A few people have asked how I use one drive to backup both my Mac (using Time Machine) and my PC (using Windows Backup), so I thought I'd document it in case it's useful to anyone. There might be other guides on how to do this, but here's how I did it - it's fairly easy if you're familiar with partitioning, formatting and generally messing around with drive management. If you're like me and have both a PC and Mac, backing them both up to the same drive can be very convenient (though make sure you do backup elsewhere too, one drive for everything means if that drive dies, you've lost two computers' backups!). There are other backup options than the aforementioned defaults included with the OS, but I find they work well enough for me so I'm happy to use them :) Please also note that this is how I did this, and it is not the only way (or perhaps even the best way - I don't claim to be an expert at these things).
View full entry »
Have you ever had one of those fake antivirus things pop up on your computer? You know the type, "50,000 infections found! Click here to remove! *click* Pay $$$ to remove or you have viruses!!1". They're very convincing; usually they look like legitimate programs and/or parts of Windows. They prey on novice PC users who jump at the word 'virus' and think they have done something wrong.
I recently had the misfortune to meet one called XP Anti-Virus 2011 (not my computer that was infected, I was just tasked with fixing this particular one). This virus - and yes, I am calling it a virus even though it technically isn't one - is the nastiest rogue software I have seen yet, though I'm sure it's not the only one to run as it does. It's not new, despite the name - it's been around for years under various different names, mainly comprising of your version of Windows and the current year. So under Windows XP, you'd get XP Anti-Virus 2011 and under Vista you'd get Vista Anti-Virus 2011...etc.
Why is this particular one clever? Well, as I said, it's probably not just this one, but what this program does is to change how .exe files are run on your computer. On Windows, .exe files are normally programs; nearly all executable files will have that extension. Mr Nasty Virus here reroutes all .exe files to run through itself - and it'll block any it doesn't like. Those it doesn't like include almost all legitimate antivirus/antispyware scanners and certain web browsers as well - it didn't seem to stop Chrome but it put a stop to Internet Explorer in any case and kept reopening itself informing me that the computer had too many viruses and I must click here to register and remove threats. That of course makes removing this piece of rubbish a right pain since, well, it doesn't let you. :P Of course, it did everything else these fake programs do - nice threatening messages, cloned the Windows Security Center but plonked itself there instead, typical antivirus program look... All very lovely.
I removed it by following a mixture of guides online - this guide is one of many that explains the basic steps (note the insertion of the license key in those steps - once you do this the program will act as if it removes the viruses and/or itself. Ha - I restarted and it came back up an hour later saying my registration needed confirming and I still had threats). Once you've got rid of it, make sure to update your real antivirus/antispyware protection and run a full scan to make sure it really has gone. A lot of those guides keep trying to push a download of SpywareDoctor (normally labelled as the "remover" for the viruses)... I've never found that program anything more than bloat, personally - I removed the items manually then ran MalwareBytes' Anti-Malware on a full scan to make sure all traces had gone.
How do you protect yourself from getting fake antivirus software on your computer? Here are a few tips:
- Know what your real antivirus software is (and firewall, if you have one), what it looks like and how to run it. If a window pops up saying you have viruses but it doesn't look like your normal AV software, it is more than likely fake.
- Use a browser other than Internet Explorer, or if you like IE, keep it up to date. XP Anti-Virus and its variants creep in through unpatched vulnerabilities in browsers - mostly IE.
- Keep Windows up to date. I know, Windows Update is a right pain and sometimes its updates take ages to download/install and sometimes break things. However, some of the updates do fix holes in the operating system so that fake AV stuff can't get in as easily.
- Don't click on dodgy links. Got some weird email from your friend with a link in it? Might be worth checking they really sent it and didn't get their email account hacked with virus-infested site links now being distributed through it (it happened to me last year - my email account got hacked and my contacts all received some virusy links :( )
- If a message does pop up about viruses on your computer, read what it says carefully. In most cases, fake AV software is in broken English with poor grammar and spelling (e.g. "threat is been discovered on your computer"). If your computer's primary language isn't English and this rubbish shows up in English, that's also a giveaway right there.
- If you do happen to get one of these fake programs on your computer, don't click on any notice it gives you. Click the X button at all times, don't click any buttons it gives you on screen - in getting rid of the millions of popups it was giving me, I inadvertently clicked on what I thought was a cancel button - it tried to send me to some dodgy website. Ick.
Most people are wise to so-called phishing scams, usually in the form of emails pretending to be from a reputable place such as a bank asking you to click a link to 'secure your account' or similar. Said link is usually a clone of the real site so that users feel comfortable entering in their confidential data. Of course, it all gets sent to scammers who go and use your details to commit fraud. Lovely.
It's not a new thing at all, but people are doing this over the phone too. A popular one that recently caught out a family member is that someone will call, ask for the householder by name, and proceed to tell them they are from Microsoft or 'Windows Support'. They may have the householder's email and/or home address (from where I have no idea; they may be using the local phone book or have the details sold onto them from other sources) and will gain the trust of the user by confirming these with them, proceeding then to tell the user their computer is infected by viruses and this must be fixed now or they will be fined/their computer will crash/other similar threats. Sounds like a classic scam, but due to the user being named it can catch people out - especially if they're computer illiterate.
The scam generally continues with some or all of the following:
The user is instructed to go to their computer, go to the Run command/Windows+R (which brings up the Run box) and type in "eventvwr" and/or some form of "prefetch unwanted"
The scammers tell the user that the entries listed in the resulting window are viruses and these must be cleaned.
This is of course not true - "eventvwr" brings up the Windows Event Viewer and entries listed within this are events logged by Windows. Scammers may go further with this one and say that any items with a yellow warning triangle or red cross are malicious items, but they aren't - they're errors logged by Windows which for the most part are harmless. They are definitely not viruses.
The "prefetch unwanted" command brings up the Windows prefetch cache, which is just that - a cache of programs which enables Windows to open them more quickly. Deleting these files won't remove a virus nor will it damage your computer.
After insisting that the files found are dangerous, the scammers will offer to 'fix' them and will ask for payment to do this. They might take users to a website or they will ask for card numbers over the phone. Common websites users are sent to include some variant of the words "tech support" in the URL.
What follows is an attempt to connect to the computer remotely. How this is done differs slightly per scam but in general they will direct users to a web page via the Run command and/or will ask them to install a program such as TeamViewer or LogMeIn. Installing those particular programs (the ones mentioned, that is - other programs may be more malicious) is not dangerous in itself - it's the part where the user hands over control that is, and the scammers will do this by asking the user to enter a code into the website or program. Control is then given over to the scammers - they can then see and use the computer as if it was their own.
Once the card payment has gone through (for far more than the user paid for, in most cases), the scammers will set about 'fixing' the computer, which generally involves downloading and installing lots of software onto the machine and possibly deleting anything they think is a virus (note: this could be anything - personal documents, essential Windows files, etc). They might tell users to leave the machine for a bit and during that time they'll snoop into their personal files - or they'll do it right in front of the user and claim it's part of the fixing process. It isn't - they're just looking for information they can steal.
Once all the software is installed, the user is told their computer is fixed and the call is ended. The installed software is, in most cases, harmless; it's just junk that doesn't do anything (or perhaps does do something, but not what it advertises - it may pop up a load of ads or redirect your browser to a dodgy search page, for example). However, some scammers have installed software which opens a backdoor to the computer and leaves it in their complete control and can use this to do far more damage. Rootkits and keyloggers can get installed and the computer can end up a so-called 'zombie' acting as part of a botnet.
Fixing all this once the user discovers they've been conned depends on quite how bad the damage is to the computer. Personally I'd recommend a full reformat - you never know what nasty little things were done during the 'fixing' process and what that seemingly harmless software might leave behind. It might still be 'calling home' in the background, sending personal details back to the scammers. Not really a nice thought. It also goes without saying that you should cancel all cards given out to these fraudsters and contact your bank telling them what happened. It's unlikely you'll get the money back, as you willingly gave the details out, but you should still contact them. Watch out for an increase in junk mail, email spam and/or similar phone scams as your details get passed around - don't fall for them again. If you can, get a credit check done to make sure no one is fraudulently using your details.
However, the best advice is not to be scammed in the first place. When random people call you up out of the blue, treat them as if they'd emailed you - would you blindingly trust any email that says it's from a certain sender? You shouldn't trust people on the phone that claim as such either. If they pretend to be from a reputable company, ask their name and ask for a reference number for the call, then call the company's main advertised number (NOT the number the person on the phone tells you to call, even if they say it's their private extension or similar) and quote the details. No such person/reference? You know that call wasn't genuine.
Think about it: would a major computer company such as Microsoft really care about individuals with viruses? And furthermore, if they did care, would they really task themselves with dealing with it? No, they wouldn't - they're a huge company with far better things to do. It's common sense; you cannot know a person is who they say they are even if you met them face to face, so how can you possibly know over the internet/phone? You can't, so don't give them the privilege of having your personal data. You don't know what they'll use it for - ID theft, selling it on, stealing from your bank account ... You name it.
Oh, and don't save things on your computer that will delight such fraudsters when they find them either - bank details in a Word document? Not a good idea. Really.