Data recovery after scareware…

Although we have discussed lots of different malicious viruses in this blog, we have never talked about ‘Scareware’. After Trojans and Botnets, Scareware is the most irritating infection a computer user can receive. What is it and are there any data recovery implications if I become infected?

Scareware basically scares the user into taking action. Unlike ‘Ransomware’ which encrypts the data and demands payment, Scareware is often not this intelligent. It simply relies on a warning pop up, which informs the user the computer is infected and attempts to sell you a program to disinfect your device. This is very annoying and pops up all over the place, but otherwise the user’s data seems unaffected.

Click on the warning pop up and whilst this may disappear, your computer becomes a ‘zombie’ machine in the author’s botnet army – ready to be unleashed at whim. Ignore the pop up and your computer is becomes so annoying it is almost unusable. So what can be done if I’m infected?

It will certainly be difficult to remove the offending program. These are well cloaked and even if you find what you think is the culprit, you are unlikely to be successful! Scammers protect their infections so well, they even create fake Task Managers and sacrificial infections to put the user off the scent.

Firstly check reputable websites and forums. Do your research and find out exactly what has infected you. If you are likely you may find the solution.

If you are unable to access the Internet, check the Proxy settings on the web browser. Go to internet explorer > tools > internet options > connections > lan settings and ensure that there is no tick in the auto config script or use a proxy server for your lan. The only tick should be in the top box (auto detect settings) After this, you must stop the virus from running in the current Windows session. A useful program that is very good at doing this is RKill.

Try scanning your machine with a both anti-virus and anti-malware programs. Malwarebytes is very good and it’s free to download. It is worth trying a number of suites. However, you may need to boot in safe mode if you cannot stop the virus in normal mode.

If all this fails, chances are your machine may require a reformat. Before reformatting, make sure you have a full backup to avoid any data recovery issues!