Archive

Archive for the ‘rogue security software’ Category

HOW TO: Remove the MS Removal Tool

July 29th, 2014 No comments

The “MS Removal Tool” or MSRemovalTool is malware. It is not a Microsoft product. This kind of malware is known as “rogue security software” because it imitates a real product. In this case, the Microsoft Malicious Software Removal Tool.

If you’re infected with this malware you might see a MS Removal Tool window when you start your computer and you might not be able to access your desktop. You might not be able to start Task Manager, and you might not be able to open Internet Explorer or any other programs.

The window might look like this:

The warning in your notification area might look like this:

Microsoft security software detects and removes this threat, but if you already have it you might need to boot your computer into Safe Mode in order to remove it.

Learn how to remove the MS Removal Tool

 

 

Is Windows Security Center real or rogue?

July 22nd, 2014 No comments

A reader writes:

What kind of warnings from Windows Security Center are real, and what should I do about them?

Windows Security Center is a feature that was introduced in Windows XP Service Pack 2 and was also included in Windows Vista. (Action Center replaced Windows Security Center in Windows 7.)

Security Center checks the security status on your computer, including:

  • Firewall settings

  • Windows automatic updating

  • Antivirus software settings

  • Internet security settings

  • User Account Control settings

If Security Center detects a security problem, it displays a notification and puts a Security Center icon  in the notification area. Click the notification or double-click the Security Center icon Security Center Icon to open Security Center and get information about how to fix the problem.

Is Windows Security Center a virus?

In the years since Security Center was introduced, cybercriminals have created several different kinds of malware that look like Security Center or have the same name. If you have this malware on your computer, it might lure you into a fraudulent transaction, steal your personal information, or slow down your computer. This kind of malware is called “rogue security software.” Learn how to spot and avoid these fake virus alerts.

How do I know if the warnings are real?

  1. If you think a warning looks suspicious, the first thing you can do is run antivirus software on your computer, which might let you know if you have a virus. Learn more about antivirus software for your operating system.
  2. To check your knowledge of real security warnings and fake security warnings, and to learn how to help protect your computer and personal information, take our quiz.

Help! Someone is holding my computer hostage

March 18th, 2014 No comments

If you see a pop-up window, webpage, or email message warning you that your computer has been locked because of possible illegal activities, you might be a victim of a criminal extortion scam called ransomware.

Ransomware often masquerades as an official-looking warning from a well-known law enforcement agency, such as the US Federal Bureau of Investigation (FBI).

The aim of ransomware is to prevent you from using your computer until you pay a fee (the “ransom”). If you get an email message or a warning like this, do not follow the payment instructions. If you pay the ransom, the criminals probably won’t unlock your computer and might even install more viruses or steal your personal and financial information.

 

Example of ransomware

What to do if you think you’ve been a victim of ransomware

If you’ve already paid the scammers, you should contact your bank and your local authorities, such as the police. If you paid with a credit card, your bank may be able to block the transaction and return your money.

To detect and remove ransomware and other malicious software that might be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products can detect and remove this threat:

More information about how to prevent and get rid of ransomware

 

 

 

Why does my AV software keep turning off?

July 25th, 2013 No comments

Bob writes:

My antivirus software keeps turning off and I can’t get it back on.

Here are the most common reasons you might encounter this problem:

Your computer is already infected with rogue security software

The warning that you’re antivirus software is turned off might be a fake alert, also known as “rogue security software.” This type of warning is designed to fool you into downloading malicious software or paying for antivirus software. Take our Real vs. Rogue quiz to see if you can identify the difference.”

You have more than one antivirus program

Your antivirus software could turn off if you try to install another antivirus program. Running more than one antivirus program at the same time can cause conflicts and errors that make your antivirus protection less effective or not effective at all.

You might have a virus

Some viruses can disable your antivirus software or disable updates to your antivirus software. Viruses can also prevent you from going online to update or reinstall your antivirus software.

For troubleshooting help, see What to do if your antivirus software stops working.

Online scams are no April Fool’s Joke

April 1st, 2013 No comments

On April Fools’ Day you might have fun being the recipient or the instigator of a harmless prank or two, but it’s good for you to know about online pranks we’ve seen that are far from harmless.

Phone scams. Cybercriminals don’t just email you or post on your social networking site anymore. They call you, pretending to be Microsoft tech support and offering to help you fix your computer. Microsoft will not make unsolicited calls to offer support. For more information, see Avoid tech support phone scams.

Verify your account scam. If you receive an email message that asks you to verify your username and password for your Microsoft account, your Hotmail account, or other account, it’s a scam designed to steal your personal information. The message often includes the threat of immediate account closure. Microsoft will not close your account if you do not provide personal information in an email. For more information, see Avoid scams that use the Microsoft name fraudulently.

Fake security software scams. If you see a pop-up window saying that your computer is infected or unprotected it could be a scam known as “rogue security software” or “scareware.” Rogue security software might report a virus, even though your computer is actually clean. For examples of rogue security software, see our Real vs. Rogue Facebook app.

Learn about how to help protect yourself from other popular scams

Do I have to pay for antivirus software?

February 28th, 2013 No comments

Jo Anne writes:

I received a message that said that my Microsoft security software is turned off and I am not protected. What can I do? I even ran the scan. The warning says that I can buy antivirus protection, but I don’t want to pay for it.

If your computer is running Windows, you do not need to pay for antivirus software. To help fight both viruses and spyware, you can download Microsoft Security Essentials at no cost for Windows 7, Windows Vista, and Windows XP.

First make sure to uninstall any other antivirus software—whether you installed it or it came preinstalled on your computer. If you choose to install other antivirus software on your computer, Microsoft Security Essentials will be disabled.

Windows Defender is an antivirus feature in Windows 8 PCs and tablets that replaces Microsoft Security Essentials. It runs in the background and notifies you when you need to take specific action.

Watch out for rogue security software

The message that Jo Anne received might have been a genuine warning from Microsoft, but it sounds like it could be a rogue security software scam. Rogue security software (also known as “scareware”) claims to offer security benefits but actually provides limited or no security and may even lure you into participating in fraudulent transactions.

As you surf the web, you might see legitimate looking pop-up windows containing “updates” or “alerts” that say you need to click to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, rogue security software downloads to your computer.

For examples of rogue security software, see our Real vs. Rogue Facebook app.

Do I have to pay for antivirus software?

February 28th, 2013 No comments

Jo Anne writes:

I received a message that said that my Microsoft security software is turned off and I am not protected. What can I do? I even ran the scan. The warning says that I can buy antivirus protection, but I don’t want to pay for it.

If your computer is running Windows, you do not need to pay for antivirus software. To help fight both viruses and spyware, you can download Microsoft Security Essentials at no cost for Windows 7, Windows Vista, and Windows XP.

First make sure to uninstall any other antivirus software—whether you installed it or it came preinstalled on your computer. If you choose to install other antivirus software on your computer, Microsoft Security Essentials will be disabled.

Windows Defender is an antivirus feature in Windows 8 PCs and tablets that replaces Microsoft Security Essentials. It runs in the background and notifies you when you need to take specific action.

Watch out for rogue security software

The message that Jo Anne received might have been a genuine warning from Microsoft, but it sounds like it could be a rogue security software scam. Rogue security software (also known as “scareware”) claims to offer security benefits but actually provides limited or no security and may even lure you into participating in fraudulent transactions.

As you surf the web, you might see legitimate looking pop-up windows containing “updates” or “alerts” that say you need to click to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, rogue security software downloads to your computer.

For examples of rogue security software, see our Real vs. Rogue Facebook app.

Watch out for fake Java updates

January 28th, 2013 No comments

You may have seen reports about security alerts for Java recently. Java is a commonly used piece of software from Oracle, so there’s a good chance you have it installed on your computer. Cybercriminals often use fake virus alerts to lure you into buying fraudulent antivirus software. These alerts state that your computer or other device is at risk, but clicking a link in one of them could lead you to downloading malicious software.

In the case of the fake Java updates, cybercriminals are taking advantage of news about security vulnerabilities in Java and recommendations to update Java immediately. We agree that if you use Java on your device you should update it directly from the Oracle website:  

If you don’t, then it’s a good idea to uninstall older versions of Java and disable Java in your browser like you would for any unused software.

Java is just one piece of software that cybercriminals target. It’s important to keep all the software installed on your system up to date. For Microsoft software, you can use the Microsoft Update service.

If you think you have a virus, visit the Microsoft Security Support Center for assistance.  

Watch out for fake Java updates

January 28th, 2013 No comments

You may have seen reports about security alerts for Java recently. Java is a commonly used piece of software from Oracle, so there’s a good chance you have it installed on your computer. Cybercriminals often use fake virus alerts to lure you into buying fraudulent antivirus software. These alerts state that your computer or other device is at risk, but clicking a link in one of them could lead you to downloading malicious software.

In the case of the fake Java updates, cybercriminals are taking advantage of news about security vulnerabilities in Java and recommendations to update Java immediately. We agree that if you use Java on your device you should update it directly from the Oracle website:  

If you don’t, then it’s a good idea to uninstall older versions of Java and disable Java in your browser like you would for any unused software.

Java is just one piece of software that cybercriminals target. It’s important to keep all the software installed on your system up to date. For Microsoft software, you can use the Microsoft Update service.

If you think you have a virus, visit the Microsoft Security Support Center for assistance.  

Top 10 security stories of 2012

December 27th, 2012 No comments

From the latest scams and fraud to how, when, and why to update your computer, here are the stories that you viewed and clicked on the most this year.

Download security update for Internet Explorer. In September, Microsoft released a security update for Internet Explorer. To help protect your computer, visit Windows Update to download and install the update and ensure that you have automatic updating turned on.

Update your browserIn February, if you had automatic updating turned on, Windows Update automatically upgraded you to Internet Explorer 9.  Now you can get Internet Explorer 10.

Is my computer up to date? In March, you clicked on this blog entry to learn how to turn on automatic updating and to make sure that your computer had all of the latest updates.

Beware of ransomware. Nearly a year ago, a lot of you stopped by to learn about the resurgence of this scam. It launches a pop-up window warning that illegal material has been found on your computer and then locks you out of your computer unless you pay a fee. It’s still around, and we recently offered new guidance to help you deal with it.

Protect yourself from online tracking. Earlier this year we reported on Tracking Protection, which was a new feature in Internet Explorer 9. Read more about how user privacy protection has evolved and why it is turned on by default in Internet Explorer 10.

Here are five more stories that were popular with you this year:

For more information on the top online safety stories of this year, visit the Trustworthy Computing blog.
 
 

Top 10 security stories of 2012

December 27th, 2012 No comments

From the latest scams and fraud to how, when, and why to update your computer, here are the stories that you viewed and clicked on the most this year.

Download security update for Internet Explorer. In September, Microsoft released a security update for Internet Explorer. To help protect your computer, visit Windows Update to download and install the update and ensure that you have automatic updating turned on.

Update your browserIn February, if you had automatic updating turned on, Windows Update automatically upgraded you to Internet Explorer 9.  Now you can get Internet Explorer 10.

Is my computer up to date? In March, you clicked on this blog entry to learn how to turn on automatic updating and to make sure that your computer had all of the latest updates.

Beware of ransomware. Nearly a year ago, a lot of you stopped by to learn about the resurgence of this scam. It launches a pop-up window warning that illegal material has been found on your computer and then locks you out of your computer unless you pay a fee. It’s still around, and we recently offered new guidance to help you deal with it.

Protect yourself from online tracking. Earlier this year we reported on Tracking Protection, which was a new feature in Internet Explorer 9. Read more about how user privacy protection has evolved and why it is turned on by default in Internet Explorer 10.

Here are five more stories that were popular with you this year:

For more information on the top online safety stories of this year, visit the Trustworthy Computing blog.
 
 

Scams relating to the recent Microsoft Security Advisory

September 27th, 2012 No comments

Microsoft recently released a security update for Internet Explorer in response to Security Advisory 2757760.

Scammers will often use news items (especially those relating to computer security) to try to trick you into downloading malicious software or to steal your personal information. Scammers claiming to be from Microsoft might also contact you by phone and offer to help fix your computer.

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. For more information, see Avoid tech support phone scams.

If you receive a phone call about the recent Internet Explorer update or about another technical support issue, hang up. If you’re in the United States and you want to report the scam, the best place to report phone fraud is the Federal Trade Commission. For more information, see Reporting phone fraud.

If you receive a scam via email or a website, you can use Microsoft tools to report it.

Avoid scam phone calls

August 22nd, 2012 No comments

Gabby writes:

I just wanted to let you know that I received a phone call this evening from a guy called “Daniel” from “Technical Maintenance of Microsoft Windows.” He said that Microsoft had received error messages from my computer and he asked me to turn my computer on and follow his directions to fix this. I told him that I would sort it out myself and hung up on him.

That sounds like a typical tech support phone scam that cybercriminals use to:

  • Trick you into downloading malicious software.
  • Take control of your computer remotely and adjust settings to leave your computer vulnerable.
  • Request credit card information so they can bill you for phony services.

Gabby did the right thing by hanging up on “Daniel.” For more information, see Avoid tech support phone scams.

 

How do I get rid of all of these security warnings?

July 26th, 2012 No comments

Donald asks:

How do I eliminate the security warnings that pop up every time I open a new page?

Donald’s question has two answers.

Answer #1: They are fake security warnings

Donald notes that the warnings “pop up” and happen every time he opens a new page, which makes us think they might not be real. Donald might be seeing fake warnings because his computer is infected with rogue security software.   

Rogue security software (also known as “scareware”) creates pop-up warnings that look like legitimate security updates. It provides limited or no security and generates erroneous or misleading alerts. Some rogue security software also attempts to lure users into participating in fraudulent transactions.

You can run a free PC safety scan that will help locate and remove the problem if your computer is infected. If you don’t have anti-virus software installed or you want to try a different one, you can download Microsoft Security Essentials (free).

Answer #2: Adjust your security settings

The security warnings that Donald is seeing might be real Internet Explorer security warnings, which could indicate that a website he’s trying to visit could be dangerous. If you see these warnings, follow the instructions. If you know that the sites you’re visiting are safe and you’re still seeing these warnings, your security settings might be set too high.

To adjust Internet Explorer security settings

  1. Open Internet Explorer by clicking the Start button  and then clicking Internet Explorer.
  2. On the menu bar, click Tools, and then click Internet options.
  3. Click the Security tab.
  4. Adjust the security level by moving the slider up or down.
Learn more about how to change your Internet Explorer security settings.

FBI warns against hotel net connections

May 22nd, 2012 No comments

The Federal Bureau of Investigation (FBI) issued a warning earlier this month that travelers should be careful using Internet connections in hotels. Some travelers had inadvertently downloaded malicious software onto their computers when they accepted fake security updates.

Reportedly, hackers had compromised hotel networks (mainly outside of the United States) so that when travelers tried to log on they would see a pop-up window indicating they needed to update their computer in order to get Internet access. The updates were actually malicious software designed to gain control of your computer and steal your personal information.

We recommend that you turn on automatic updating and visit Microsoft Update before you travel to help ensure that your computer is up to date. You can also increase your safety by connecting to the Internet in hotels through a cable instead of using a wireless connection.

4 signs of scareware

May 17th, 2012 No comments

 “Scareware” is fake anti-virus software (also called “rogue security software”) that cybercriminals trick you into paying for or trick you into downloading along with malicious software. According to the latest Security Intelligence Report from Microsoft, one of the most prevalent forms of scareware is called Win32/FakePAV. Learn how to help prevent Win32/FakePAV from stealing your credit card information.

 Here are some tell-tale signs that could indicate a scareware infection:

  • Your computer runs  much slower than usual
  • When you try to surf the internet to legitimate anti-virus websites, you can’t get to them
  • You see a lot of pop-up windows with false or misleading alerts
  • The anti-virus software you recently downloaded is trying to lure you into upgrading to a paid version of the program

Get more information on how to spot fake virus alerts.

If you think you might have already download scareware, you can run the Microsoft Safety Scanner for free. Also, make sure you use legitimate anti-virus software, such as Microsoft Security Essentials, which is also free.

Microsoft was recently interviewed for a local Seattle news story about scareware. Watch the video

 

Fake security software: Know the risks

June 23rd, 2011 No comments

If you’re browsing the web and you see a security warning, beware. Cybercriminals use fake security warnings (also known as “rogue security software”) to steal personal information or to charge you for a program that doesn’t work.

You should only download software from a reputable source. Microsoft Security Essentials, for example, is a program that can help protect your computer. Download it for free.

To watch a video about the extent of the problem and what Microsoft is doing about it, see Rogue Security Software: Scamming for Money.

Watch out for fake security software

May 31st, 2011 No comments

One of the most common ways for cybercriminals to steal money from people is through the use of fake security software, according to the most recent Microsoft Security Intelligence Report.

This kind of software is also known as “scareware” or “rogue security software.” Cybercriminals use it to scare people into downloading more malicious software onto their computer or pay for a fake product. For more information, see Watch out for fake virus alerts.

Here are examples of the graphics used by cybercriminals trick you into downloading their security software.

The Security Intelligence Report features a video that explains how one popular piece of fake software works and how you can get rid of it. To watch the video, go to How Win32/FakePAV Steals Credit Card Information and How to Remove the Trojan.

To read the full report on Rogue Security Software, see the Malware and Potentially Unwanted Software section of the latest Security Intelligence Report. You can also download the entire report.

 

Computer security tales of woe: What’s yours?

May 19th, 2011 No comments

I recently received two email messages from people who had been the victims of cybercrime. These people weren’t just readers of our blog—they work on our team. That means that they spend almost every day thinking about viruses, online fraud, security updates, and other issues of computer security.

And they still weren’t immune to the threat.

I got permission to share these stories in an effort to prove that cybercriminals are so tricky that they can even fool people who should know better.

The first tale comes from an employee who I’ll call “Christine.” Christine writes:

I was on a news site and got infected with a computer virus. I believe I got some pop-up about an Adobe Acrobat test, and I may have hit “OK” rather than closing the pop-up. Instantly, I started getting all of these dire warning threats that my security had been breached, my computer was infected, and I should download the latest update to “Win 7 Internet Security 2011.”

I’ve actually never had a virus before, but I knew that Microsoft would never abbreviate the word “Windows” to “Win,” and then I spotted a few telltale other signs—a couple misspellings in the messages, and the warnings were so alarmist that I knew they couldn’t be from Microsoft. So I wasn’t dumb enough to click on anything, but it did paralyze my computer for a while, flooding my PC with these messages and blocking my access to the Internet.

From another PC, I found information on this virus and recommendations on how to remove it. I tried to remove it manually and had trouble locating where it was in my files. Then I tried downloading a spyware scanner (which I had to put on a USB drive, and then transfer to my infected PC). After getting it on my PC (I had to rename the .exe file because the virus knew it was spyware removal software and wouldn’t let me run it) and finding the infection, I found out that I needed to buy it before it would fix anything!

Then I remembered Microsoft’s scanner and did the same thing, and it worked! It found the virus and removed it—I guess I had the “Win32/FakeRean” virus that we featured in the newsletter a few months back. It was a fast, easy download, and it found and fixed my system for free.

Now I’ve downloaded every security update I can find, and scanned my system about 5 different times.”

This sounds like rogue security software to us. For more information, see Watch out for fake virus alerts. If you think you might have the same problem, download the Microsoft Safety Scanner.

 

The second story comes from an employee who I’ll call “Megan.” Megan writes:

“Right before I left for vacation I got a message that my email account had been “compromised.” At first I thought that this was a scam, but when I checked my credit card statement, I realized that over $600 of merchandise had been charged to my account. That was because I used the same user name and password information for my email account as I did for other online accounts, including my bank account.  

I was using a strong password. It wasn’t a word from the dictionary and it had a mix of numbers and letters. The problem was that I used this same password since I opened the email account more than four years earlier. And like I said, I was using the same user name and password on many of my online accounts, including my bank account. I immediately changed the password on my email account, on my bank account, and on all other financial accounts. And this time I used different passwords.”

Have you had this problem? Learn how to create strong passwords or test your password’s strength.

Do you have a computer security tale of woe? Share it in our comment section below.

Microsoft releases newest Security Intelligence Report

May 10th, 2011 No comments

The Microsoft Security Intelligence Report (SIR) provides information about current security threats to help protect organizations, software, and people. The report covers exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, Internet services, and three Microsoft Security Centers.

Volume 10 of the report was released today.

The data from the report illustrates a significant increase in social engineering attacks, specifically phishing attempts using social networking as a lure, adware such as pop ups and pop unders, and rogue security software or scareware.

Here is some of the research and analysis included in the report:

Over the next few months we’ll explore different features of the SIR. Check back with us or read the report now.