Friday, May 23, 2008

Worm Attack Or A Fake Anti-Spyware Program

I was expecting some nice gifts and not being threatened with worm.win32.netsky on Christmas day morning. When I turned my computer on windows security alert boxes kept popping up to say that my computer had been hacked into and had a virus and another warned that it had been infected by worm.win32.netsky. My Internet Explorer was constantly opening and trying to take me to spyware removal download sites.

There were 3 new icons on my desktop 'privacy protector', 'Error Cleaner' and 'spyware & malware protection'. I had definitely not downloaded them so I reasoned that they could only be part of the problem that I was having. They started scanning by themselves, one told me that I had 161 spyware problems and another 243. Worm.win32.netsky was at the top of both lists and lower down were references to credit card hacking. My desktop turned dark red and a warning bar appeared telling me to click on it to protect my computer.

At first I was worried then logic took over. My virus and spyware software, which comes with my broadband service, updated the day before and when I ran a check it came up with nothing. I had vaguely heard of worm.win32.netsky and did not think that it was so new that a virus scan would not pick up on it. I figured that the whole attack was to panic me into buying one of the products. I am stubborn and if I buy spyware protection it would not be through those methods.

I did a google search for worm.win32.netsky and found a long list of sites. Most of the sites described it as part of the netsky family of email worms that comes to your computer as an email attachment. When you click on the attachment the worm activates then installs itself on your computer and propagates. It harvests email addresses stored on your computer and spreads further by sending itself to them. One or more spyware removal downloads were recommended, but I still did not believe that the computer was infected by anything more than bullying sales methods.

I finally found a forum where a member had described exactly the same thing happening to him. Apparently Worm.Win32.Netsky is a scam, fake malicious software called Smitfraud, an anti-spyware program trojan, engineered by Internet hackers. A fraudulent way to get you to buy spyware removal software. He was pointed in the direction of SmitFraudFix v2.274 and the fix worked for him. I downloaded it and used it and thought that it had worked.

The next day the warnings and desktop icons reappeared. I quickly ran Smitfraudfix again and then I restored my computer to 14 days before the problem appeared. So far so good, the fix and restore seem to have worked. SmitFraudFix v2.274 which apparently only works with Windows XP or 2000 was a free download so the whole thing cost me nothing but time and anxiety. Just to make sure I got a free download of Spyware Doctor from Google and ran it to make sure that my computer was clear and deleted cookies with it.

One of the sites that my IE insisted on going to was selling XP Antivirus. If you do a search for XP Antivirus you will find claims that it is a corrupt anti spyware application that will try to trick you into buying it by falsifying error reports. Do not even think about buying it. XP Antivirus will not remove spyware it will not do anything useful, just scam you out of money.

Where did the problem come from? I am not sure. I had not opened any email attachments for months and would only open attachments if I were expecting them. I downloaded some ebooks and software the day before but had not opened them at that point. I always check downloaded files with a virus scan before I unzip them anyway.

Another possibility is that I visited a dodgy site and the rogue anti spyware program leached onto my computer. In fact when I thought about my surfing the night before it is the most probable explanation. No I do not make a habit of visiting dodgy sites! I was checking my article directory stats and towards the top of a long list of incoming links was a domain that I did not recognise. Out of curiosity I clicked on the link and was taken to a porn site. I did not stick around long enough to see if or why there was a link to my directory, but I will have to do a search to see if any of the articles have links to that site and delete them if they have.

I recall that several years ago when I ran a magazine I checked a link from an advertisement that a subscriber had wanted me to publish. That was a porn site and a virus attacked my computer immediately afterwards. I got rid of the virus and needless to say I did not accept the ad. As I check the links with the articles submitted to my directory I cannot be as careful as I would like to be.

They say that curiosity killed the cat; well it only inconvenienced and annoyed this one. The whole thing is fraudulent and a scam. I am really glad that I did not get caught out but no doubt many others will. Fortunately I always do a search if I am unsure of anything or want to find out about something. The best and most honest answers or information usually comes from forums, not the sites with reviews and links to the products.

Of course worm.win32.netsky might really have been a worm from the netsky family then I really would have had a bigger problem to deal with. I thought that my broadband virus and spyware software would look after my computer but I will now look for something better. I really cannot understand the mentality of the malicious people who manufacture worms and viruses, or the scamsters who try to trick you out of your money.

Patricia Jones owns several websites including a travel destination site, a free digital download site and a website hosting service

?gclid=cnbc2drehpmcfrsyewodxldqsw
Related Products Bg2
?gclid=cij325mdojmcfrsdewodvw15rq
?gclid=cin09c2hnpmcfqy3egodygneqw
Verifydevice T
?gclid=ckqzremtizmcfriaewodtvl8ua
Rss Title
?gclid=cklu47 Cnpmcfqmyewodysdrrg
?gclid=co3wgpy1mjmcfq01egodbtcwqq
?gclid=cn3skitqnzmcfq42egodzifmqg
?gclid=cjk Tmv8lzmcfrgxewodkibcsw
Join Events
Bottom01
?gclid=cmwi6e2lojmcfrcdewodfhojqq
?gclid=cjyqs8lslzmcfrazewodyq Ltw