In my day-to-day work as an IT guy, I run into this scenario a lot: A home user just purchased a brand new computer running Windows 8.1 from a local technology retailer. The system comes preinstalled with anti-virus (AV) software such as McAfee, Norton AV, Kaspersky, or Trend Micro, to name a few. Unfortunately, most of these antivirus programs are time-limited free trials. However, Windows 8.1 does come with Windows Defender, which in older versions was known as Window Security Essentials, which is essentially the same program.
Sadly, the average PC user will only protect their system using the antivirus software that comes bundled for free, and they will never upgrade the apps or even run updates. I have also seen systems brought in that are infected with malware and spyware, maybe even a rootkit or two and the AV software has expired. Another typical scenario I see is where the user has two AV's running at the same time, which can cause the entire computer to slow way down and to have major performance issues. Technically, the user could go online and read security blogs to get the correct information on how to remove such infections, but they seldom do.
Where is All This Malware Coming From?
There is a lot of free software available on the internet, but with all that free software there is often hidden malware inside on some free software sites. Recently, I have even seen this while visiting sites that I download updates from on a regular basis. Many of these sites have changed the look and layout to be more confusing. They are including multiple download buttons to other applications, so you’re never sure if you’re downloading and installing what you had intended. For example, I went to download an updated app and on download page of the site there were four separate buttons labeled “download.” But which button is the real one? This crazy button situation is where a novice user could get in more trouble than it's worth for them to try to get that application for free. This scenario is even worse if the app they’re attempting to download is used to prevent malware. This whole confusing situation makes it more trouble than it’s worth for users to try to fix their system themselves.
Even some (previously) reputable sites are now including pre-checked checkboxes in the fine print of app installers. Most users would not see or notice this while installing the app, and now they have unwittingly installed another app alongside the original. You’d be surprised at how often this happens to the average user. I call and ask the client “do you need this particular app?” And the response I get is often “I don't know what that is,” or “When was it installed? I don't know how it got installed!” Most likely this malware was accidentally installed while the user was installing other applications.
What Does This Malware Look Like?
Some of the most common malware apps that accidentally get installed that can cause general issues with your computer are:
- Ask.com Toolbar
- Babylon Toolbar
- Any Registry Editor; a few common names for this one are; “Uniblue” (part of SpeedUpMyPC), RegFix, & RegCure
I recently removed just such programs from two identical systems that both also had expired antivirus software. Once I finished cleaning their systems of malware, I updated Windows Defender for them, ran a full scan, and now both of those systems are in working order, and a little better protected going forward.
Recently, a trend has appeared; some sites are now putting a wrapper around application installers, so when a user installs the software from these locations, the wrapper installs hidden software without even asking. This kind of sneakiness is what I like to call “evil shenanigans.” It's outrageous that sites we used to depend on for software removal are now conforming to the pressure of advertisers and letting ads take over their websites –all in the name of making money from free applications.
What Should You Do About It?
My recommendation to the average user is to tread carefully while downloading anything from the Internet. Pay close attention to detail when installing applications, or even checking to open an email. Being “click happy” and closing dialog boxes without even reading them, or clicking “OK” on an installer pop-up window without reading what you may be agreeing to, is very dangerous! I would say this is how most users end up with malware, spyware, and infections. When your internet browser starts acting strangely—weird pop-ups or your search engine changes, or new toolbars you don’t recognize randomly appear—there’s a good chance your computer is infected. And if you don’t have up-to-date antivirus, you’re asking for trouble.