Douglas L Perry, The Author blog

October 29, 2009

Windows Scareware

Filed under: Thoughts — douglaslperry @ 11:03 pm

slicekitnI’ll admit, I’ve been living under a rock when it comes to Windows software for the last few years, a rock of ignorance. That’s because I switched back to an Apple laptop back in 2005, and never looked back. Once in Apple OS, I haven’t had to deal with viruses (of the computer persuasion anyway), I haven’t had to deal with adware, spyware, and the latest thing I just happened to bump into, scareware.

Scareware is downright, well, scary. I remember the bad old days when stupid popups used to appear when I surfed the web, trying to sell me airplane tickets, hotel accomodations, etc. I don’t know anyone whoever actually clicked on one of those and bought something. I also remember the popup loops that you would inadvertently get into from time to time when you navigated to a site that wasn’t too nice. (Not that I ever did, *snirk*) But those weren’t scary, they were just annoying.

There are some sites that download viruses and other infections to your machine, some of which allow remote control of your computer, but most of those seem rather innocuous when it happens, and it’s only later that you realize after your computer is running slow, that you’ve been infected. It’s sucks when it happens and for most people it’s either new computer time, or maybe a trip to Geeksquad.

Scareware on the other hand, tries to extort money from you, through scare tactics. What happens is that you inadvertently download a small program onto your computer that takes over the machine. It automatically starts when your computer starts up, and hides itself from your view. You cannot edit the startup area to stop it, it’s hidden. You cannot simply delete the directory where the software lives, they intercept the action and tell you that you need “permission” to do that. Instead it presents you with a very scary looking report when it starts that tells you your disk is full of nasty viruses. You must go through the process of paying them money if you want the viruses to be removed.

If you make that window go away, a short time later, another popup comes up and warns you that “bad things” are happening to your computer. At one point it even displayed an image that looked like the computer had gone into the “blue screen of death”. Nice, to most neophyte users, that’s darn scary looking. It looks like your computer has been completely compromised, and might not even boot.

The scareware that I ran into, on a friend’s computer, was called Cyber Security. That’s really a laughable name, because it does anything but provide online security. What it does is effectively hold your computer hostage.

It would be as if you had all your family photos, music, and documents in front of you on a desk, and these jerks are standing on the other side with a flamethrower ready to burn it to ashes unless you give them money, right now. It’s really a despicable way to do business.

I searched on the web to see if there was an easy way to remove it. Turns out there are lots of other vendors that will sell you a tool to remove it, but they want your money as well. So let me get this straight… I can either pay the assholes that put it on my computer and hope it goes away, or I can pay someone else and hope that they don’t put something just as bad or worse on my computer. Hmmmm… maybe they are the ones that came up with this crappy stuff in the first place. Sort of like a tire repairman dropping nails on the road in front of his shop.

I suspect that there are some software vendors the are trustworthy, but which ones? How do I know that I can trust them?

Given that my friend wasn’t exactly rolling in dough, I decided to see if I could take out this piece of crap software in a brute force manner. If you search for Cyber Security on the web you will find a couple of websites that have instructions for removing it from Windows XP, but my friend’s computer is the fabulous(sic) Windows Vista, so the instructions don’t match. However there was enough information to allow me to get rid of it.

What I did, was bring up the Windows Task Manager, by hitting ctrl-alt-del, and kill the cs.exe process. Once that was dead, I deleted the CS directory under C:\Program Files\CS. That is the directory that contains the offending software.

I restarted the computer and voila, it was gone.

I did a full rescan of his computer using Macafee, Norton, and every other virus scanner I could find, and everything seemed normal. I gave him back his computer and warned him not to run anything unless he knows exactly what it is, and not to open any attachments unless he knows exactly who sent it, and why.

I hope he’s learned his lesson, and me, I’m going back to my Mac. I know that someday soon when the Mac platform is popular enough I will probably have to deal with similar things on it as well, but for now, I happy to be in my little walled castle, lobbing taunts at all my Windows friends.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: