Spyware / Malware Rogue AV and Rogue Antispyware “Scareware”

KB ID 0000183 

Problem

The last time I wrote any information on Spyware was a while ago. When I wrote that article the main problem was browser hijacking – while that’s still a problem more recently the trend is towards infecting your machine with “Scareware”. This is software that pretends to be either an antivirus program or an antispyware program and tells you to either install something – or perform a scan (which installs something) or forces you to buy some useless software etc.

A lot of my clients who get infected justifiably ask “Well I’ve got up to date AV and Antispy software, how did I get infected?” The simple answer is (In most cases) because you clicked the button that said “Yes” when proper text on the button should have said “Yes, please slow my machine down and infect it horribly”. Some programmers of these Scareware applications have produced some awesome professional looking programs, that would fool even the more “Technically aware” user.

The Best form of Defense is Offence (And common sense!)….

scareware

Error Reads: Windows Title: “Windows Internet ExplorerWindow Text: “This computer is under attack.They can seriously harm your private data or files, and should be healed immediately. Return to Antivir and download it secure to your PC.

Windows Internet explorer is telling you you’re infected? How would an internet Browser know you are infected? And If you actually read the text, the grammar is terribly bad (Even by my D Grade O Level Standards!) But click anything (OK, Cancel, The Red X to close the window) you will probably drag some nastiness into your PC. Also look at the URL “http://my6-antivirus-scanner.com/” Google that (that’s search for it in Google NOT type it in the address bar!) And you will see its bogus.

Here’s Another Example

Solution

I’ve got a window just like that one, what do I do?

Right Click Your Taskbar and select “Task Manager” or “Start Task Manager” > On the applications Tab select the instance of Internet Explorer > Click “End Task” > Accept any warnings > Close Task Manager. If you still worried run a full AV and Antispy scan on the machine.

 

Help! – I’ve been infected and now my machine tells me I’m infected all the time!

1. Before you do anything make sure you have a backup of anything important. (Your documents, emails, photos internet favorites, programs etc) just in case.

To Fix things you need to install some software. If you are so badly infected that you cannot install the software, or the infection you have specifically stops the removal tools from working, (some do!) Then reboot the PC, and Press F8 – and select Safe mode.

2. Install Malwarebytes, Let it update itself, then perform a scan, reboot and re scan, until it tells you there is no infection left.

3. Install SuperAntispyware, Let it update itself, then perform a scan, reboot and re scan, until it tells you there is no infection left.

4. When done, make sure you have good, up to date, Antivirus software, a personal firewall, (The Windows one is better than nothing). Then periodically run one of the above products.

Hang On! I’ve done that and its not worked (I’m still Infected).

The two products above are usually all you should need, if an infection gets past one, the other usually gets it. However in some cases the code writers will get something on your PC quicker than the good guys can defeat it, if that’s happened to you, you have a choice.

1. Consider reinstalling Windows (For everyone who has just rolled back in their seat, I charge £75.00 an hour for desktop work, it might take me 4-8 hours to clean a machine manually, how much is your PC worth?). And its the ONLY way to make sure you’ve got all remnants of nastiness away (You’re looking at about 4 hours work with a modern PC to rebuild it, patch it, and reinstall everything).

2. Roll your sleeves up and get on the internet, the chances of you being the first person infected are pretty slim. Download HijackThis and get the log it generates, posted in an online forum or check it online(Warning: Automated systems).

3. If you have tried everything then your last port of call should be COMBOFIX this is a VERY powerful tool and if used incorrectly can destroy Windows (hence why i’ts at the bottom of the list).

Gallery Of Nastiness Note: Here’s just a few – there are tons more – If you want to send me a screenshot of anymore please do so

Security Sheild (Seen 22/12/10 – Infected by an email attachment) SecurityTool Security system Protection Control Panel WinReanimator VirusHeat Virus Protect IE Defender 2.2 VirusRay AntiVirGear SpyShredder 2.1 VirusProtect Pro Windows Security Center (No It is’nt) Spyware Protect 2009 VIRUSBUSTERS Personal AntiVirus ExtraAntivirus System Antivirus 2008 IE Antivirus 3.3 Fast AntiVirus 2009

Related Articles, References, Credits, or External Links

Malwarebytes – Manually Update Database/Definitions

Author: Migrated

Share This Post On