PC Specialists, Inc.

From the Field -

 

Rogue Programs & ScareWare

 

A Rogue Program is a program that in itself is typically not harmful, but use deceptive advertising and false positives as a scare tactic to have you download or purchase a registered license of the software.

 

Typically Rogue programs state that they are legitimate applications, but are typically clones of other lackluster products repackaged under new names and graphics.

 

Some common names but by no means all of the names used by Rogue Programs are, WindowsRestore, RegTask, Security Monitor 2012, Antivirii 2011, Vista Internet Security 2012, Vista Home Security 2012, Vista Security 2012, Vista Antispyware 2012, Win 7 Home Security 2012, Win 7 Internet Security 2012, Win 7 Security 2012, XP Internet Security 2012, XP Antivirus 2012, XP Antispyware 2012, XP Home Security 2012, & XP Security 2012.

 

A common approach by Rogue programs is to display fake or exaggerated results when the program scans your computer. When the scan is finished you will be shown a list of legitimate files and Windows Registry keys that are flagged as security threats.  In some cases, the Rogue programs actually create the files and Windows Registry keys on your computer so that they can be detected as malware. To further make it seem like your computer is not operating correctly, the "Rogue Software" will also make it so that certain folders on your computer display no contents. It does this by adding the +H, or hidden, attribute to all of your files, which causes your files to become hidden

 

Rogue Programs also attempt to make it so you cannot run any programs on your computer. If you attempt to launch a program it will terminate it and state that the program or hard drive is corrupted. It does this to protect itself from anti-virus programs you may attempt to run and to make your computer unusable so that you will be further tempted to purchase the rogue. The messages that you will see when you attempt run a program are:

 

Hard Drive Failure

  The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.

 

Or

 

System Error

  An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.

 

Or

 

Critical Error

  Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. 

Hard drive error.

 

You are then presented with another alert that pretends to be for a program that will attempt to fix your hard drive.

 

It will look something like the following:

 

Fix Disk

  Windows Restore Diagnostics will scan the system to identify performance problems.

Start or Cancel

 

If you press the Start button, it will pretend to scan your computer and then state that there is something wrong with it.

 

These alerts are trying to make you think your computer has a serious hard drive problem. It should be noted that if you attempt to run a program enough times it will eventually work.

 

The list goes on.

 

Here are some tips to deal with this kind of infection.

 

To reveal hidden files and folders that are hidden by a rogue program you could download and run Unhide.exe (provided by

bleepingcomputer.com) or you can open a command window and navigate to the root folder (Type "CD \" minus the Quotes)and type Attrib -H /S /D

 

To terminate malware\scareware processes you can run rKill (provided by bleeping computer.com)

 

Run your favorite malware removal tool to remove files and registry keys created by these malicious programs. I am partial to "MalwareBytes!" but there are tons of legitimate tools available out there.

 

So what can you do to prevent becoming victim to "Malware"?

 

Install and maintain a good antivirus program there are many to choose from, and yes there are some good free solutions.

 

Find a malware scanner like MalwareBytes! or SuperAntiSpyware to name a few.

You should note that there are pay and freeware versions of both.

 

Never open an email attachment directly from your email client. It is a better practice to save the attachment to a folder on you computer and scan the file with your antivirus solution. Most antivirus software will catch the infected files even before you have a chance to initiate a manual scan.

 

Most of all read the prompts before clicking on anything.

 

It is becoming commonplace for web sites to fall victim to hackers who install malicious scripts into the sites HTML code which can and do install rogue programs and malware just by the act of visiting these hacked websites.

 

If you can't resolve a rogue program or malware issue on your own -

Find a reputable computer repair shop that can fix it for you, but be careful.

Too many office supply and big box stores offer "computer repair" and employ technicians with little or no experience.

(Certainly please call or email PC Specialists)

The bottom line is "You get what you pay for".