On FastSupport site, you are offered to call tech support. They will ensure you that your PC is infected, and offer you to scan your PC for viruses. All such claims, however, are 100% scam. Along with the appearance of that notification, you will likely see the PC performance decrease, advertisements spreading through the websites, possibly redirects of your search queries. FastSupport page opening serves as a litmus test which makes things much more clear. This performance plummeted, together with the FastSupport site appearance are sure signs of adware. In this post, you will read how to get rid of that virus, and also the method which is used by these cybercriminals.
What is FastSupport and why does it appear time-to-time?
As I have described in the first paragraph, opening this website without your intention is a sign of malware presence. These days, fake support malware is getting more and more widespread. Counterfeited Walmart/Home Depot advertisements, fake Microsoft alerts about pornographic virus – all these things are not a flashback from the ’00s, but actual malware. Every such banner brings to the developers of this adware a substantial amount of money. FastSupport page is just one of the advertisements you can see when there is adware onboard. The exact variant of the virus may be different, because the scammers may buy the advertising at any of the adware developers.
If you follow one of these ads, you will definitely get another virus on your PC. No one checks the goodness of those advertisements, and no one will spread a good and legit software/service through adware creators. Hence, the developers of that virus can only offer you another virus, unwanted program1, or, possibly, all together.
Such website is not an exclusion. It offers you to create a technical support ticket, specifying a phone number and email address, using the form posted on this fake website. Then, scammers will call you. During the call, they’d try to ensure you that your PC is full of viruses, and needs an innovative security tool. In fact, that tool turns out classic scareware – pseudo-antivirus which shows you that you have an enormous amount of viruses or vulnerabilities on your PC. To remove these “problems”, you need to purchase a full version of the “antivirus”.
Scareware shows no true problems, since there is no need, to be honest with the customer. Its target is to scare the users, bring them into a panic to force them to pay for the duration for all these “awful problems”. How to distinguish a good, but unknown antivirus from scareware? Try to perform a standard scan with both tools on a clean, fresh-installed system. A benevolent program will not detect anything, while the fake anti-malware software will choose the random files from your system folder, mark them as malicious, and block them.
How dangerous the FastSupport scam is?
As victims say, those scammers can not only promote questionable antivirus apps but also ask you to give them remote access to your PC. Allowing to remotely connect to your PC gives the criminals the ability to do anything they want – download and install any programs, change different (sometimes even crucial) system settings or even check your personal data.
I have mentioned that fake antiviruses that are heavily promoted by FastSupport scam are choosing random files on your disk and claiming them as malware. When you have that pseudo security tool installed on a used system, one or several of your programs will stop working. Scareware will just block some of the files of these programs, saying that they are malicious or vulnerable to malware attacks. The more often you use that app – the bigger the chance that fake antivirus software will block it.
The scareware itself can also carry some more dangers. Such apps as sAntivirus or Segurazo Antivirus have a lot of undeclared functions, which allow these programs to collect the data about the user’s PC, the most popular programs, activity periods, etc. Data collection is a clear sign of spyware2 – a virus that steals your credentials, banking information, information about your PC, and a lot of other things. And it is not so easy to remove these “anti-malware” programs – they are not displayed in the list of installed programs, as well as have no uninstall.exe file in the root directory.
Finally, the adware that caused the FastSupport.com site opening can barely be called safe. Unintentional clicking on one of these ads can lead to unpredictable consequences. You can get off with a slight fright, as well as get another virus, or potentially unwanted programs. Such a dangerous malware as coin mining trojans are distributed massively exactly through the ads shown by adware. Search results substitution can also make browsing impossible since you cannot find a relevant result.
How did I get this adware?
In the majority of cases, you get the malware through the malicious advertisements on the web, or through the free/hacked programs you get on the Internet. You can avoid the first way of spreading easily – just stop clicking the ads on websites. Yes, you can find useful things promoted on them, but something like winning a prize in a lottery you haven’t taken part in, or purchasing a new PC with a 90% discount is likely a scam.
Software bundling is a widespread practice among the virus developers. Users who hack the programs to make them usable without purchasing a license approve any offer to include another program in the pack, because they are gaining money in such away. Usually, users click through all installation processes, paying no attention to the contents. Check precisely the installation window for signs like “Advanced installation settings” or so. The ability to switch off the malware installation often hides under such items.
How to get rid of virus?
Since that scam website is shown by a virus, your browser was damaged. Adware changes different browser configurations in order to show you the banners and open pre-paid websites. Hence, to get rid of the malware you need to reset your browser settings in addition to malware removal.
Manual removal of that virus may be quite hard. Adware, which calls the appearance of this scam website, stores its files in several distributed directories, so it is quite hard to find and delete them all. If you are missing to delete one, the virus will likely be able to recover itself.
Resetting the browser settings maybe even more difficult. As I have mentioned before, this adware changes the configuration files. To recover them, you need to reinstall the browser. That action may lead to data loss if you don’t use the cloud accounts. Another way is to find the changed rows inside of the config file, and then change them with original ones. Things are getting even harder, aren’t they?
First of all, we need to get rid of the virus. If you perform a browser reset before removing the malware, its settings will be changed, again. For this instance, I’d recommend you to use GridinSoft Anti-Malware3.
Removing the viruses with GridinSoft Anti-Malware
I hope this guide helped you to get rid of this annoying banner. Share this article with your friends or colleagues who also got that virus. Good luck!
Now, when the malware is removed, you can execute the next step – reverting the browser settings.
Reset browser settings to default
Manual method of browser reset
To reset Microsoft Edge, do the following steps :
- Open “Settings and more” tab in upper right corner, then find here “Settings” button. In the appeared menu, choose “Reset settings” option :
- After picking the Reset Settings option, you will see the following menu, stating about the settings which will be reverted to original :
For Mozilla Firefox, do the next actions :
- Open Menu tab (three strips in upper right corner) and click the “Help” button. In the appeared menu choose “troubleshooting information” :
- In the next screen, find the “Refresh Firefox” option :
After choosing this option, you will see the next message :
If you use Google Chrome
- Open Settings tab, find the “Advanced” button. In the extended tab choose the “Reset and clean up” button :
- In the appeared list, click on the “Restore settings to their original defaults” :
- Finally, you will see the window, where you can see all the settings which will be reset to default :
Opera can be reset in the next way
- Open Settings menu by pressing the gear icon in the toolbar (left side of the browser window), then click “Advanced” option, and choose “Browser” button in the drop-down list. Scroll down, to the bottom of the settings menu. Find there “Restore settings to their original defaults” option :
- After clicking the “Restore settings…” button, you will see the window, where all settings, which will be reset, are shown :
When the browsers are reset, you need to make sure that your web browser will be connected the right DNS while connecting to the website you want. Make a text file named “hosts” on your desktop, after that open it and fill it with the following lines4:
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Find the hosts.txt file in C:/Windows/System32/drivers/etc directory. Rename this file to “hosts.old.txt” (to distinguish it from the new one), and then move the file you created on the desktop to this folder. Remove the hosts.old from this folder. Now you have your hosts file as good as new.
Nevertheless, there is one problem that makes things a lot harder to restore, especially without the anti-malware program. As I have mentioned, FastSupport scam implements serious changes in your web browser configurations. For some of them, it is impossible (or much harder) to do it manually, since you need to open each config file and change the modified rows to their original state. Another problem that any mistake on that step can make the browser completely unusable. So, using GridinSoft Anti-Malware for that target is a much more reliable choice.
Reset your browser settings with GridinSoft Anti-Malware
To reset your browser with GridinSoft Anti-Malware, open the Tools tab, and click the “Reset browser settings” button.
You can see the list of the options for each browser. By default, they are set up in a manner that fits the majority of users. Press the “Reset” button (lower right corner). In a minute your browser will be as good as new.
The browser reset is recommended to perform through the antivirus tool by GridinSoft because last is also able to reset the HOSTS file without any additional commands.
User Review
( votes)References
- Detailed information about unwanted programs from Wikipedia.
- Read about spyware on Wikipedia.
- GridinSoft Anti-Malware review and explanations why do I recommend this program
- Official Microsoft guide for hosts file reset.