Virus Alert: Real or Rogue?
A worried AskBob reader says: “Do I have a computer virus? My computer will sometimes stop and it says I have a virus, and I must call a number on the screen. Then supposedly they will walk me through the process to fix it. Is this true? I have antivirus installed but still, it pops up now and then.” Here's my diagnosis...
You Have a Computer Virus! (true or false?)
The reader didn't say whether these symptoms occurred when he was browsing the Web or when doing something else. If you see something similar, you may have a real virus in your computer, but much more likely you're looking at a simulated virus that is nothing more than an ad on a web page that a scammer has made difficult to close.
Either way, do not call that phone number! You will surely be connected to a fake “tech support rep” who will try to initiate a remote session with you. He'll also con you out of one or more credit card numbers (“Oops, that card was declined. Got another?”) He may also try to get your bank account numbers, Social Security Number, driver’s license number, and other data that can be used to steal your identity. After getting your payment details, he'll give you instructions for downloading something "to help you analyze and fix the problem."
The most likely result is that you WILL have a virus or some sort of malware after dutifully following the instructions of the person on the other end of the phone. Adding insult to injury, new credit card charges will be rung up, leaving you to sort things out with the card issuer. So Rikki, don't use that number. Here's a real email that I recently got from a reader, which illustrates this type of scam:
- “A week ago an 'Emergency Message' popped up on my computer, and a voice said my computer had been locked because of a trojan. The message gave a phone number to call, so I called it. They had me download TeamViewer for them to look at things, then ran diagnostics on my system and said they found the problem. While they were doing that the screen was blue and said "Do not shut off your computer, updates in progress," and their cursor was moving around. After we hung up, I deleted TeamViewer. However, several times over the last week that blue screen has come back on, and a cursor is moving around. One time Notepad was opened, and someone typed a message to someone I don't know! So evidently, someone still has access to my computer. I have run anti-virus programs, reset the BIOS, checked for Microsoft updates, and done everything I know to stop it. What else can I do? Thank you for any help you can give me!”
I had to give this reader the sad news that the virus warning was fake, and the person he connected with by phone and TeamViewer was a malicious scammer. I advised him that he would need to take certain steps to recover from this incident. More on that below.
If a “virus alert” pops up only when you are browsing the Web, it is probably a fake Web page. Your computer does not have a virus. But the fake page can be designed to take over your entire screen, leaving scant clues that a browser is open. The page may also include code that makes it very difficult to close the page, and which re-opens the page if you do manage to close it. Your first step to get out of this trap is to close your browser.
Press the Ctl-Shift-Esc keys simultaneously and hold them down until the “Task Manager” window appears. In the Processes tab you will see the name of your browser (Microsoft Edge, Google Chrome, Firefox etc.). Right-click that item and then click the “End Task” option to force the browser to close. If that doesn't work, shut down the computer and restart. (Don't suddenly power off, or yank the plug, that can cause other damage.)
Eliminating a Malware Infection
If you suspect a virus infection, run the fullest, most in-depth scan that your antivirus software can perform. (See my article PC Matic Gets a Zero! for my recommended internet security tool.)
Then run another scan using another antivirus program, just to be sure. A free utility named ADWCleaner will scan your computer, browser, and Windows registry for extensions and other programs that may harbor this “tech support” scam.
If the “virus alert” went away when you closed your browser, then the problem is almost certainly browser-related. The alert may simply be a page on a shady Web site that you visited; the solution is to close that site’s tab or window and never go there again.
Another option is System Restore; roll back your Windows system to an earlier time before you started getting the “virus alert.” See my article, Try System Restore for Windows 10 for help with that. Those instructions will also work for Windows 11.
That should eliminate the malware or backdoor access program that was installed. If any odd behavior continues after that, you will need to back up your important files, format the hard drive, and re-install Windows.
I also would recommend that you contact your bank and report any charges resulting from this encounter as fraudulent. Then check your bank and financial accounts for any unauthorized transactions. And only AFTER you are certain your computer is free of the unwanted malware, change passwords for all your online accounts.
Viruses generally don’t throw up “alerts” to let you know something is wrong. Most malware prefers to operate in secret, so you won't find and remove it. A computer that runs sluggishly may be infected with a virus. Whatever mischief the virus does in the background consumes resources and can slow everything else down.
One exception to the "viruses operate in secret" rule is ransomware. If your computer is locked and a screen instructs you to make a payment to restore access to your data, you may be a victim of ransomware. See my article Ransomware: Are You at Risk? to learn more about ransomware, prevention and recovery.
If you have a nagging feeling that you may have a computer virus, but you don't have any hard evidence, it can't hurt to check, even if it's for your peace of mind. See my instructions above to scan your computer for viruses if something doesn't seem right, or just as precautionary measure.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 17 Jan 2023
|For Fun: Buy Bob a Snickers.|
[ALERT] Freeze Your Credit Files (all SIX of them)
The Top Twenty
Is This the Best Month to Buy a Car?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Virus Alert: Real or Rogue? (Posted: 17 Jan 2023)
Copyright © 2005 - Bob Rankin - All Rights Reserved