In the course of browsing the internet, you will eventually come across a website that has been infected by some sort of malicious code – trojan viruses, malware, adware, or fake antivirus programs. Collectively, we’ll call these pesky little programs badware. Most modern web browsers have the ability to detect or prevent you from getting infected with badware. Spotting badware before it gets on your computer can be tough, but you need to be aware and practice safe web browsing.
An Innocent Looking Link
This morning, I was searching Google for some information on the typical dimensions for an elevator. So, as most of you do, I loaded up Firefox, typed my search terms into Google and was presented with a long series of links on the subject. I clicked on the first link presented on the search engine results page and then it happened – I was redirected to a badware site. Obviously the website I was trying to access had been compromised and was serving up some bad stuff. The webpage proceeded to load several thing in my web browser and finally came up with something that looked like this:
At first glance, you might think that this is a standard Windows XP window that is relaying some very important information about your computer. It appears to go through a super-fast scan of your hard drive and then comes up with a results list of infections that includes Banker.MGB, Trojan.DownLoad.37236, Win32.HLLM.Netsky.35328, Trojan.GootKit, and Nuwar.GDM. Those all sound and look pretty scare when you see that they have high or even critical threat levels.
But there are several problems with this window and I was able to spot the badware rather easily:
- The image shown is for Windows XP – I’m running Windows 7.
- I have six drives connected to my PC – this scan only shows one.
- I never requested a scan – the browser was redirected.
Just these few things should be enough to set off the warning bells in your head. Badware is tricky and they will do anything to get you to download their software.
Don’t Load the Badware!
The fact is that the results shown on the screen are there to scare you. I cannot stress this next statement enough:
Whatever you do, don’t load the badware!
Most badware gets onto a computer through a user-initiated response. That means that the user actually allows the badware to get onto their computer system, usually by downloading the badware or clicking a button that they shouldn’t. Many websites infected with badware trick the user into downloading the software and once you get it on your computer, its usually very difficult to get rid of it.
When you try to navigate away from the badware website, you may see boxes like those shown below. Whatever you do, don’t click on the “Save File” or “OK” buttons. I don’t even trust the “Cancel” button, so I always click the X in the upper right corner just to be sure. In the first box, the infected website is trying to download something called packupdate107_2124.exe. While that may sound official, it most certainly is not.
Escaping the Badware
If you have been redirected to a website infected with badware, there are several things that you can do to prevent the badware from installing on your computer. Most of the time, the infected website will try to “lock” you in with an impossible loop of clicks that won’t allow you to leave. Short of simply unplugging the computer from the wall, there are some steps you can take to break the loop and keep the badware from downloading onto your computer:
- In Firefox, go to the File menu and click “Work Offline.” This will prevent Firefox from reloading the websites you currently have open, including the badware site.
- We need to forcibly quite Firefox, so press CTRL+ALT+DELETE on your keyboard to bring up the task manager.
- Find the instance of Firefox running in the list, click on it once to highlight it.
- Click the “End Task” button and a confirmation window will appear.
- Click the “End Now” button and Firefox will be shut down.
Once you’ve shut down Firefox, you have effectively prevented the badware from downloading. Now you have to prevent Firefox from reloading the same window and taking you back to the website where the badware is located. When you restart Firefox, the “Well, this is embarrassing” screen will appear with a list of tabs you had open at the time Firefox was shut down. You have two choices: you can either unselect the badware site or you start a new session and remove it from the restart list or you can start a new browsing session. I prefer to start a new session, so I recommend that you click the “Start New Session” button.
Removing Badware
If you made a mistake and you actually downloaded the badware thinking that you had a virus when you really didn’t, then you may have a bigger problem. If you have antivirus software on your computer, hopefully it will catch it. If it doesn’t then there are several programs available to help you get rid of the badware. I recommend the following programs to help prevent badware and remove it from your computer:
If none of these programs work to get rid of the badware, then I recommend that you consult your local computer expert and they will be able to assist you.
Thank you – very helpful – and reassuring – though I wish I had found your site before I did the wrong thing – but at least I know my computer is not about to crash!
Hi,
Thank you! I got the same badware just happend to you! arrgh.. thanks again for the advise! it's good to find your article..
Thank you so much for your advice! It has just happened to me and I, unfortunately, loaded this file. I deleted it. Hopefully, it worked propperly. Thanks again!
I would suggest running a few anti-virus and anit-malware programs. I have several listed in the downloads section on my PC repair website – http://www.argospc.com/downloads/
Thank you very much for the useful tips. I did download the file but didn´t open it. It was early morning and not really thinking, looked for pic. of tatoos on google and got redirected to a site with this in it. Thank you, thank you.
I was actually looking up information about elevators… I most definitely wasn't expecting to run into a compromised website.
Thank you very much!
It happened during a google search. First I was shocked, but this recommended download from an unknown source… I was wary and googled the filename, fortunately!
When there were just english results, I doubted I would understand everything completely. But your instructions are very plain and I had not the slightest problems to follow.
Nice article. I wrote a similar one months ago. It is truly amazing the lengths the bad guys go to tricking people. I have even seen one with very fine grey print under the fake scan that stated this is a simulation. But how many people will see that. I'm glad to see articles like yours with such great screen shots to help educate folks. Keep it up and may many safe browsing days lie ahead.
Thanks! I'm always amazed at how times have changed. I can remember back in the late 90's when I got my first virus – the Happy99 virus. I was so excited because I never had a virus before. Now there are viruses around every corner… it just takes away the excitement – haha!
I downloaded the packupfile, but luckily I did not open it. And then I looked in Google, and found your info. So now I have deleted the file. Thank you very much for the information.
You're welcome!
I found it interesting that this virus has so many versions! I ran into another website tonight with the same scenario, but it tried to download packupdate107_2196.exe. No worries though, I just followed the steps above and kept my computer free from viruses!
thanks!!!!!!!!!!!!!!!!!!!!!! i got scared really.. but i just followed the steps you suggested.
)
Good to hear, Cherryl!
I got hit with that today it tried to save to my computer I canceled it and kept hitting the cancel and X burron and I finally got it closed withoutsaving or running anything so my computer should be unaffected it I got out of there
You were lucky! Once this "class" of virus gets on your computer, it can be tough to remove. Since late this past summer, this has been the #1 computer problem I have had to fix.
What exactly do the viruses do? if they got on there and how would you tell you are infected?
The viruses or "fake antivirus programs" like this are usually designed to be a complete annoyance to the user…. usually resulting in a computer that cannot be used at all until the user pays a fee. Which by the way, is a bad idea. Think about it, do you think it's a good idea to willingly give your credit card information the person who created the virus?
If you've been infected by a virus like this one, you will probably have no problem noticing. Typically, when the computer first boots up, it stops off with a fake virus scan that tells you that you have a massive infection, showing multiple viruses that are affecting your system. Then it asks you to pay for the product (which you should NOT do). Finally, most of these badware programs will lock you out of your basic computer functions – making it impossible to use the computer.
Thanks that hasn''t happened I was just curious what it did if it happened
thank you for creating this site. today it popped up and I almst loaded it but first I searched the viruses. lucky for me your website was listed in a google search for the virus Nuwar.GDM. your site savd our families computer. thanks again bob
also I'm 11
how do you create a website? cuz I want to make one to warn people about this fake seurity analysis to
I think that might be a little bit beyond the scope of this article. http://build-website.com/guide/index.html
I knew there was something wrong as soon as the warning message came up, it was just too quick to detect so many critical threats so I trusted my instincts and did some research, thats when I found this page…Thank you so much for posting this information. My computer is safe thanks to this.
You're welcome, Caroline. Safe browsing!
Thanks for this article. Like Caroline, I trusted my instint – not letting it to do anything, just X and close all the pop up windows.
Still got concerned though – so started to search around, and here I am….
Thanks again.
No problem! This article has proven to be one of the most popular on my blog.
To Bob or anyone who can help,
This just happened to me. I clicked "cancel" a few times when the red x wasn't closing it down fast enough. Is it too late? Do I have any trojans at all even though I didnt save the file? Is that list of trojans just a bluff to get me to download the .exe file, or did I still get those viruses in the list? I'm basically asking if I should be concerned? My McAfee antivirus didn't turn up anything.
Thank you for a response.
You're probably OK, but I would still run Malwarebytes just to make sure.
It just happened to me too i clicked on the x in the download box then turned my computer off is this ok now or do i have to do more please help i have never had a problem like this
I was on King.com and it said it was temporarily disabled for updating. It also listed different games you could play. I played one of the games and when I exited out, I got the pop up that my computer was infected with a whole bunch of viruses. I got suspicious and checked the filename and ran across this site. I was able to close out after hitting the X button twice. Then I ran my virus protection and I was fine. Thanks for the warning!
Thanks so much for an excellent and helpful post.
You should be OK… but I would suggest downloading some other tools like Spybot Search & Destroy and Malwarebytes from the download section on ArgosPC.com: http://www.argospc.com/downloads/
I was amazed yesterday after I setup my brother's brand new computer. He's no computer genius like I am, but the first link he clicked in Google search took him directly to a website that had been compromised with this virus! I was shocked, but glad that I was standing behind him because I was able to stop him immediately and show him how to prevent this virus from getting on his computer. Again, I was absolutely amazed that he came across this virus on his very first search on a new computer… what are there chances of that?
I just got my computer back from my daughter and am having this same issue. I don't know how long this has been going on but am afraid I can't fix it myself. I have Spybot, CCleaner and Malwarebytes already installed but can not run any of them. I get a msg saying the file is infected by W32/Blaster.worm. There is also a box on the desktop when I start the computer ~ FIREWALL WARNING Hidden file transfer to remote host has been detected it requests blocking the transfer with options to block attack or allow. It shows a Remote host transfer ID, remote user computer name, user name and IP address. Any suggestions would be greatly appreciated.
I really like your wordpress theme, wherever do you obtain it through?
very nice blog, good article and i like this blog because this template is beautyfull
Gotta be careful because there's a lot of bad stuff out there. Don't install anything from sites you don't know and trust or you risk infection.
Valuable information. Fortunate me I discovered your site unintentionally, and I’m stunned why this coincidence did not took place earlier! I bookmarked it.
fabuleusa arecha mi promos te tincluro eisormibo brastar. alhei te bamoglos dento nos tamos o istira ententro rionipara bien.