Step 7: Practice Safe Browsing

Rogue antivirus and scareware typically requires user interaction to get a toe hold on victims’ computers. Users can protect themselves by steering clear of suspicious or merely opaque links (such as the shortened links common on Twitter and other social media platforms). Beware of pop-up ads warning of infections or offering free virus or hard drive scans – these are commonly associated with scareware. If such a message appears, close the pop up window, but do not click within the pop-up ad, and you’ll be less likely to suffer a scareware attack!

Step 6: Update and Patch

With your machine disinfected, take a few moments to update your operating system software and any third party applications to their latest (and most secure) version. Rogue antivirus and scareware programs are usually delivered as drive by downloads spawned by malicious Web sites. These leverage holes in Windows, common Web browsers or browser plugins, or common applications like Adobe Acrobat to bypass your computer’s security systems. Updating the software on your system can close that avenue of attack.

Step 5: Re-install Security Software

Once the scareware has been removed from your system, (re)install a reputable anti virus software package then use it to scan and clean your machine, once again. Scareware and rogue antivirus programs will often download and install other kinds of malicious programs while they have control of your system, including rootkits and keylogging programs. Make sure any secondary infections have been removed.

If automated removal fails, you may have to roll up your sleeve and attempt to manually remove the scareware from your system. This isn’t a straight forward process, and will vary depending on what kind of scareware and malware program(s) have been installed. However, if you know what has infected your computer, various tutorials are available online, at Websites and user forums like

Fortunately for you, there are both free and premium tools available online that will detect and remove rogue antivirus and scareware programs. Kaspersky Lab (which owns Threatpost) offers the free Kaspersky Removal Tool for this purpose. Others are Hijackthis from Trend Micro, MBAM, offered by and so on. If you were running antivirus software, that was disabled by the scareware, try reinstalling it on the infected system using the installation disk.

Step 2: Don’t Pay

Don’t Pay! Whatever else you do not pay to “license” the scareware, says Brulez. Scareware and fake antivirus programs are malicious and are created and distributed by criminal organizations. Paying the licensing fee may temporarily free up your system and remove the fake warnings and alerts generated by the program, but it will only be a matter of time before the folks behind the scam will be back for another swipe at your wallet.

The first step in dealing with a scareware is to understand what has just happened to your computer. Victims often ignore or miss the signs of a rogue AV infection, says Nicolas Brulez, a senior malware researcher at Kaspersky Lab. This is especially true with scareware, which tries to fool you into believing that it is a legitimate program trying to help you with a virus infection. Understand that, while you haven’t been infected with the viruses you’re being warned about, you have been infected with scareware.

Where to Begin

Scareware is one of the most pernicious online threats. For those who have been infected, it is also one of the hardest to forget. Rogue antivirus software and other forms of scareware hold victims hostage: shutting off access to their desktop and most of the Internet, disabling security software and preventing them from removing the malicious program. Behind the scenes, scareware often installs other malicious programs, like Trojan horse and bot software. If you’re unlucky enough to get infected with one of these bad boys, what can you do to remove it?

As attacks on mobile devices such as iPhones, iPads, Android phones and tablets have surged in recent months, security researchers and customers have continued to look for ways to lock down their devices and protect the data they store on them. Whisper Systems has jumped into the fray with WhisperCore, a new device-level encryption application for Android.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.