This seems to have been a weekend for computer support. Today, Sunday, I found myself looking at an eMachines PC that refused to connect to the Internet using the https protocol. The machine’s owner had already mentioned that he had ditched Norton Antivirus (and gone through a lot of pain trying to uninstall it) and had chosen WinAntiVirus as a replacement. Why? Well, a moderately reputable web-site “popped” something up that told him his computer needed “fixing”, a fake “you are infected” type of message. WinFixer and WinAntiVirus would “fix it” for a small fee. To all extents and purposes, it sounds fairly legit, you pay your money, you get a download link for a couple of products, you believe that you’re protected. Except, these two products do little more than invite their friends (ad-ware, spyware, malware, etc.) in to play about on your computer. From there, it goes from bad to worse. And it’s not new as this post confirms.
Luckily, I was able to uninstall WinFixer and WinAntiVirus, disable a whole raft of browser hijacks and clear down 115 items of ad-ware, spyware and malware. Whilst I was there, I killed off all the remaining Norton services and lingering processes. After a reboot and a re-scan, I was pleased to see the Windows XP shield appear at the bottom right – a clear sign that prior to my arrival something was “blocking” it thus preventing Automatic Updates from taking place. WinFixer and WinAntiVirus may not have themselves been blocking Automatic Updates and other security-related activities (such as blocking scanning software), but they were certainly responsible for something getting on the computer that did.
On the premise that this is one of those “how do you know” scenarios, a piece of advice that I can offer is this:
If a pop-up window (or an advert within a web page) tells you that your PC is infected and offers a “clean up” solution, either ignore it or at least put it into your favourite search engine. Google, for example, provides this advisory: