Posts Tagged ‘malware’

Removing Drive By Malware Infections

Friday, January 22nd, 2010

As well as building websites we are sometimes called on as “someone who knows about computers” to fix problems with PCs.  It isn’t really what we do but we are often able to help out, usually by finding the answer on the internet, the answer is always out there if you know what you are looking for.

Fake Anti-Virus Windows

Recently we have had two cases of PCs (both running Windows XP and Internet Explorer) being infected by “drive by”  malware.   The user is surfing normally and comes across an innocent looking website, then suddenly up pops a virus warning, apparently from their own anti-virus software.  These messages are pretty scary and quite persistent, the correct response is to close the window (by clicking on the cross at the top right rather than by clicking within the window) and leave that website but if you aren’t sure you can easily end up allowing the site to install it’s “anti-virus software” on your computer.

Once the infected website has installed it’s payload (usually what is known as a trojan, from the Trojan Horse) on  your computer you have a big problem, it will pop up “anti-virus” windows all over the place and make web browsing and email impossible.  And, it will usually disable your own anti-virus software and make it very difficult to install any more.


The solution lies with the marvellous people at, they offer a free download which, so far, has solved the problem for me.  The  paid version is well worth looking at too, it isn’t expensive and their work is definitely worth supporting.

Now if you have been very wise you will only have been using a limited account for your browsing rather than an account with administrator privileges; you can just login as an administrator and download the software you need.  Sadly some software doesn’t work that well without administrator privileges and most people set themselves as administrators to avoid hassle.  In this case it is likely that the whole computer is inaccessible and you will need to call on a friend so you can download the necessary software to a USB memory stick.

Removing the fake Anti-Virus Trojan

  1. Visit the website and download their anti-malware product to a memory stick.
  2. Boot the infected computer in safe mode (you can usually get this option by pressing F8 while Windows is starting up).
  3. Insert the memory stick and run the anti-malware installation program
  4. Use the anti-malware program to do a complete scan of the computer.  In safe mode you won’t be able to access the internet to update the malware signatures first but I found that the signatures were only a couple of weeks old anyway.
  5. Hopefully the anti-malware program will find one or more offensive programs, use the program to remove them then reboot your computer, this time normally rather than in safe mode.
  6. Now run the anti-malware program again, update the definitions from the internet and do another full scan.   Malware is a fast moving field and it is quite likely you will find more with a second scan.
  7. Reboot again and all should be well.

How to stop malware infections in the future

Make sure your computer is fully updated with the latest updates to Windows and to your other software packages.    Vendors are pretty quick to release security patches; use them.

Install and use another browser;   our current favourite is Google Chrome, the design of Chrome makes it very difficult for Malware to affect anything outside it’s own browser window.  Microsoft try hard with Internet Explorer but even the latest versions are nothing like Chrome for security and of course they also provide the biggest target for Malware authors.

Installing Chrome for all users on your computer

By default when you install Chrome it will only install it for the current user, this is a nuisance if you want to get the whole family using the safer (and faster) browser.  The answer is to  download Chrome Pack , this offers you a whole raft of goodies from Google some of which you may fancy, but if you only want Google Chrome just untick all the other boxes.