ROGUE APPLICATIONS

ROGUE APPLICATIONS
(Right click anywhere on this page and
choose PRINT to print your own copy)
NEWEST INFO IS AT THE BOTTOM OF THE ARTICLE!

We have seen a major increase in the number of ROGUE APPLICATIONS appearing on computers brought into our shop. For this reason we are providing you with this information sheet to help you prevent these from getting on your system.

These applications appear to be legitimate programs that try to scare you into buying a protection product of some kind. They are ruthless in their approach and are very difficult to remove. They are scams. The protection provided by these products is questionable. The charges for the software can be extensive. Oncce you swipe your credit card to purchase the annoying product, they will hit your credit card for the purchase price on a daily or other periodic basis. There is nothing to be seen until you get your statement, but by then it is too late. You agreed to the purchase. We have customers who have had to cancel their credit cards as the only way to get out from under continued charges. They change daily in order to bypass normal protection software but there are things you can do to prevent them from getting on your system. Some of our customers have lost THOUSANDS of dollars to these scams. DON'T BE A VICTIM OF THESE DECEPTIVE SCAMS! Click the link below for an alphatbetical list of rogue apps...
http://www.lavasoft.com/mylavasoft/rogues/a

They APPEAR to be legitimate programs, but in fact have been designed to look similar to OTHER real protection programs. DO NOT BE FOOLED by these scare-ware versions of other software. They LIE to you about the presence of viruses or other problems on your system in order to fool you into buying their product. They may make your other programs appear to be infected. Block your Internet access. Shut down other protection products. Put pornography links on your desktop. And a wide variety of other things to make it appear as if you system is rapidly declining and eaten up with undesirables.

BE FAMILIAR with your real protection software. If some other program pops up on your system and tells you that you have viruses, spy-ware, or registry problems, then it is a LIE. It is a TRICK to fool you into clicking on the window somewhere, which then DOWNLOADS additional software to your system which cannot be removed by normal means. If such a program appears on your system at any time, DO NOT CLICK ON ANYTHING! Not even the X in the upper corner to close the window. STOP immediately and hold down the POWER BUTTON on your computer for 7 to 10 seconds until it shuts off. You may then start the computer again. You should then run Spybot Search and Destroy, or SuperAntiSpyware. Update each and then scan your system for remnants of the offensive rogue application. Other legitimate ad-ware / spy-ware removal products may also be able to get rid of such remnants as well. HOWEVER, we CANNOT guarantee that these baddies can be removed since they change so often.

These programs can appear from many different kinds of web pages. Pay attention to the sites you are visiting and if these appear from those locations, DO NOT GO BACK to those sites!

If you click anywhere on the window when it appears, you are letting the remote server know that they have a “live user” connection and they will download things to your system in just a few seconds that will make it appear infected, prevent internet access, and shut off other protection software in order to prevent you from being able to remove their "scare-ware".

Special tools are needed to remove these rogue applications and we can get them off of your system, but if you do not follow these instructions you will likely have such items infect your system again, and again, and we will have to charge each time for their removal.

Be sure to use the IMMUNIZE feature of Spybot Search & Destroy to block as many of these potential bad sites as possible.

We can NOT bullet-proof your computer against all forms of mal-ware, but if you keep up with your updates, do frequent scans, immunize, and avoid questionable sites, you should be able to keep your system out of trouble.

One addition addendum:
We suggest that you set up an additional "user account" on your system for web browsing only. Go to your control panel and click on USERS or USER ACCOUNTS. Add a LIMITED or STANDARD user (NOT an Administrator) and you can call it whatever you like. The user name can be "Safer Browsing" or "For The Kids" or whatever you want. This account can be used for web browsing and will block the installation of some things. This account will prohibit the installation of software and other kinds of changes to the system. We are not sure at this point if this measure will block all Rogue Applications but it does prevent some from getting a foothold in your system. When starting your computer you will then be able to choose which account to start with, or you can easily switch accounts by just logging off (rather than shutting down or restarting) and then choose the other account to log back in. If you wish to install new software etc. you will need to switch back to one of your Administrator accounts.

UPDATE - 12-15-2010
Looks like MSN and Google have fallen prey to these scam artists too! Paid links with Google banner ads and MSN banner ads can lead to sites that will load rogue apps on your system. Be careful what you click on - as these are not search results but appear to be legitimate ads. These banner ads were paid for, and not tested by MSN or Google, but apparently the creators of the rogue apps can now afford to buy ad space! If they pay for it, not much the sellers can do I guess? Still, WATCH OUT, they are popping up EVERYWHERE! Here is an article about the recent paid ads...
http://www.infopackets.com/news/security/2010/20101215_google_microsoft_ads_link_to_malware.htm

UPDATE 12-29-2010
A COMPLETE SYSTEM RELOAD from a recovery disk or recovery partition MAY NOT ELIMINATE THE PROBLEM as some of the more common root kits infect the master boot record (MBR) of the main drive (C: drive) and this is not modified during the recovery. Only an experienced technician can safely and correctly remove these kinds of infections!

UPDATE 6-7-2011
USE THE CHROME BROWSER! We have been recommending this for a long time. Internet Explorer does not work the same way as CHROME. The Google CHROME web browser uses a "sandbox" process to run things from the internet and will "Contain" a rogue insertion attempt in a browser tab. Just close the tab and you are free of the rogue! It does not allow it to get into your system! This MAY NOT BE TRUE FOR ALL VERSIONS of the rogue, but it certainly has worked several times for yours truly. USE THE CHROME BROWSER! Safer, faster, easier... no reason NOT to use it really! If you continue to use Internet Explorer, YOU WILL LIKELY GET A ROGUE APP INFECTION!

UPDATE 1-13-2012
It appears as though the rogues are now trying to infiltrate your system via email. Not sure if this is by initial virus infection of just spam, but we saw one this morning. A link in an email led directly to a rogue app infection attempt. FORTUNATELY, we had GOOGLE CHROME set as our DEFAULT browser and the link opened up in Chrome instead of one of the more insecure browsers. If you are using Chrome (and you SHOULD BE), make sure it is set as your DEFAULT browser! Click on the little wrench in the upper right corner of Chrome, and choose options - set Chrome as your DEFAULT browser - which means the preferred browser which will open any internet link that you happen to click on! Do it NOW!

If you do not understand these instructions or have questions about ANY of the protection software that we supply or recommend, please give us a call or drop by with your system. Thank you.