If you’ve seen a message on your computer that says something like “Warning! You’re in danger!”, “Windows has detected a spyware infection!” or “Your computer could be infected with spyware or adware!!!” then you could be the next target for a sting.

These messages are caused by malware (more specifically, a Trojan) that installs itself on your computer and then tries to scare you into buying fake anti-spyware and PC cleaners. No Windows process or software from a legitimate vendor gives you a warning message and then tries to pressure you into buying a particular product.

The recommended products are useless fakes or just install more malware and ads but try to get real money from you on the way.

So, to recap, this malware installs itself on your PC, nagging you with fake warnings to buy worthless software that does nothing or further compromises your PC security (eg some of this malware reduces security Internet Explorer by changing settings and disabling Windows Task Manager, so you can’t kill unauthorized processes).

Well, now that you know these warnings are fake, you know not to buy the software.

Unfortunately, the malware that generates the warnings is very persistent, intrusive, and difficult to remove. In some cases it will produce a fake blue screen of death (usually a screen saver) or change your desktop background to a big ugly warning and then disable your desktop settings so you won’t be able to remove the warning. So what should I do?

You must realize that it will take some persistence to get rid of the malware, but step by step you can get your computer back.

While looking for how to remove Trojan, malware or adware, there are a few steps you need to take to make sure it doesn’t happen again. Much of this type of malware took advantage of weaknesses in Sun’s Java Runtime Environment (especially version 1.5), so make sure your Java is up to date.

The next most popular route is through Windows OS bugs, now I know you’ve heard this before, but make sure you download and apply critical updates from Microsoft.

Another, less orthodox route is a fake codec for a video. Have you ever tried to open a video file in Windows Media Player and it says it doesn’t understand the format and you want to download a codec that can play the file? Unfortunately, that installation was open to abuse and many fake files were released for the sole purpose of tricking a user into downloading a fake codec that was actually just malware. Of course, the fake video file would be called something like “Angelina Jolie – Nude Movie”. Something that a lot of people would really want to see and would be willing to go to the trouble of getting a codec. Of course, when they get the codec, they are left with nasty malware and a clip of pure garbage.

To remove spyware, you’ll need a good spyware remover. I recommend that you avoid any of the following, as they have all been associated with malware promotion or are considered fake: AdawareDelete, AdwareBazooka, AdwareSheriff, AlfaCleaner, Amaena, Antivirus Pro, BreakSpyware, CurePcSolution, DriveCleaner 2006, ErrorSafe, ExpertAntivirus , PerfectCleaner, SpyAway, SpyCut, SystemDoctor, SystemStable, WinAntiVirus and Winfixer.

For a step-by-step guide to spyware removal and a discussion of spyware tools, visit my Squidoo Lens, shown below.

After removing the spyware, use Piriform’s CCleaner to clean up any clutter left behind. I suggest you look on their site for the portable version.

If you find that you are still unable to perform certain normal actions, such as accessing task manager or changing your desktop settings, I suggest using the fixpolicies tool written by Bill Castner at malwareremoval.com.

After that, I hope you stay safe by updating critical system components, as recommended above, and make sure you have an up-to-date browser and firewall.

Leave a Reply

Your email address will not be published. Required fields are marked *