Virus Alert: Real or Rogue?

Category: Security

A worried AskBob reader says: “Do I have a computer virus? My computer will sometimes stop and it says I have a virus, and I must call a number on the screen. Then supposedly they will walk me through the process to fix it. Is this true? I have antivirus installed but still, it pops up now and then.” Here's my diagnosis...

You Have a Computer Virus! (true or false?)

The reader didn't say whether these symptoms occurred when he was browsing the Web or when doing something else. If you see something similar, you may have a real virus in your computer, but much more likely you're looking at a simulated virus that is nothing more than an ad on a web page that a scammer has made difficult to close.

Either way, do not call that phone number! You will surely be connected to a fake “tech support rep” who will try to initiate a remote session with you. He'll also con you out of one or more credit card numbers (“Oops, that card was declined. Got another?”) He may also try to get your bank account numbers, Social Security Number, driver’s license number, and other data that can be used to steal your identity. After getting your payment details, he'll give you instructions for downloading something "to help you analyze and fix the problem."

The most likely result is that you WILL have a virus or some sort of malware after dutifully following the instructions of the person on the other end of the phone. Adding insult to injury, new credit card charges will be rung up, leaving you to sort things out with the card issuer. So Rikki, don't use that number. Here's a real email that I recently got from a reader, which illustrates this type of scam:

fake virus scam

    “A week ago an 'Emergency Message' popped up on my computer, and a voice said my computer had been locked because of a trojan. The message gave a phone number to call, so I called it. They had me download TeamViewer for them to look at things, then ran diagnostics on my system and said they found the problem. While they were doing that the screen was blue and said "Do not shut off your computer, updates in progress," and their cursor was moving around. After we hung up, I deleted TeamViewer. However, several times over the last week that blue screen has come back on, and a cursor is moving around. One time Notepad was opened, and someone typed a message to someone I don't know! So evidently, someone still has access to my computer. I have run anti-virus programs, reset the BIOS, checked for Microsoft updates, and done everything I know to stop it. What else can I do? Thank you for any help you can give me!”

I had to give this reader the sad news that the virus warning was fake, and the person he connected with by phone and TeamViewer was a malicious scammer. I advised him that he would need to take certain steps to recover from this incident. More on that below.

If a “virus alert” pops up only when you are browsing the Web, it is probably a fake Web page. Your computer does not have a virus. But the fake page can be designed to take over your entire screen, leaving scant clues that a browser is open. The page may also include code that makes it very difficult to close the page, and which re-opens the page if you do manage to close it. Your first step to get out of this trap is to close your browser.

Press the Ctl-Shift-Esc keys simultaneously and hold them down until the “Task Manager” window appears. In the Processes tab you will see the name of your browser (Microsoft Edge, Google Chrome, Firefox etc.). Right-click that item and then click the “End Task” option to force the browser to close. If that doesn't work, shut down the computer and restart. (Don't suddenly power off, or yank the plug, that can cause other damage.)

Eliminating a Malware Infection

If you suspect a virus infection, run the fullest, most in-depth scan that your antivirus software can perform. (See my article PC Matic Gets a Zero! for my recommended internet security tool.)

Then run another scan using another antivirus program, just to be sure. A free utility named ADWCleaner will scan your computer, browser, and Windows registry for extensions and other programs that may harbor this “tech support” scam.

If the “virus alert” went away when you closed your browser, then the problem is almost certainly browser-related. The alert may simply be a page on a shady Web site that you visited; the solution is to close that site’s tab or window and never go there again.

Another option is System Restore; roll back your Windows system to an earlier time before you started getting the “virus alert.” See my article, Try System Restore for Windows 10 for help with that. Those instructions will also work for Windows 11.

That should eliminate the malware or backdoor access program that was installed. If any odd behavior continues after that, you will need to back up your important files, format the hard drive, and re-install Windows.

I also would recommend that you contact your bank and report any charges resulting from this encounter as fraudulent. Then check your bank and financial accounts for any unauthorized transactions. And only AFTER you are certain your computer is free of the unwanted malware, change passwords for all your online accounts.

Viruses generally don’t throw up “alerts” to let you know something is wrong. Most malware prefers to operate in secret, so you won't find and remove it. A computer that runs sluggishly may be infected with a virus. Whatever mischief the virus does in the background consumes resources and can slow everything else down.

One exception to the "viruses operate in secret" rule is ransomware. If your computer is locked and a screen instructs you to make a payment to restore access to your data, you may be a victim of ransomware. See my article Ransomware: Are You at Risk? to learn more about ransomware, prevention and recovery.

If you have a nagging feeling that you may have a computer virus, but you don't have any hard evidence, it can't hurt to check, even if it's for your peace of mind. See my instructions above to scan your computer for viruses if something doesn't seem right, or just as precautionary measure.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 17 Jan 2023


For Fun: Buy Bob a Snickers.

Prev Article:
AskBob's Best of 2022 - Part Two

The Top Twenty
Next Article:
Is This the Best Month to Buy a Car?

Most recent comments on "Virus Alert: Real or Rogue?"

Posted by:

Hankster
17 Jan 2023

Bob -
Thanks as always.
Much appreciated.


Posted by:

Lisa
17 Jan 2023

I have had a few of these. I immediately shut my computer down. then I do a clean on it. and change password. Thanks Bob


Posted by:

Beverly Shellabarger
17 Jan 2023

I recently had a virus/ransomware (whatever you call it). It was connected to Quickbooks desktop. A message would pop up within a few seconds of opening QB and it said my company file was corrupted and needed to call Intuit support. Then it conveniently listed the phone #. I was stupid and called the # and they wanted 3000.00 to clean up my company files. I have 4 different company files and they would clean all 4 for the 3,000.00. They sent me over a CC permission to charge my card. Every part of my body cried FRAUD so I quickly got off the call and did a little research. After many hours of searching, I finally found one reference to this and how to clean it up. I took the easy way out and went back to a totally clean version of Windows 11. My files all stayed in tack but I had to reinstall ALL the software. It was a pain but everything is OK now. I just wish I knew where it came from to avoid it in the future.


Posted by:

DaveM
17 Jan 2023

This scam is a variation of an old one I haven't seen in awhile where you would receive a telephone call from "Microsoft" informing you that they had detected a virus on your computer. Of course the helpful tech would remove it for you if only you would set up a Remote Desktop session and provide a credit card # so he could clean it up for you. No need to provide the ugly details of what happens next.

Never ever, ever tap or click a link provided in the scammers message (or call the provided phone #). If you have concerns that your Amazon or Netflix account has been locked because of "suspicious activity", go directly to your Amazon or Netflix account web site where you will quickly see that no such "lock" exists.

One minor correction to Bob's always excellent advice: hitting ctrl-alt-delete in Win10 will take you to a blue screen with a few options. You can then select Task Manager (or shut down your computer) from this screen.


Posted by:

Art F
18 Jan 2023

Dave M: It was not ctrl-alt-delete that Bob recommended for accessing the Task Manager, but ctrl-shift-escape. That combination, which I hadn't known about and which I find very handy, does immediately open the Task Manager, much quicker than the method I was previously using.


Posted by:

David P Lagesse
18 Jan 2023

Every time I have wanted to do a System Restore, all it ever did is waste time, nothing was changed.


Posted by:

DaveM
18 Jan 2023

Thank you Art F - you are absolutely correct. Before I comment again, I think I shall review my reading skills! And I, too, had never heard of that combination. I learn something every day!


Posted by:

Ernest N. Wilcox Jr.
18 Jan 2023

I haven't seen one of those 'virus warning' pop-ups in a very long time. When I did (a decade ago, give or take), I knew enough to not click or do anything it wanted me to do. IIRC, it was a struggle to get my web browser closed, but I managed, then I ran a full system virus scan, and I downloaded Malwarebytes and did another scan, just to be sure. I'm happy to report that I found no threats. The whole thing was a scam.

It taught me a few valuable lessons, though. One is to trust nothing that comes from the Internet unless I can confirm for myself that the source of information is trustworthy and accurate. Over the years I have determined that the information I get here (on the Ask Bob website) is both trustworthy and accurate, although I still pick and choose which morsels I'll use/follow :). Another lesson was to never click any hyperlink (either on webpages or in email messages) without checking that the URLL matches the purported destination (the text on the link's label). If they don't match, I don't click.

As for the URL, the first part is what counts, from the 'https://' to the first single slash '/'. For example, the URL for a link purporting to take me to a page on BestBuy should start with 'https://bestbuy.com/' (note that it says 'bestbuy.com between the double-slash '//' and the first single-slash '/'). Everything that follows will be the path to the destination page on the BestBuy website.

There is another type of hyperlink that may be safe, but I still don't trust it. It's a redirection link. For any of a number of reasons (some are valid), a website will create a page to redirect your browser to the destination (an external website) and create a link to it rather than directly to the external site. The reason I don't trust redirection links is that the URL is too difficult to de-code, and therefore too difficult to validate. If I can't de-code the URL, I won't click it, ever.

The single most important thing I can do to protect myself on the Internet is to remain very skeptical about everything at all times. When my boys were young, my wife and I taught them about 'Stranger Danger'. My mother taught me to not trust strangers when I was little too. That training has served me very well throughout my life (over seven decades), and it has kept me safe from many of the horrors I hear about in the news. Stranger-danger is all about being skeptical of strangers. Everyone on the Internet is a stranger because you cannot know that the person you are interacting with is really the person you think they are, unless you can confirm that fact with something you both know, but that nobody else knows. Everything on the Internet is produced by strangers too, so that is why I don't trust anything on the Internet until I can confirm its trustworthiness for myself. The only way to determine which websites you can trust is by using them over time (as I have done with the Ask Bob website). That is also why I check every hyperlink before clicking. It's created by some stranger. Call me paranoid if you will, but I'd rather be safe than sorry.

My2Cents,

Ernie


Posted by:

Lee
18 Jan 2023

When I got one of these I could NOT get to shut down. So I held the start/off button until computer shut down, waited overnight and tried starting up again. When that did not work, took to my local computer repair (I trust them) and had them run total virus scan on the computer. Fixed it. I usually can get computer to shut down and restart (sometimes wait til next morning) and all is fine. Now have Malwarebytes Premium.


Posted by:

Geoff W
18 Jan 2023

The easiest way to shut down that seemingly unstoppable nagging web page, which is just a picture that blocks the entire screen but may have links or phone numbers, is do as Bob says via Task Manager but what seems to be missed is an easy quick way to bring up Task Manager, and that is right click the bottom task bar and the TM selection is looking at you. Geoff W.


Posted by:

Keith R
18 Jan 2023

Geoff W. THANKS for the taskbar trick to open Task Manager!


Posted by:

Ahmad
18 Jan 2023

Actually, these types of scams seem to still happen a lot. There are entire YouTube channels dedicated to people baiting these scammers and trying to damage their operations.

Some of the famous channels are: Jim Browning, Kitboga (hilarious, very entertaining), Scammer Payback, Trilogy Media, Scambaiter.


Posted by:

Jene
18 Jan 2023

I tell my users: Imagine you've just parked your car in a parking lot, and someone comes up to you and says: "I need to borrow your keys." Would you fall for that? A computer message is no more valid than a stranger in a parking lot! Or that stranger says: "I'm from AAA and we've detected a problem with your car. Give me your keys so we can fix it." (A common computer scam.)


Posted by:

bill
18 Jan 2023

I would do a computer install from last backup
I back up my puter pretty often!


Posted by:

Karena
19 Jan 2023

Ahmad: Thank you for the links!


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML


Article information: AskBobRankin -- Virus Alert: Real or Rogue? (Posted: 17 Jan 2023)
Source: https://askbobrankin.com/virus_alert_real_or_rogue.html
Copyright © 2005 - Bob Rankin - All Rights Reserved