Alarms go off and the computer lights up like a Christmas tree, my wife yells from downstairs: “We have a Virus!”. My heart races and I believe that I am suffering from tachycardia. I quickly scream to her: “Touch Nothing! Hands off the keyboard!”. Even before I inspect the computer, I tell her it is probably a fake Anti-Virus trying to trick her into downloading this malicious code. Right away, I see this professional looking window that lists a bunch of file infections and asking for a full scan or for the user to buy the software to remove the viruses that do not even exist. It will even pretend that it is scanning and then generate a fake report of all your bogus infections. Pretty clever business which makes a lot of money tricking unsuspecting users. They call this type of malicious software – Scareware as it instills fear into users which out of panic causes them to make the wrong decision.
What should I do if the pop-up above appears? Definitely, do not close this window or click on any part of it. Clicking on it or closing the window directly may cause other malware to be secretly download to your computer. You should exit the browser if you can without clicking on the Fake AV window. If this is not possible, you can kill the process using Windows Task Manager. If you do not know how to do this, shutdown the computer.
All real AV companies will allow you to trial the software before buying. Scare tactics or buy on impulse should raise suspicion and make you stay away. In addition, AV scanning takes time. If the scanner shows many infected files immediately, it is highly unlikely that it can detect this so fast. A scanner would show a first threat or infection, launch a scan with a progress bar, and then more infections would be seen. You can also search for independent reviews on the Fake AV which will probably clearly give you tips to stay away.
Some other names of these Fake AVs are: Antivirus 2008, Antivirus 2009, Antivirus 2010, Antivirus Live.
If you are already infected, it may be hard to remove and you may have other malware. My recommendation is always reimage but you can take your chances with removal instructions such as:
When in doubt, do not click! Never let your alter ego prevail as it usually spells trouble.