Results 1 to 11 of 11
Thread: Exposing Fake Antivirus Programs
04-07-11, 09:26 AM #1
Exposing Fake Antivirus ProgramsThe most pervasive Malware trend I’ve noticed lately is the proclivity for bad software to masquerade as though its antivirus software. These prompt you to confirm the popup messages in order to protect your PC, while in fact doing so will give you the very infection you were hoping to avoid.
Last edited by I.M.O.G.; 04-07-11 at 09:43 AM.
04-07-11, 09:52 AM #2
- Join Date
- Nov 2004
yeah, I'd say about every personal computer i've fixed for malware infections have those fake AVs.Workstation - Windows 7 x64
Server - ESXi 5.0
04-07-11, 11:44 AM #3
I am so glad I don't make a living out of fixing other people's computers... I do however get the occasional frantic call from a friend that has found him/herself in a "malware pickle". I am not a patient guy by any definition of the word and most times I will help them out while at the same time showing them that all those infections can be easily attributed to an "I-D-10-T" error. They're not too happy once they figure out what "it" means, but if you have to click through four confirmation messages to get a virus and still can't be bothered to read before you click; I think being called and idiot is the least you can expect when having your PC cleaned for the third time.Daily Driver: GA-890FXA-UD5 - Ph II X6 1090T - 16GB DDR3 1333MHz - MSI R9 280X Gaming Edition/HD 5670/HD6570 - Venomous X Black + G1238B12BBZP-00 - TX850V2 - CM 690 II Advanced
Join the "Benching Team" - We have secret sauce! - OptyTrooper: GPUs are for burning not playing games anyway
Kona on League of Legends: This game sits about as well with me as a gallon of prune juice does, and the results are just as nasty.
I done got Pinked...
Be sure to pre-tin everything (even soldered stuff!) with leaded solder. None of the RoHS junk. You want good old fashioned toxic heavy metals. ~ Bobnova
04-07-11, 12:12 PM #4
The problem is that virus creators are getting more tricky; explotied PDF's, clickjacking, SQL injection, search poisoning...at one time, it was very easy to blame the user (and still is, to some extent - think Limewire) - however, the way some of this malicious content is being delivered is becoming increasingly tactful.i7 2600K @ 3.4GHz
Corsair Vengeance 16GB DDR3
ASUS P8P67 Pro
EVGA GTX 570
Current studies: Too Many
04-07-11, 01:16 PM #5
Last week I cleaned this off a computer at work. And a laptop that was loaned to someone was hit as well. Had a recent image of that one though.
Been fighting these for years...
04-07-11, 01:27 PM #6
A giant +1. Great article!
We are currently figthing a virus outbreak at my office. 450 PC's were infected with Worm:Win32/Rorpian.A, and no a conficker, and something else. Although this is only affecting print servers at the moment and causing reboots, its a lot of lost productivity.Should I R0 my SSD? / Sandy/Ivybridge Overclocking Guide / Haswell Overclocking Guide / AMD Overclocking Guide / Power Supply Guide
SSD Reliability/Write Endurance / JOIN THE BENCHING TEAM! / Bulldozer Overclocking Guide
Want to see your writing featured on the overclockers.com Front Page? PM me, I can help!
"We have more information and more ways of accessing it than ever, yet seem increasingly less inclined to do so."- Michael Wilbon
04-07-11, 01:30 PM #7
I've been dealing with these for almost 2 years now.
I had one customer who fell for one and paid for it, however, each time they put their credit card number, the program would say the number is not valid and ask for another one. The customer was gullible enough to try 3 other cards and they all said the same thing and this made him bring the PC over to me to try and fix it. After he told me what he did I told him to immediately cancel those credit cards as it obviously just took as many card numbers as much as possible.
Some programs do go away after you pay for them, but then come back a month later with the same problem. Throughout that time it just spies on you and logs your key strokes.
Really nasty ones will inject rootkits into MBR and OS systems (or something like that). I had this one PC where I did do a format/reinstall of the OS. I just did a quick format, not a low-level one via KillDisk. After installing the drivers and going to Windows Update, this pop-up came up that I needed virus protection and all I've installed were drivers, nothing else. So, obviously there was something left over even after doing the format that allowed it to detect the internet connection and reinstall itself.
Lately, I've had great success with live-CDs of Linux, especially BitDefender Rescue CD. Afterwards I would run Malwarebytes/combofix to clean up whatever bitdefender didn't find and it all works out in the end.
04-07-11, 01:32 PM #8
Firefox + noscript really does help, but is too advanced for the average PC user.
04-16-11, 12:18 AM #9
- Join Date
- Oct 2009
04-16-11, 10:11 PM #10
I disable it when I'm on legit sites, like yahoo, google, and my bank site, as well as newegg, but when i surf everywhere else, i turn it on. I just don't let it load ad servers.
04-17-11, 08:27 AM #11