ItsGeekToMe.co
The official home of It's Geek to Me on the web!
Issue #463: June 5–11, 2016
Q: HELP – this morning while I was on Facebook, I got a pop up window with a female voice saying that the Zeus virus was detected, and that I should not restart my computer. It told me to call Microsoft Technical Support, and gave me a phone number and said to give the code B2957E to the agent. It also said that a suspicious connection was trying to access my logins, bank details, and tracking my Internet activity. There was more, but you get the idea.
I did not click OK. I did not call the number. I DID turn off my computer and unplugged it, and then restarted it. THEN I went to my iPad & reset my Facebook password and told Facebook security to log out my account wherever else it was open. I then crossed my fingers and turned my PC back on. As soon as I clicked the “e” internet button, the window was still there with lady talking. How can I get this cleared up?
– Jackie C.
Niceville, Florida
A: Wow, Jackie, you certainly have gotten yourself into a pickle. Let’s clear up a few things right off. First of all, I want to congratulate you on your level-headed response to the situation. Although it seems you were somewhat duped by these terror-inducing pronouncements, your initial actions were very much what I would have advised. You didn’t call that number, and you immediately took your system down. Changing your passwords was an excellent idea. The only thing I would have suggested adding to your well-thought-out response would be to unplug from the Internet before powering it back on, but that probably didn’t make any difference. Second, I want you to know that it is extremely unlikely that you have the Zeus virus on your PC. Zeus does not act like this at all, and is, in fact, very difficult to detect.
What your PC does have is a form of malware called panicware, which, as the name implies, attempts to induce you to panic over the perceived compromise of your personal information and/or loss of your files. The hope of the malware’s author is that, in your desperation, you’ll call that number, and blindly follow the instructions of the “agent” on the other end of the phone. These instructions would probably include giving them full access to your PC, which really would compromise your data. In other cases, the apparently helpful person on the other end of the phone might hum and haw sympathetically as they pretend to look over the problem, then after much tsking and telling you how lucky you are that you called when you did, announce that they can clean all the malware off – for a price. In other words, you survived an attempted scamming by a cyber-theft ring. The places that perpetrate this fraud are large and well organized. They have to be, since pulling-off something like this requires a phone bank with multiple operators to take the calls and give out the bogus advice.
But, knowing all that doesn’t really solve your problem. After all, your PC is still infected. Fortunately, this is not particularly sophisticated malware, and it can usually be removed with common tools. There are detailed how-to instructions located all over the web, but they are way bigger and far more comprehensive than I could possibly fit in my column. So, instead of trying to publish the instructions, I will point you in a direction to start. Try visiting tinyurl.com/IGTM-0463 and follow all the steps. Contrary to the thinking of many Mac users, their computers are not impervious to malware, and this site also has instructions to heal Macs.
Leave a Reply
You must be logged in to post a comment.