Wednesday, December 14, 2011

Win 7 antivirus 2012 removal (EASY)

Win 7 anti-virus is one of those malware things that pretends to be your anti-virus package going off. Most of you, if infected, will immediately realize this, because you know the name of  your own anti-virus software package. If you don't, you should. But even knowing it, the thing has taken over your computer, and it's asking for credit card numbers to get rid of it.

It goes off within minutes of infection, popping up all kinds of warnings, many of which are in poor English ("you want remove this threat?"), which would be bad enough, but the worst thing is that it holds your computer hostage by blocking every application  you try to launch, telling  you that it's infected with something or other, and you can get your computer back by clicking here or here. Don't bother clicking on the buttons, they just take you to a worse place: a convenient input box for your credit card number. The windows that pop up are disguised to look like something from your control panel, but they are not. The X in the upper right corner does close some of the windows, but they pop right back in a minute or so.

You get this virus (which renames itself to match your operating system) by visiting a website infected with their bad javascript in the html, and then works by making a lot of bad entries to your registry. The code can be inserted without the webmaster's permission by a clever hacker if security isn't tight enough at the hosting company, or if the webmaster manages to inadvertently let the code get installed. Security isn't for sissies anymore. But it is often deliberately added to porn sites. Yeah, those nekkid girls aren't so pretty anymore, are they? Bunch of skanks, anyway.

So you go to your other, non-infected computer, and desperately try to find out how to get rid of this thing by Googling the name of the virus. (That's probably how you found this blog - welcome, by the way). You  find all kinds of solutions claimed, most of which tell you to buy this or that removal tool for $24.95. Some will give you a long list of registry entries to remove manually, and other files to look for and remove. You go through all that, you reboot your computer and .... it simply reinstalls itself. Crap! All that work for nothing!

Don't panic. And don't send anybody any money.

The solution is actually simple. Go back to a restore point before you got infected.

That's it. No searching for files, no downloading a $24.95 program, no running a deep scan for over an hour with a removal tool only to find it didn't work.

Restart your computer and tap repeatedly on the F8 key before Windows starts to load. Select the Repair option. Repair it by going to a prior restore point, one before the infection. Be patient, the process takes a while. When you reboot, your virus is gone.

Use the computer for an hour or so, normally,  just to make sure in your own heart of hearts, that it's really and truly gone. Tomorrow, after you are happy with the way it all works, make a  new restore point.


If you don't have any prior restore points? You're screwed. Just reinstall the OS and start replacing the data files from your backups.When you're done, tell the system to do restore points once a month or so. Go to Start, enter "restore point" in the search box, and follow the instructions from there.

You don't have your stuff backed up? Are you kidding me??

Then you have just learned a very valuable, but expensive, lesson. Make regular backups.

Now, to prevent getting such a virus, start using Firefox, and immediately use the add-on "No-Script" - it will block javascript from executing unless you approve the website specifically the first time you visit it. If you don't trust the website, and you can't see what's there without allowing javascript... then their content isn't really all that important, is it?

Don't visit porn sites. Those will usually have bad code. It's put in the site on purpose.That's why they set up the porn site - to infect your computer and maybe fool you into giving them a credit card number to buy phony malware removal tools. If you click on a link from a trusted site to an unknown one, even if it isn't porn, and you don't see what you expected, don't approve javascript for the untrusted site. In fact, it's best if you don't approve javascript for any site that you only visited because of curiosity. Curiosity killed the computer. If you can't stand it, wait a day or so and ask the person who sent you if they got a virus from it.

The really popular sites are usually OK. Facebook, Myspace, YouTube. But be careful about links to external sites. That's where they'll get you.

(Thanks go out to my best buddy Dave, who shares all kinds of cool computer knowledge with me, specifically how to play with restore points, and who has never been wrong about this sort of thing. Thanks, Dave).



 
Site Meter