Notices

Overclockers Forums > Software > Microsoft Operating Systems
Microsoft Operating Systems Microsoft Operating Systems and Applications
Forum Jump

Exposing Fake Antivirus Programs

Post Reply New Thread Subscribe Search this Thread
 
 
Thread Tools
Old 04-07-11, 09:26 AM Thread Starter   #1
Overclockers.com

 
Overclockers.com's Avatar 

Join Date: Nov 1998

 
Exposing Fake Antivirus Programs


Quote:
The most pervasive Malware trend I’ve noticed lately is the proclivity for bad software to masquerade as though its antivirus software. These prompt you to confirm the popup messages in order to protect your PC, while in fact doing so will give you the very infection you were hoping to avoid.
... Return to article to continue reading.

Last edited by I.M.O.G.; 04-07-11 at 09:43 AM.
Overclockers.com is offline   QUOTE Thanks
Old 04-07-11, 09:52 AM   #2
terran2k
Member



Join Date: Nov 2004

 
yeah, I'd say about every personal computer i've fixed for malware infections have those fake AVs.

__________________
Workstation - Windows 7 x64
AMD 1055T
Server - ESXi 5.0
INTEL E5-2603
terran2k is offline   QUOTE Thanks
Old 04-07-11, 11:44 AM   #3
Seebs
Fronting as a Mod Member

 
Seebs's Avatar 

Join Date: Aug 2010
Location: Sunshine State

 
I am so glad I don't make a living out of fixing other people's computers... I do however get the occasional frantic call from a friend that has found him/herself in a "malware pickle". I am not a patient guy by any definition of the word and most times I will help them out while at the same time showing them that all those infections can be easily attributed to an "I-D-10-T" error. They're not too happy once they figure out what "it" means, but if you have to click through four confirmation messages to get a virus and still can't be bothered to read before you click; I think being called and idiot is the least you can expect when having your PC cleaned for the third time.

__________________
Daily Driver: GA-890FXA-UD5 - Ph II X6 1090T - 16GB DDR3 1333MHz - MSI R9 280X Gaming Edition/HD 5670/HD6570 - Venomous X Black + G1238B12BBZP-00 - TX850V2 - CM 690 II Advanced
Join the "Benching Team" - We have secret sauce! - OptyTrooper: GPUs are for burning not playing games anyway
Kona on League of Legends: This game sits about as well with me as a gallon of prune juice does, and the results are just as nasty.
I done got Pinked...

Be sure to pre-tin everything (even soldered stuff!) with leaded solder. None of the RoHS junk. You want good old fashioned toxic heavy metals. ~ Bobnova
Seebs is offline Benching Profile Heatware Profile   QUOTE Thanks
Old 04-07-11, 12:12 PM   #4
G33K454URU5 R3X
Member

 
G33K454URU5 R3X's Avatar 

Join Date: Apr 2011
Location: OH-IO

 
The problem is that virus creators are getting more tricky; explotied PDF's, clickjacking, SQL injection, search poisoning...at one time, it was very easy to blame the user (and still is, to some extent - think Limewire) - however, the way some of this malicious content is being delivered is becoming increasingly tactful.

__________________
i7 2600K @ 3.4GHz
Corsair Vengeance 16GB DDR3
ASUS P8P67 Pro
EVGA GTX 570

If you are thinking about getting certified in a field of IT, please make sure you aren't using a braindump website. It discredits the certification, and makes those who worked hard for their knowledge less credible as well.

"No braindumps. No stolen exams. No excuses."

Current studies: GCIH, GREM
G33K454URU5 R3X is offline   QUOTE Thanks
Old 04-07-11, 01:16 PM   #5
SteveLord
Member

 
SteveLord's Avatar 

Join Date: Jan 2005
Location: Iowa

 
Last week I cleaned this off a computer at work. And a laptop that was loaned to someone was hit as well. Had a recent image of that one though.

Been fighting these for years...

__________________
"There are two kinds of pain. The sort of pain that makes you strong,
or useless pain. The sort of pain that's only suffering. I have no
patience for useless things."

__________________
SteveLord is offline Heatware Profile   QUOTE Thanks
Old 04-07-11, 01:27 PM   #6
EarthDog
Super Mutterator
Overclockers.com Editor


 
EarthDog's Avatar 

Join Date: Dec 2008
Location: Stuck in Maryland...

 
A giant +1. Great article!

We are currently figthing a virus outbreak at my office. 450 PC's were infected with Worm:Win32/Rorpian.A, and no a conficker, and something else. Although this is only affecting print servers at the moment and causing reboots, its a lot of lost productivity.

__________________

"We have more information and more ways of accessing it than ever, yet seem increasingly less inclined to do so."- Michael Wilbon
EarthDog is offline Author Profile Benching Profile Folding Profile Heatware Profile   QUOTE Thanks
Old 04-07-11, 01:30 PM   #7
madhatter256
Special Member ★

 
madhatter256's Avatar 

Join Date: Jul 2008
Location: CFL

 
I've been dealing with these for almost 2 years now.

I had one customer who fell for one and paid for it, however, each time they put their credit card number, the program would say the number is not valid and ask for another one. The customer was gullible enough to try 3 other cards and they all said the same thing and this made him bring the PC over to me to try and fix it. After he told me what he did I told him to immediately cancel those credit cards as it obviously just took as many card numbers as much as possible.

Some programs do go away after you pay for them, but then come back a month later with the same problem. Throughout that time it just spies on you and logs your key strokes.

Really nasty ones will inject rootkits into MBR and OS systems (or something like that). I had this one PC where I did do a format/reinstall of the OS. I just did a quick format, not a low-level one via KillDisk. After installing the drivers and going to Windows Update, this pop-up came up that I needed virus protection and all I've installed were drivers, nothing else. So, obviously there was something left over even after doing the format that allowed it to detect the internet connection and reinstall itself.

Lately, I've had great success with live-CDs of Linux, especially BitDefender Rescue CD. Afterwards I would run Malwarebytes/combofix to clean up whatever bitdefender didn't find and it all works out in the end.

__________________
Folding User Stats
Heatware
madhatter256 is offline Folding Profile Heatware Profile   QUOTE Thanks
Old 04-07-11, 01:32 PM   #8
madhatter256
Special Member ★

 
madhatter256's Avatar 

Join Date: Jul 2008
Location: CFL

 
Quote:
Originally Posted by G33K454URU5 R3X View Post
The problem is that virus creators are getting more tricky; explotied PDF's, clickjacking, SQL injection, search poisoning...at one time, it was very easy to blame the user (and still is, to some extent - think Limewire) - however, the way some of this malicious content is being delivered is becoming increasingly tactful.
This is true as I have had church ladies get infected and they barely use the Internet (some still on dial-up) and don't allow anyone else on it, but they were browsing some church site when the "pop-up" came up. So even legit sites can get overtaken with malware and spread it.

Firefox + noscript really does help, but is too advanced for the average PC user.

__________________
Folding User Stats
Heatware
madhatter256 is offline Folding Profile Heatware Profile   QUOTE Thanks
Old 04-16-11, 12:18 AM   #9
x509
Member



Join Date: Oct 2009
Location: USA

 
Quote:
Originally Posted by madhatter256 View Post
This is true as I have had church ladies get infected and they barely use the Internet (some still on dial-up) and don't allow anyone else on it, but they were browsing some church site when the "pop-up" came up. So even legit sites can get overtaken with malware and spread it.

Firefox + noscript really does help, but is too advanced for the average PC user.
I tried out noscript for a while, but it's a real hassle to work with, since legit sites all depend on scripts also. And how do you really know that any given script is bogus?
x509 is offline   QUOTE Thanks
Old 04-16-11, 10:11 PM   #10
madhatter256
Special Member ★

 
madhatter256's Avatar 

Join Date: Jul 2008
Location: CFL

 
I disable it when I'm on legit sites, like yahoo, google, and my bank site, as well as newegg, but when i surf everywhere else, i turn it on. I just don't let it load ad servers.

__________________
Folding User Stats
Heatware
madhatter256 is offline Folding Profile Heatware Profile   QUOTE Thanks
Old 04-17-11, 08:27 AM   #11
Daemonkin
Member

 
Daemonkin's Avatar 

Join Date: Aug 2010
Location: Ringgold, Ga

 
Quote:
Originally Posted by xXSebaSXx View Post
I am so glad I don't make a living out of fixing other people's computers... I do however get the occasional frantic call from a friend that has found him/herself in a "malware pickle". I am not a patient guy by any definition of the word and most times I will help them out while at the same time showing them that all those infections can be easily attributed to an "I-D-10-T" error. They're not too happy once they figure out what "it" means, but if you have to click through four confirmation messages to get a virus and still can't be bothered to read before you click; I think being called and idiot is the least you can expect when having your PC cleaned for the third time.
Seems always to be that error or a PEBKAC error. Always the worst ones.
Daemonkin is offline   QUOTE Thanks

Post Reply New Thread Subscribe


Overclockers Forums > Software > Microsoft Operating Systems
Microsoft Operating Systems Microsoft Operating Systems and Applications
Forum Jump

Thread Tools Search this Thread
Search this Thread:

Advanced Search


Mobile Skin
All times are GMT -5. The time now is 04:34 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
You can add these icons by updating your profile information to include your Heatware ID, Benching Profile ID or your Folding/SETI profile ID. Edit your profile!
X

Welcome to Overclockers.com

Create your username to jump into the discussion!

New members like you have made this the best community on the Internet since 1998!


(4 digit year)

Why Join Us?

  • Share experience
  • Max out your hardware
  • Best forum members anywhere
  • Customized forum experience

Already a member?