When attempting to download the VEOH web player (to watch videos online) a piece of security software called “Security Centre” installed very quickly before I could do anything else. The Security Centre application closed all running programs and commenced scanning the system, eventually showing a number of files which were (supposedly) infected with a virus. In order to remove the infections the software insisted that I must pay for the full version. Even more frustrating is that now whenever the computer starts the opening screen is the Security Centre page trying to connect to the internet for purchasing the software. I cannot stop this from happening using CTRL-ALT-DEL and cannot install the software through the Add/Remove Programs control panel as it is not listed. It also seems to be preventing me from running programs such as Microsoft Office, claiming that the relevant program file is infected. After spending a lot of time with this problem I found no alternative but to purchase the software, subscribing to the software for a two year licence at $50.00. However, to my frustration $70.00 was deducted from my credit card for the “lifetime” subscription! In any case, it now seems to have cleaned the supposedly infected files although the program is still present on the computer (I can see the icon in the system tray, next to the clock in the bottom right-hand corner of the screen). The Windows Firewall also appears to be disabled, although I cannot say whether this was caused by the Security Centre software or was disabled beforehand. How can I get rid of this software once and for all while also preventing this from happening again in the future? The computer is running Windows Vista.

Your experience is unfortunately quite common, whereby a piece of software installs itself on your computer and claims to have found infections which need to be fixed and the only way to clean these infections is through purchasing a full licence for the software. In such cases it is very unlikely that your computer is actually infected with any viruses, but instead the fake security software is simply making this claim to trick the unsuspecting user into purchasing the software. As you can see, in most cases the only malicious software in this case is likely to be the fake security software. Therefore, under no circumstances should you pay for unsolicited software which says that it will only clean an infection if you pay for the full version – legitimate security software will not make this claim but will likely instead allow you a trial period in which you can use the software without limitation to properly evaluate its features. Furthermore, as you have discovered in many cases when you do surrender your payment details (such as a credit card) you may be charged for something which you did not want, since there is often quite a bit of fine-print which you may not read, surrounding such transactions that result in you having to pay more than originally was apparent. In this case it may be worthwhile taking up the transaction with your credit card company to see whether it is possible to resolve the transaction since you were the victim of unscrupulous advertising. Additionally, it may be prudent to cancel your current credit card just in case the payment system used to purchase the software was not secure and the fake security software company now has your credit card details and could potentially conduct more fraudulent transactions in the future.

Now that we have established the illegitimate nature of this security software we need to determine a way to remove this from your computer. Since the software is still installed (indicated by the icon in the Windows system tray), this poses a potentially significant security risk. We know that this software is not legitimate and is quite questionable in its functionality and purpose and therefore we cannot trust this software at all. For all we know it could be monitoring all activity on your computer (including things like keystrokes and internet usage) then sending this information back to a central authority who could then use the data for who knows what purpose. As such, it is extremely important that we remove this from the computer. My rule of thumb is that once a computer has been infected with malware (or malicious software) that computer can never be trusted again. Even though you may be able to use anti-malware and anti-virus utilities, you can never be completely certain that all components of that malicious software have been removed – there could be components still resident on the computer which are invisible and not easily detectable, but still causing damage or potentially monitoring your computer usage. Therefore, I always recommend that following a major infection you backup any important information that you wish to keep and then do a complete reformat and fresh reinstallation of Windows on the computer.

As mentioned, your first step should be to back-up all data that you wish to keep. As the reinstallation will be destructive and result in all data on your computer being wiped, so you should ensure that any data you wish to keep is backed-up. I find the most convenient method of backing-up data is onto an external USB hard drive. These can be easily connected (through USB 2.0), relatively inexpensive, and also have a high storage capacity so one drive should be able to store all of the data that you wish to backup. Then, once you have reinstalled Windows it is just a case of reconnecting the external hard drive to your computer and copying the data back across.

After you have backed-up all important data that you wish to keep, you should insert either the Windows Vista DVD or, if your computer is a brand-name machine, a recovery CD/DVD that would have come with the computer and automates the reinstallation procedure. Restart the computer and it should proceed to boot from the disc in the CD/DVD drive. In the event that your computer does not boot from the CD/DVD then it may not be looking at the CD/DVD drive during boot-up. When a computer starts it scans each drive in the computer for an operating system. If an operating system is found on a drive then it stops searching other drives and immediately boots from that drive. Therefore, if the hard drive is being checked before the CD/DVD drive then it is likely that an operating system has been found on the hard drive so the computer stops its search and proceeds to boot from the hard drive. So, we need to tell the computer that it should specifically look at the CD/DVD drive for bootable media so that it is forced to boot from the disc within that drive. When the computer boots, a message should appear saying something like “Press F12 for additional boot options”. Tapping the nominated key should produce a menu that will allow you to boot from the disc. Once this has happened either the Windows Vista DVD or the recovery CD/DVD that came with your computer should provide a relatively easy to follow wizard interface to reinstall Windows. The most important thing to remember is that when prompted, ensure that you format (wipe) the hard drive, otherwise Windows may just reinstall over the top of itself which will not get rid of the infection.

Once Windows has reinstalled there are a few things that you must do before anything else. First, ensure that the Windows Firewall is enabled. I suspect that the Windows Firewall was not enabled previously which is how the computer got infected. Most malicious software packages look for security vulnerabilities (known as security holes) in the operating system as a method to get into the computer and install themselves. The Windows Firewall provides a basic level of protection and prevents unauthorised sources from connecting to your computer, so in theory even if there is a security vulnerability in your installation of Windows, it should block the connection thus preventing the infection (I say should because there are, of course, sometimes when people figure out a way to get around this, but on the whole it does provide a good basic level of protection). Once you have ensured that the Windows Firewall is enabled you should immediately run a Windows Update to download the latest security patches and fixes. This means that if your operating system does have any security vulnerabilities which have been recognised by Microsoft that these should be fixed, adding an even greater level of protection to the computer. Finally, download and install a reputable antivirus product. A good product is ESET NOD32 Antivirus (www.eset.com.au) which offers good protection while also having a relatively small footprint on your computer, so it should not bog down the performance of your computer. A 30-day trial of the software is available on the ESET website which should provide you with ample time to evaluate whether this product suits your needs and whether you wish to purchase the full product. Make sure that once you download and install the antivirus software, you immediately do an update (so that the latest virus definition files are downloaded, providing you with the most up-to-date protection) and I also suggest that you complete a full system scan. This should not strictly be necessary, because you have a fresh installation of Windows, but I always find it gives peace of mind to get a clean antivirus scan on a freshly built machine before you start reinstalling applications and copying across your data.

At this point you should have a fairly well running computer – firewall enabled, up-to-date with the latest Windows Updates, and up-to-date antivirus with a clean system scan. Then you can commence reinstalling applications on your computer (such as Office) and copy across your personal data.

As a final point, you asked the question about how you can prevent this problem from occurring again. Personally, I am very careful about software which I install on a computer. I only install software from a trusted, reliable source and never install or pay for anything which is unsolicited. You really just need to use good judgement whereby if something does not seem right, then do not risk it and don’t install the software. If you are ever unsure, a good way is to do some background research on the software that you wish to install – do a search in Google for the software name and see what other users have to say. In any case, it’s always best to err on the side of caution.