6-15-10 UPDATE: Microsoft Security Essentials is our current AV of choice for catching this - See Step 6 below.
About every six months a really bad virus comes down the pike that gets around the best Anti-Virus protection. The latest one of this ilk is the Anti-Virus Pop Up Virus.
Pop-ups with bogus "You May Be Infected" warnings are not new, but the ability for the bad-ware to get around browser and anti-virus security features IS new. This virus comes from infected websites. We've encountered it twice ourselves (once on an IT techie site, ironically).
When you hit an infected site, you will get a pop-up that says something like "you are infected, click here to scan."
Some of the variations of this are made to look like a Windows Security feature, so even if you think it's legit, assume it's not. Some variations also open a new browser window with a "My computer" box and makes you think it is scanning your system.
The key to killing this virus is immediate action as soon as you see the box pop-up. Here are the steps:
Step 1: DO NOT CLICK ON ANYTHING - especially not on the box! Push the off button or unplug your computer IMMEDIATELY. Get your computer turned off ASAP.
Step 2: Let it stay off for at least 5 minutes to make sure your RAM clears.
Step 3: when you turn your computer back on, start tapping the F8 key until you get the OS Choices menu. The OS Choices menu will be plain white text on a black background (like an old DOS screen for the really ancient of you out there.)
Step 4: Choose the "Safe Mode" option.
Step 5: You will see a black screen with lots of white text scrolling through - don't worry about that. That's DOS stuff again. Eventually you will get your Windows log-in screen, or Windows will come up if you don't have a login. It will look different in Safe Mode.
Step 6: Safe Mode lets you run most of your critical programs. Run CCleaner, then MalwayreBytes, then your Anti-virus program.
(Don't have these? Get them now! Click here for links.)
Step 7: Open your browser (it will not connect to the internet) and set your security settings on HIGH.
Step 8: Restart your computer normally... and see what happens!
If you cleaned it off before it could get into your system, your computer will run as it usually does. If you didn't get it cleaned, it will pop the "warning box" back up without you even being on the internet.
