Ask the Experts: Help! My PC is infected! How do I remove a virus?

Mike wrote in today asking a question on a lot of people's minds:
I was surfing the web, I use Firefox, when suddenly my antivirus software started going totally nuts.

"I got a warning that it had blocked something from infecting my system, and I thought everything was fine, but a few second later, my system ground to a halt and my desktop disappeared.

"A few seconds after that, the desktop reappeared and everything seemed to be back to normal.

"Yeah right.

"Right after that I got a pop-up from something that looked like antivirus software, but I knew it wasn't saying my PC was infected.

"The thing is, I know what my antivirus software looks like, and this thing doesn't look anything like it.

"The d##### thing has taken over my system, and they claim unless I pay for a registered version of their so-called "software", it appears I'm screwed.

"What a bunch of a#######.

"So, I've tried doing a manual scan with my current antivirus. It says everything is fine. It's not. The definitions were just updated right before it happened, so I thought everything would be fine.

"I called the company looking for help, and they want to charge me to get rid of the thing. Didn't I already pay for antivirus protection?"

"I don't know who I'm more pissed off at. The jerks who wrote this thing or the antivirus company for trying to stick it to me."

"Now, I'm out looking for an answer, and I came across your site.

"Any tips or ideas on how I can get rid of this thing?

I shot a reply back to Mike immediately with this answer,

Hi Mike,

Sorry to hear about your virus fiasco. What a pain.

Especially since you thought you were covered. Good news and bad news.

First the bad news: as you've found out, not all antivirus software is created equal.

And unfortunately even the best software sometimes has something slip through. It's cat-and-mouse between the good guys and the bad guys every day, and the things like you got are what most of the companies consider their biggest challenge: preventing rogue / fake antivirus software.

Now for the good news: there are a couple of great free rescue tools out there that are ideal for a situation like the one you have on your hands.

The three I like the most are the ones from VIPRE, BitDefender, and Kaspersky.

Here are links for their free rescue CDs:
Effective Rescue CDs for Virus Removal
Info Page Download Page
VIPRE Rescue CD Information Download VIPRE Rescue CD (.exe)
BitDefender Rescue CD Information Download BitDefender Rescue CD (.iso)1
Kaspersky Rescue CD Information Download Kaspersky Rescue CD (.iso)

To use any of them, you need access to another clean PC with a CD-ROM burner or the ability to boot from a USB thumbdrive.

I'll skip the steps to make a CD or USB version since it's a little different for each, and it's covered in detail at their respective sites linked above.

They're all pretty easy to use, but since each of them work a little differently, you'll want to read up a bit on the one you're going to use before you get started.

Any of these rescue CDs should be able to easily detect and remove the virus. If not, write us back, and we'll go into the next steps. Either way, let me know how it goes. Good luck with it.

1The BitDefender Rescue CD file is called "bitdefender-rescue-cd.iso." I didn't link to it directly so if other options appear on their site, you can see what they are.


Ask the Experts: What's the difference between the VIPRE you review and the one on TV?

Got a call today from Steve who asked,
There's an offer for VIPRE antivirus I've been seeing on TV lately for a hundred bucks. It's for a "lifetime" license for 10 PCs. Is this the same thing that you reviewed on your site?
Here are my answers and the rest of our call... (His questions are in italics. My answers are indented.)

Yep. It's functionally the same thing.
I don't have 10 computers, I have 2. They're pretty new, so I'm planning to have them for a while, but I'll be honest, I'm asking myself what's the catch?
No catch. It's great software. It's the same software we review on our site. It's just the pricing and licensing that may not be be right for everyone.

The software on TV comes on a USB thumbdrive. You use it to install the software onto your system.

You buy it. You wait. It gets delivered.

You install it. You sock the USB drive away someplace safe. You're done.

That's about it, 'til you need to re-install it or put it onto another PC in your house. Better hope you've still got the USB key!
OK, that much makes sense.

How 'bout me though, since I've only got the two computers? Can I get it for less?
With the TV deal, no, through our site, yes.

With our site you're actually buying it straight from the manufacturer, GFI, so you only pay for the licenses you need. It's not a pre-packaged "made for TV" type deal.
I get it. I see on the order page there are three options, 1 PC, 2 PCs, or 3-10. I need the 2 PC option.
Exactly. With our coupons, it'll cost you less than what you'd pay for the TV deal, and you can also upgrade to VIPRE Internet Security, which you can't do with the TV deal?
I was just about to ask you about that. What's this VIPRE Internet Security I'm reading about on the site? What's that have in it?
It's exactly the same software as VIPRE Antivirus and the same thing that's on TV, but with a couple of important extra features. They're worth the price of admission.

The two biggies: a built-in software firewall and web browser filter. If you're not familiar with a firewall, it forms a virtual "moat" around your PC; the web browser filter stops you from accessing malicious web sites. It's pretty cool to see it work.
So if the version on TV comes on a USB thumbdrive, how does this version come?
It's downloaded. About 30 seconds after you order online, you'll get an email from GFI with a link and your license key.

You install it right from the link they send. From the time you order 'til the time you're installing software is less than five minutes.

If you want, you can get a CD shipped to you for about $9.
OK, so tell me about this lifetime license thing. How does that work?
It's great for people with newer PCs.

If you're going to have your computers for more than a couple of years, the Lifetime License is a good option. You buy the software once. As long as you own those PCs, you'll have antivirus software for it.

That's it.
What if I get another computer? Can I transfer it?
Nope. No transfers.

GFI is reasonable about hardware failures and whatnot. Have a disk crash or something like that, that's fine. You can move it onto the new disk. You just can't move it onto a whole new computer. I'm sure there are exceptions to this, but generally not.
OK. Wow. Thanks. You've been great. I'm looking at the two PC lifetime license of VIPRE Internet Security. I really appreciate you taking the time.
My pleasure. Drop us a note or give us a call back if you have other questions we can help with.


Antivirus Software: What's Real? What's Fake?

One of the growing concerns for many security and antivirus professionals is the dramatic growth of fake antivirus software.

The idea behind fake A/V software is to trick unsuspecting consumers into downloading and installing their fake software in an effort to get trojans, viruses, spyware, and other malware installed onto PCs in the process.

There's nothing real about the fake software, except the threat it poses.

The process works like this:

  1. Trick consumer with a real looking, real sounding ad on an (often unsuspecting) legitimate website
  2. Get consumer to install the phony (but very real looking) antivirus application
  3. Stuff any number of trojans, keyloggers, spyware, and other evil applications into the fake antivirus program
  4. Use the newly infected computer to do their bidding, including (among other things):
    1. identity theft
    2. credit card fraud
    3. bank theft
    4. infecting other computers
    5. spamming

Solution to the Fake Antivirus Software Problem

Word is filtering out today about a way to tell fake antivirus software from legitimate ones.

A new site from security and SSL vendor Comodo of a project they're backing called, "Common Computing Security Standards Forum," aims to help consumers figure out what's real and what's not.

In their list of all known legitimate antivirus software vendors, they hope to help put an end to the dummy antivirus programs out there and to help consumers stay clear of the crap.

In addition to thanking them for their efforts, here is a complete list of current antivirus vendors known to Comodo to be the real deal:

Legitimate Antivirus Software Vendors
  • AhnLab
  • Aladdin
  • Antiy
  • Authentium
  • AVG Technologies
  • Avira GmBH
  • BitDefender (BitDefender Antivirus & Internet Security)
  • BullGuard
  • CA Inc (CA Anti-Virus)
  • Checkpoint
  • Cisco
  • ClamAV
  • Comodo
  • CSIS Security Group
  • Drive Sentry
  • Dr.Web
  • Emsi software
  • ESET
  • F-Secure
  • Fortinet
  • Frisk Software
  • G Data Software
  • GFI/Sunbelt Software (VIPRE Antivirus & Internet Security)
  • Ikarus Software
  • Intego
  • iolo
  • IObit.com
  • Kaspersky Lab (Kaspersky Anti-Virus & Internet Security)
  • Kingsoft
  • Malwarebytes
  • McAfee McAfee VirusScan Plus & Internet Security)
  • Norman
  • Panda (Panda Antivirus Pro & Internet Security)
  • PC Tools
  • Prevx
  • Rising
  • Sophos
  • SuperAntispyware
  • Symantec (Norton AntiVirus & Internet Security)
  • Trend Micro (Trend Micro AntiVirus & Internet Security)

  • You'll note, every one of the programs (reviews linked above) are included in our antivirus reviews since day one of our site are included on the list.

    If you know of other legitimate A/V software not on the list, please contact us so that we can share your insight with the folks at Comodo.


    Sunbelt Software Joins Fight Against Malware

    We came across some great news today on darkREADING.com: Sunbelt Software, makers of VIPRE, our top-rated best antivirus program for 2012, is joining Trend Micro and others in contributing data to StopBadware.org. 

    StopBadware, which has its home at Harvard University's Berkman Center for Internet & Society, is described in the article on darkREADING's efforts to fight malware as a,

    "collaborative initiative to combat viruses, spyware, and other bad software...."

    The process StopBadware uses is perhaps the largest of its kind. The idea behind it is simple:

    "...[collect] the URLs of these badware websites, whether malicious or compromised, from its data partners.

    "It uses the information to support and encourage site owners and web hosting companies in cleaning up and protecting their sites.

    "The initiative also conducts analysis of infection trends, offers independent reviews of its partners' findings, and operates a community website, BadwareBusters.org, that provides help to people who have been victims-or wish to avoid becoming victims-of badware."

    Obviously, we're happy to see any collaborative effort to thwart and stop any viruses or other malware, but this one garners special attention for several reasons, including who's involved:

  • Trend Micro (maker's of Trend Micro AntiVirus)
  • GFI/Sunbelt Software (makers's of VIPRE antivirus)
  • Harvard's Berkman Center
  • Paypal
  • Mozilla (maker's of Firefox and Thunderbird)
  • AOL
  • ...and last and not least:
  • Google

  • As for Sunbelt's role in the project, they will be contributing,

    "...research data via ThreatTrackT, a comprehensive array of malicious url and malware data feeds.

    "The data in these feeds is derived from multiple sources including: research from Sunbelt Labs; ThreatNetT, Sunbelt's VIPRE user community that anonymously sends information on potential threats to Sunbelt Labs"

    What this means to users like you and me is that by sending malware and viruses that your Trend Micro AntiVirus and Sunbelt VIPRE catch to the respective companies, you're helping the project to ensure someone else doesn't get nailed with that same--or a similar--virus.

    In turn this means that when many people across the globe are sending in their samples to the project, too, they're helping you.


    This Year's Resolution: Get Antivirus Software

    A good reminder came by way of a Montreal Gazette article on antivirus software, one of the fine newspapers published by our Neighbors to the North: "Okay, okay, this year, I’ll get anti-virus software.' Say it and mean it."

    Marc Saltzman, who penned the piece, brings up a great point: since buying a new PC (given the state of the economy for many people) is perhaps not a priority, protecting the one you have should be.

    He talks about five of the six things we urge everyone to do. Here's our list (in order):

    1. Run antivirus software
    2. Run antispyware
    3. Keep your OS and the software you run updated
    4. Perform backups
    5. Defragment your hard drive

    The only thing missing:

    Run firewall software.

    The default one built into Windows doesn't count. It stinks. In overall importance, we'd put firewall software at the top of the list tied for first for number 1 with antivirus software.

    While you're running through this checklist yourself, take a look at our new antivirus reviews for 2012. You'll see the "best antivirus software" on our list for 2012, and it has built-in antispyware and offers an optional firewall software, too, in the VIPRE Internet security version.

    With our coupons you can have a complete PC security solution and be out the door for under $30, and you'll be three steps closer to keeping the bad guys out and protecting your computer.

    Bear this in mind, too, the most important thing on your computer probably isn't the computer itself. It's the data.

    And even if by some strange chance you put zero value on the data on your computer, there's still the cost--both in time spent and actual cash spent--to get your computer fixed if it gets infected.