Malware Bytes or take a look at the website I linked to with instructions for getting rid of it entirely.

      Yes, those phishing emails are a pain. I even get them from banks where I’ve never had an account. But you’re smart always to go to PayPal directly, not by clicing an email link.

  • RK Bentley

    Or just run PC OS thru Parallels on a Mac.

  • Sharon Jones

    I wish I had seen this about 15 min ago when Windows told me much the same thing. They were able to clean th 2 files on my computer thank goodness. I was listing to my media player as I worked and got a different set of songs for a couple of minutes. Did a full scan and seem to be okay. Nice of you to let us know about this. Thanks

    • nancyholzner

      Darn, Sharon, I’m sorry you got hit with this. It’s a pain to have to stop what you’re doing and clean it off. Glad you got rid of it, though.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: