Expert: Carolyn Meinel - 2/7/2010

Question
A friend's computer sent a message for "Help" because she was in London & had all credit cards & money stolen.  The message was sent to everyone in her address book, her address book was erased, and whatever did this took over & responds to her email address. She ran Norton & McAfee but can't locate it on her system.
Do you know what it is & how to get rid of it?

Answer
Wow! First of all, I hope your friend called, or will soon call the local police and make a crime report. This could help if anyone who received those emails lost money by responding to the bogus call for help. With a police report in hand, then anyone who lost money has a better chance of getting it back as most credit cards will reverse a bogus charge, thus depriving the criminals of their ill-gained loot.

Now, to get rid of this dangerous infection, here's what will almost certainly work.

1) Download either Kapersky Internet Security, which offers a free 30 day trial at http://kapersky.com or F-Secure's Complete Internet security suite, which offers a free thirty day trial: https://store.f-secure.com/cgi-bin/dlreg/ml=EN?ID=FSISTB&desid=TRIAL

2) Disconnect from the Internet.

3) Uninstall all antivirus programs. Indeed, if your friend was running both Norton and McAfee at the same time, this could have caused them to not be able to remove the infection, as they will fight each other. Removing all antivirus programs before installing any new one is absolutely essential because otherwise it and either F-Secure or Kapersky also will fight each other and might crash the computer. Also, it isn't good enough to just temporarily turn off the old antivirus rpogram(s) because they may have been crippled by this malware infection.

4) Install the Internet Security product. Download any updates available.

5) Run a complete scan of the computer. Follow any instructions it might give.

6) Reboot.

If this works, your friend can either keep her new Internet Security product or uninstall it and reinstall her old antivirus from either a download of the latest version from their website (if that's how they sell it) or from the disk it was on when you bought it. Be sure to get all the latest updates right away. Usually antivirus companies are pretty good about updating their programs whenever some new attack becomes able to evade or cripple their product.

If she wasn't running an antivirus program that includes antispyware protection and a firewall, then I recommend that she not reinstall her old program. Nowadays we need total protection, and this includes antispyware and a firewall.

7) To prevent future infections, don't use Internet Explorer, as it is susceptible to introducing viruses, adware and spyware into your computer. Instead she could use Google Chrome, free from http://www.google.com/chrome