Results 1 to 11 of 11
  1. #1

    Exposing Fake Antivirus Programs

    The most pervasive Malware trend I’ve noticed lately is the proclivity for bad software to masquerade as though its antivirus software. These prompt you to confirm the popup messages in order to protect your PC, while in fact doing so will give you the very infection you were hoping to avoid.
    ... Return to article to continue reading.
    Last edited by I.M.O.G.; 04-07-11 at 09:43 AM.

  2. #2
    Member
    Join Date
    Nov 2004
    Posts
    1,174
    yeah, I'd say about every personal computer i've fixed for malware infections have those fake AVs.
    Workstation - Windows 7 x64
    AMD 1055T
    Server - ESXi 5.0
    INTEL E5-2603

  3. #3
    Fronting as a Mod Member
    Seebs's Avatar
    Join Date
    Aug 2010
    Location
    Sunshine State
    Posts
    3,412
    I am so glad I don't make a living out of fixing other people's computers... I do however get the occasional frantic call from a friend that has found him/herself in a "malware pickle". I am not a patient guy by any definition of the word and most times I will help them out while at the same time showing them that all those infections can be easily attributed to an "I-D-10-T" error. They're not too happy once they figure out what "it" means, but if you have to click through four confirmation messages to get a virus and still can't be bothered to read before you click; I think being called and idiot is the least you can expect when having your PC cleaned for the third time.
    Daily Driver: GA-890FXA-UD5 - Ph II X6 1090T - 16GB DDR3 1333MHz - MSI R9 280X Gaming Edition/HD 5670/HD6570 - Venomous X Black + G1238B12BBZP-00 - TX850V2 - CM 690 II Advanced
    Join the "Benching Team" - We have secret sauce! - OptyTrooper: GPUs are for burning not playing games anyway
    Kona on League of Legends: This game sits about as well with me as a gallon of prune juice does, and the results are just as nasty.
    I done got Pinked...

    Be sure to pre-tin everything (even soldered stuff!) with leaded solder. None of the RoHS junk. You want good old fashioned toxic heavy metals. ~ Bobnova

  4. #4
    Member G33K454URU5 R3X's Avatar
    Join Date
    Apr 2011
    Location
    OH-IO
    Posts
    347
    The problem is that virus creators are getting more tricky; explotied PDF's, clickjacking, SQL injection, search poisoning...at one time, it was very easy to blame the user (and still is, to some extent - think Limewire) - however, the way some of this malicious content is being delivered is becoming increasingly tactful.
    i7 2600K @ 3.4GHz
    Corsair Vengeance 16GB DDR3
    ASUS P8P67 Pro
    EVGA GTX 570

    If you are thinking about getting certified in a field of IT, please make sure you aren't using a braindump website. It discredits the certification, and makes those who worked hard for their knowledge less credible as well.

    "No braindumps. No stolen exams. No excuses."

    Current studies: GCIH, GREM

  5. #5
    Member SteveLord's Avatar
    Join Date
    Jan 2005
    Location
    Iowa
    Posts
    5,216
    Last week I cleaned this off a computer at work. And a laptop that was loaned to someone was hit as well. Had a recent image of that one though.

    Been fighting these for years...
    "There are two kinds of pain. The sort of pain that makes you strong,
    or useless pain. The sort of pain that's only suffering. I have no
    patience for useless things."

    __________________

  6. #6
    Researches Meritless
    LIES for the Front
    Page and Super Mutterator

    Overclockers.com Editor
    First Responders

    EarthDog's Avatar
    Join Date
    Dec 2008
    Location
    Stuck in Maryland...
    Posts
    45,443
    A giant +1. Great article!

    We are currently figthing a virus outbreak at my office. 450 PC's were infected with Worm:Win32/Rorpian.A, and no a conficker, and something else. Although this is only affecting print servers at the moment and causing reboots, its a lot of lost productivity.

    "We have more information and more ways of accessing it than ever, yet seem increasingly less inclined to do so."- Michael Wilbon

  7. #7
    Special Member ★ madhatter256's Avatar
    Join Date
    Jul 2008
    Location
    CFL
    Posts
    2,256
    I've been dealing with these for almost 2 years now.

    I had one customer who fell for one and paid for it, however, each time they put their credit card number, the program would say the number is not valid and ask for another one. The customer was gullible enough to try 3 other cards and they all said the same thing and this made him bring the PC over to me to try and fix it. After he told me what he did I told him to immediately cancel those credit cards as it obviously just took as many card numbers as much as possible.

    Some programs do go away after you pay for them, but then come back a month later with the same problem. Throughout that time it just spies on you and logs your key strokes.

    Really nasty ones will inject rootkits into MBR and OS systems (or something like that). I had this one PC where I did do a format/reinstall of the OS. I just did a quick format, not a low-level one via KillDisk. After installing the drivers and going to Windows Update, this pop-up came up that I needed virus protection and all I've installed were drivers, nothing else. So, obviously there was something left over even after doing the format that allowed it to detect the internet connection and reinstall itself.

    Lately, I've had great success with live-CDs of Linux, especially BitDefender Rescue CD. Afterwards I would run Malwarebytes/combofix to clean up whatever bitdefender didn't find and it all works out in the end.

  8. #8
    Special Member ★ madhatter256's Avatar
    Join Date
    Jul 2008
    Location
    CFL
    Posts
    2,256
    Quote Originally Posted by G33K454URU5 R3X View Post
    The problem is that virus creators are getting more tricky; explotied PDF's, clickjacking, SQL injection, search poisoning...at one time, it was very easy to blame the user (and still is, to some extent - think Limewire) - however, the way some of this malicious content is being delivered is becoming increasingly tactful.
    This is true as I have had church ladies get infected and they barely use the Internet (some still on dial-up) and don't allow anyone else on it, but they were browsing some church site when the "pop-up" came up. So even legit sites can get overtaken with malware and spread it.

    Firefox + noscript really does help, but is too advanced for the average PC user.

  9. #9
    Member
    Join Date
    Oct 2009
    Location
    USA
    Posts
    184
    Quote Originally Posted by madhatter256 View Post
    This is true as I have had church ladies get infected and they barely use the Internet (some still on dial-up) and don't allow anyone else on it, but they were browsing some church site when the "pop-up" came up. So even legit sites can get overtaken with malware and spread it.

    Firefox + noscript really does help, but is too advanced for the average PC user.
    I tried out noscript for a while, but it's a real hassle to work with, since legit sites all depend on scripts also. And how do you really know that any given script is bogus?

  10. #10
    Special Member ★ madhatter256's Avatar
    Join Date
    Jul 2008
    Location
    CFL
    Posts
    2,256
    I disable it when I'm on legit sites, like yahoo, google, and my bank site, as well as newegg, but when i surf everywhere else, i turn it on. I just don't let it load ad servers.

  11. #11
    Member Daemonkin's Avatar
    Join Date
    Aug 2010
    Location
    Ringgold, Ga
    Posts
    1,033
    Quote Originally Posted by xXSebaSXx View Post
    I am so glad I don't make a living out of fixing other people's computers... I do however get the occasional frantic call from a friend that has found him/herself in a "malware pickle". I am not a patient guy by any definition of the word and most times I will help them out while at the same time showing them that all those infections can be easily attributed to an "I-D-10-T" error. They're not too happy once they figure out what "it" means, but if you have to click through four confirmation messages to get a virus and still can't be bothered to read before you click; I think being called and idiot is the least you can expect when having your PC cleaned for the third time.
    Seems always to be that error or a PEBKAC error. Always the worst ones.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •