• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

FRONTPAGE Exposing Fake Antivirus Programs

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
yeah, I'd say about every personal computer i've fixed for malware infections have those fake AVs.
 
I am so glad I don't make a living out of fixing other people's computers... I do however get the occasional frantic call from a friend that has found him/herself in a "malware pickle". I am not a patient guy by any definition of the word and most times I will help them out while at the same time showing them that all those infections can be easily attributed to an "I-D-10-T" error. They're not too happy once they figure out what "it" means, but if you have to click through four confirmation messages to get a virus and still can't be bothered to read before you click; I think being called and idiot is the least you can expect when having your PC cleaned for the third time.
 
The problem is that virus creators are getting more tricky; explotied PDF's, clickjacking, SQL injection, search poisoning...at one time, it was very easy to blame the user (and still is, to some extent - think Limewire) - however, the way some of this malicious content is being delivered is becoming increasingly tactful.
 
Last week I cleaned this off a computer at work. And a laptop that was loaned to someone was hit as well. Had a recent image of that one though.

Been fighting these for years...
 
A giant +1. Great article!

We are currently figthing a virus outbreak at my office. 450 PC's were infected with Worm:Win32/Rorpian.A, and no a conficker, and something else. Although this is only affecting print servers at the moment and causing reboots, its a lot of lost productivity.
 
I've been dealing with these for almost 2 years now.

I had one customer who fell for one and paid for it, however, each time they put their credit card number, the program would say the number is not valid and ask for another one. The customer was gullible enough to try 3 other cards and they all said the same thing and this made him bring the PC over to me to try and fix it. After he told me what he did I told him to immediately cancel those credit cards as it obviously just took as many card numbers as much as possible.

Some programs do go away after you pay for them, but then come back a month later with the same problem. Throughout that time it just spies on you and logs your key strokes.

Really nasty ones will inject rootkits into MBR and OS systems (or something like that). I had this one PC where I did do a format/reinstall of the OS. I just did a quick format, not a low-level one via KillDisk. After installing the drivers and going to Windows Update, this pop-up came up that I needed virus protection and all I've installed were drivers, nothing else. So, obviously there was something left over even after doing the format that allowed it to detect the internet connection and reinstall itself.

Lately, I've had great success with live-CDs of Linux, especially BitDefender Rescue CD. Afterwards I would run Malwarebytes/combofix to clean up whatever bitdefender didn't find and it all works out in the end.
 
The problem is that virus creators are getting more tricky; explotied PDF's, clickjacking, SQL injection, search poisoning...at one time, it was very easy to blame the user (and still is, to some extent - think Limewire) - however, the way some of this malicious content is being delivered is becoming increasingly tactful.

This is true as I have had church ladies get infected and they barely use the Internet (some still on dial-up) and don't allow anyone else on it, but they were browsing some church site when the "pop-up" came up. So even legit sites can get overtaken with malware and spread it.

Firefox + noscript really does help, but is too advanced for the average PC user.
 
This is true as I have had church ladies get infected and they barely use the Internet (some still on dial-up) and don't allow anyone else on it, but they were browsing some church site when the "pop-up" came up. So even legit sites can get overtaken with malware and spread it.

Firefox + noscript really does help, but is too advanced for the average PC user.

I tried out noscript for a while, but it's a real hassle to work with, since legit sites all depend on scripts also. And how do you really know that any given script is bogus?
 
I disable it when I'm on legit sites, like yahoo, google, and my bank site, as well as newegg, but when i surf everywhere else, i turn it on. I just don't let it load ad servers.
 
I am so glad I don't make a living out of fixing other people's computers... I do however get the occasional frantic call from a friend that has found him/herself in a "malware pickle". I am not a patient guy by any definition of the word and most times I will help them out while at the same time showing them that all those infections can be easily attributed to an "I-D-10-T" error. They're not too happy once they figure out what "it" means, but if you have to click through four confirmation messages to get a virus and still can't be bothered to read before you click; I think being called and idiot is the least you can expect when having your PC cleaned for the third time.

Seems always to be that error or a PEBKAC error. Always the worst ones. :D
 
Back