So you’re surfing your favorite websites and all of a sudden your computer seems to halt unexpectedly. You may recycle the power expecting your normally peppy machine to come back to life. Rather than the normal desktop, you’re faced with an official looking notice from the FBI requesting you pay a $200.00 fine for viewing bad websites.
This is the typical story we hear from customers as they prep us for what to expect on their computer. The FBI virus is possibly one of the worst in recent history and poses a threat of siphoning personal data from your computer. The good news is the virus is not associated with the FBI and can be removed with little to no data loss.
When we first spotted this virus at our stores we had to read the notification a couple times to understand the virus is not associated with the FBI in any way. One of the dead giveaways was the request of the “fine” payable via PayPal. Newer versions of the virus request payment with a GreenDot prepaid credit card. Another dead giveaway were several grammatical mistakes.
According to the FBI, this is a drive-by virus and attaches itself to computers through infected websites. Users have no way of knowing if the websites they visit have been infected until the infection occurs. The FBI advises not paying any money to the virus creators and removing the virus as soon as possible. Again, this virus is not associated with the FBI in any way.
What makes this virus kind of neat and the reason I chose to write about it this week is the technique it uses to infiltrate computers. This is classified as the Reveton virus and doesn’t need to accompany files; rather, it spreads through infected websites. At the same time Reveton is installed, another program called Citadel is also installed which delivers malware to the infected computer.
Unfortunately removing this virus is not an easy task; however, it can be done and most of the time without risk of losing data. Occasionally the FBI virus will temporarily hide files and make it appear they have been deleted from the system. One of the primary reasons it hides data is to promote payment of the “fine.” Unless you have a good understanding of the Windows registry it’s not a good idea to attempt to remove this virus on your own.
We have seen this virus penetrate computers with all brands of virus software. This virus is able to pass through Norton/Symantec, McAfee, Kaspersky and AVG. In the past it was uncommon to see computers with one virus software or another become infected because the antivirus manufacturers modified their software to prevent specific risks. Reveton is a unique and very difficult piece of rogue software to detect.
Preventing this virus from attaching itself to your computer is next to impossible. There are some general measures you can take to help prevent it from attacking your computer. First, you should have good up-to-date virus software installed. Second, a basic firewall should be running and kept current. Finally, stay away from websites you’re unsure about or have never visited. If you receive an e-mail asking you to visit a site, question the sender or simply don’t go.
It’s a good idea to keep several malware removal utilities loaded on your machine as well as virus software. Two very good (and free) titles are Malwarebytes and SUPERAntiSpyware. We use both utilities at the store as final sweeps prior to returning the machine to the customer. Sometimes these utilities are able to remove the threat by running the computer in safe mode.
(Jeromy Patriquin is the President of Laptop & Computer Repair, Inc. located at 509 Main St. in Gardner. You can call him directly at (978) 919-8059) or visit www.LocalComputerWiz.com.