Rouge Programs “scareware”

What exactly is a Rouge Program and how does it work? A Rouge Program, also know as “scareware”, are programs designed to bypass or disable the computer’s anti-virus software.

Most Rogue Programs express that they are legitimate, in reality they are imitations of real programs. For example: Microsoft Removal Tool is a real program. The Rouge version is MS Removal Tool.

They also use aggressive sales tactics that will include adware, or Trojan Viruses that display fake security alerts. Many of these program claim that they are sponsored by major companies and have won awards on their program.

What their ultimate goal is, is to convince you to purchase their award-winning software. The developers of these Rouge Programs need to sell as many copies of their program as quickly as possible.

The most common way these programs operate is to display fake scanning results or highly exaggerated results. They do this by performing a fake scan in order to make you download their program. When the actual scan is completed, they will display a list of files and Windows Registry keys flagged as threats. Meanwhile, most of these infections the Rouge Program created and installed in your system in order to trick you into purchasing their ‘licensed software’.

Unfortunately, there are a few legitimate companies that are actually quite popular in today’s market and they use this form of scare tactic. Once purchased the software may protect you. However, it is hard to determine which is real and which is fake. But any company that uses scareware tactics is not worth betting on to protect you or your data.

The internet is mostly used to surf for specific information, like: the news, videos, pictures, etc. Rouge Programs place themselves strategically across the web in order to get the most clicks.  For the sake of this article, let’s pretend that we are helping our son browse the Internet for specific information on dinosaurs so he can complete his report on-time. By “on-time” we are talking about tomorrow, because like any kid, critical reports tend to magically find themselves at the extreme bottom of the to-do List.

Before we take our seat in front of the computer our vigilance for potential problems are clouded by our rush to complete the task before bedtime. We type in “Dinosaurs” and begin opening links to ferret out the information we so desperately need.

The first search proves fruitless. We scan the search list again and click on a likely link. Suddenly a new window flashes open and it looks exactly like Windows “My Computer” screen. It shows the computer scanning the hard drives. Beside the drive letter is red text indicating how many viruses are being found. The numbers are staggering as they rapidly increase before our eyes.

Now the fear kicks in! How much data will be lost? Will the computer be useless? Is personal information being stolen? Will I lose all of my photos?

The scan completes and the program asks if you want to remove the infections. Our heart is pumping, and our skin is damp with perspiration. Of course we want to clean the infections! We click the button.

Unfortunately, this is where the fatal mistake is made. Can you see the judgement error? The way a Rouge Program or “Scareware” works is by using fear to cloud your judgement. These programs are tricky, they appear genuine and they promote a feeling of safety.

The first mistake was made by believing that our hard drive was being scanned. This is the most common ploy used. The screen that appears to be the “My Computer” screen is nothing more than an elaborate website carefully crafted to look and feel like the “My Computer” window. In this stage the program has absolutely no access to the computer’s drives.

The second mistake is not trusting the anti-virus software that is installed in the computer. Any authentic anti-virus program would have picked up these infections. Your computer simply cannot have dozens of infections, let alone thousands without the anti-software being aware of it.

The fatal mistake was made by clicking the button to clean out the infections. The moment this button is pressed we gave permission to the Rouge Program to download its files into our system. Once completed the Rouge Program will announce that it cleaned some of the viruses but you will need to pay them in order to complete the cleaning process.

When the Rouge Program appeared to be scanning and cleaning your drives, it actually installed some files that have disabled the anti-virus software from running. It also shut off all other security programs like anti-malware and anti-spyware. Additionally, it has disabled all internet browsers so they cannot access the internet. Some Rouge Programs will allow internet access, but disable the ability to download files, especially anti-virus downloads.

At this point the Rouge Program has taken the necessary steps to inhibit access to any program that has the potential to remove it. The program will also position itself in the startup sequence so it will be the first program that loads after the initial boot. Some advanced Rouge Programs will disable the ability to access Safe Mode and the ability to perform a System Restore.

Don’t feel powerless, there are things you can do in order to protect yourself from harm. Stay alert and aware while you surf the web. Trust the anti-virus that you have paid for to warn you of viruses. Most importantly, think twice, click nothing.

Huh?

Think twice. Click nothing.

No matter what happens on the web, you should never react before you think. If something does not seem right, or frightens you, the best thing to do is sit back and think. Ask yourself if you have an anti-virus program installed in your computer? Ask yourself if the anti-virus is up-to-date? Look at the screen, are you still on a webpage? Look at your programs in the task bar at the bottom of your screen, and you should recognize the programs listed. Do you recognize the name listed on the active window? Is it the name of your anti-virus program?

What should you click? Nothing. Do not click anything! Let go of the mouse. Rouge Programs are tricky.  They NEED you to click them. Avoid the desire to click the small red ‘x’ that we are so used to clicking to close a window. Sometimes these Rouge Program windows are click-sensitive, so anywhere you click will access the program. In order to close the window, use your keyboard and press Ctrl+W. This sequence will close the active window. Depending on your operating system, this feature may not work. Try one of the following: ALT+F4 or Ctrl+F4 or ALT+Spacebar to open the shortcut menu of the open window and then TYPE in the corresponding letter to close the window.

If this does not work, then try to use your mouse and access the start button. Then click shut down to shut off your computer. Understand that you will lose any unsaved data. If you can, save and close your programs, however, in most cases the Rouge Program will not allow you to.

If you cannot use the start button to shut down, try the Windows symbol on your keyboard. This should open the start button menu. If your mouse still does not work, then use the arrows on your keyboard to navigate. If you do not have a start button symbol, try Ctrl+Esc.

In the event this fails to work, press and hold the start button on your computer to force the machine to shut off. Use this only after you have exhausted all other means as this is not a healthy way to shut down on a continuous basis.

Once you restart the computer make sure you run a scan of your system using the anti-virus software you installed.

In the event you have installed a Rouge Program in your system and you cannot remove it, you should bring the unit to an experienced technician to remove the program and all malicious programs. Many of these programs are layered in a fashion so they continue to work even though you think you uninstalled them. Removing them from the surface does not necessarily mean you removed it from the startup and registry.

Remember: Think twice. Click nothing.