More fake antivirus scams surfacing, conning many PC users

vbimport

#1

More fake antivirus scams surfacing, conning many PC users.

[newsimage]http://static.rankone.nl/images_posts/2010/11/vVOZdY.jpg[/newsimage]We’re all pretty familiar by now about the dangers of viruses and malware, and steps to take to avoid infection on our computers. Unfortunately, criminals are inventing new techniques, known as scareware or rougeware, that can trick even the most savvy computer users into downloading malicious software that can steal sensitive personal data.


Read the full article here: [http://www.myce.com/news/more-fake-antivirus-scams-surfacing-36682/](http://www.myce.com/news/more-fake-antivirus-scams-surfacing-36682/)


Please note that the reactions from the complete site will be synched below.

#2

There’s no cure for stupid. 99% of the population will just have to understand that the world is broken down into thieves and victims … and if they aren’t a thieving bastards that would sell their mothers/sisters/daughters to people traffickers for sex slaves, they’ll just have to settle for being scammed out of all their money regularly throughout their lives. Actually, people traffickers are also being scammed. :iagree:

Have you tried suicide? Don’t give up! It regularly takes multiple attempts to become scam-free. :wink:

But seriously …
Advertisers needs to stop the money grab & properly scan their advertisers. Why don’t they have current anti-virus protection on their advertising servers?

Browsers should just suppress pop-ups. They’re so 10 years ago … before we had tabbed browsing.
They only way to open an extra windows should be via user request - failing that, each site should be given a counter, and they can open a single popup - just once, and the popup cannot open any popups.


#3

[QUOTE=debro;2557747]Browsers should just suppress pop-ups. They’re so 10 years ago … before we had tabbed browsing.
They only way to open an extra windows should be via user request - failing that, each site should be given a counter, and they can open a single popup - just once, and the popup cannot open any popups.[/QUOTE]
I’m surprised at this stage that no browser has a proper functioning pop-up window protection. Ideally, a pop-up Window should only appear if the user clicks a link that opens in a new window. There are two main tricks I’ve seen being used for several years by advertisers. First, the pop-up/under ad is triggered to appear if the user presses any button or clicks anywhere on the page. When the user clicks a legitimate link, the pop-up ad displays instead of the what the link points to.

Another problem I see happening a lot lately is Rootkit infections. Many are undetectable by Malware scanners and some manage to escape detection by so called rootkit scanners (e.g. variants of the TDSS Rootkit) and these can remain silent for a period and suddenly display a fake virus warning pop-up.


#4

Fake antivirus can be a real trouble. I just read in this thread that someone was infected with fake antivirus (XP antivirus, or something)!


#5

Got one of these in Firefox. All efforts to close the windows failed. Had to go to Talk Manager and end the Firefox.exe process in order to close out the browser.


#6

For those who are unsure how to tell whether a virus warning is legitimate or not, I give the following tip:

[ol]
[li]If a virus warning screen appears while browsing the web, immediately click the Start button, then click ‘Shutdown’. [/li]> [li]If the PC does not shutdown, press & hold in the power button for 10 seconds". [/li]> [li]Then boot the PC back up. [/li]> [/ol]

I say that the small 2 to 3 minute inconvenience of restarting the computer when this happens is better than risking getting a real infection by trying to tackle that pop-up.


#7

[QUOTE=debro;2557747]There’s no cure for stupid. 99% of the population will just have to understand that the world is broken down into thieves and victims … and if they aren’t a thieving bastards that would sell their mothers/sisters/daughters to people traffickers for sex slaves, they’ll just have to settle for being scammed out of all their money regularly throughout their lives. Actually, people traffickers are also being scammed. :iagree:

Have you tried suicide? Don’t give up! It regularly takes multiple attempts to become scam-free. :wink:
[/QUOTE]

I literally laughed out loud. Thanks for that! :slight_smile:


#8

[QUOTE=debro;2557747]Have you tried suicide?[/quote] But if you’re too stupid to know how to commit suicide and fail, you might end up in jail. In most countries suicide is forbidden by law.

Maybe we need something like this:

But seriously …
Advertisers needs to stop the money grab & properly scan their advertisers. Why don’t they have current anti-virus protection on their advertising servers?

You are asking an advertising company to give up on certain advertisements? Not gonna happen, unless it’s a law.


#9

[QUOTE=Seán;2557817]I say that the small 2 to 3 minute inconvenience of restarting the computer when this happens is better than risking getting a real infection by trying to tackle that pop-up.[/QUOTE]
Or you could just open task manager and kill the browser :slight_smile:


#10

The best advice that I could recommend is never to install anything on your computer that you haven’t thoroughly researched yourself. Also, don’t take the word of a supposed “professional” at face value. A simple Google search is all you need to do to find out if a program is fraudulent and someone else has been scammed by it, and the time it takes to do the research could save you a lot of money and frustration down the line.

This would be something important but with todays click mouse trigger happy people they deserve to get infected on their computers and shell out thousands if not hundreds of money to those to fix their computer. It keeps those IT people working :flower:. And for those whom don’t read or follow the quote and what it says I say more power to the virus and malware :clap:. This is what frustrates me the most in fixing computer infected - I like to back hand those users and says what are you thinking…they say cause it says I have infection but they fail to notice that it wasn’t their A/V program that said it…that what befuddles the mind how they fail to notice their program work and would listen to something that obviously taking advantage of them…but with the political climate it doesn’t take one to much of a leap to get conned :flower:.


#11

I just re-installed the OS on a customer’s computer that fell for something like that.

MSE could detect it, NOTHING I had available to me could remove it it even survived formatting the drive. Interestingly it managed to infect the utility partition on a Dell GX270…

DOS/Alureon.A Trojan.

Frankly with this little bastart in the future I’ll use an “Aliens” soluton to the problem, “take off and nuke the site from orbit, it’s the only way to be sure”

I simply gave the customer another very simiar computer because I wanted to “play” with this nasty little bugger…

Unfortunatly like my cat with baby rabbits, I played too hard and inadvertantly
killed it.

But atleast I now know HOW to kill it.

Unfortunatly killing it and recovering ANY data on the computer have proved to be mutually exclusive.

NEXT time I encounter it I’ll try deleting the factory restore partition with a windows installation disc, then if the computer will still boot let the AV software try to kill it.

Frankly though if it wasn’t for customer’s stupidity I’d starve.

AD


#12

[QUOTE=AllanDeGroot;2558225]I just re-installed the OS on a customer’s computer that fell for something like that.

MSE could detect it, NOTHING I had available to me could remove it it even survived formatting the drive. Interestingly it managed to infect the utility partition on a Dell GX270…

DOS/Alureon.A Trojan.

Frankly with this little bastart in the future I’ll use an “Aliens” soluton to the problem, “take off and nuke the site from orbit, it’s the only way to be sure”

I simply gave the customer another very simiar computer because I wanted to “play” with this nasty little bugger…

Unfortunatly like my cat with baby rabbits, I played too hard and inadvertantly
killed it.

But atleast I now know HOW to kill it.

Unfortunatly killing it and recovering ANY data on the computer have proved to be mutually exclusive.

NEXT time I encounter it I’ll try deleting the factory restore partition with a windows installation disc, then if the computer will still boot let the AV software try to kill it.

Frankly though if it wasn’t for customer’s stupidity I’d starve.

AD[/QUOTE]
Couldn’t pull the drive & boot from a different drive/PC & kill it like that?

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3ADOS%2FAlureon.A


#13

I have used rkill to stop malware from running and then use malwarebytes or dr.webs cureit- but you may have to run these in safemode.


#14

[QUOTE=scotton;2558238]I have used rkill to stop malware from running and then use malwarebytes or dr.webs cureit- but you may have to run these in safemode.[/QUOTE]
I’ve perviously seen virii/malware which have been started in safe mode by modifying the registry entry for explorer.exe (windows explorer) so that Explore starts the malware, and then automatically restarts it should it ever be terminated.

The only way to get rid of it was to start in safe mode, use the task manager to start regedit, kill explorer, kill the malware, and then modify the registry, delete the virus/malware executables, and then reboot the PC.

How does rkill help in this situation?


#15

[QUOTE=debro;2558232]Couldn’t pull the drive & boot from a different drive/PC & kill it like that?

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3ADOS%2FAlureon.A[/QUOTE]

I actually pulled the infected drive put a formatted drive in the computer did a clean new install of XP-sp3 then re-installed the original drive as a data drive and it managed to immediatly infect the new installation.

like I said previously, “nastly little bastard”

Disconnecting the old boot drive and restarting MSE was able to eliminate the infection from the new system drive, but that was hardly useful.

MSE could clean the new drive but not the old one because the MBR and the EISA utility partition Dell uses to hide their factory restore partition is inaccessable to most AV aps

Not even an AVG “Rescue disc” would clean it.

Viri that are resident in the MBR are hard to eliminate

AD


#16

MBR infections remind me a bit of the old day of floppy disk boot sector infections, as the modern MBR infections work pretty much the same way. With a HDD with an infected MBR, if you attach it internally, it could end up with a higher boot priority. When the PC tries to boot from it, the MBR virus is loaded in memory and infects the clean HDD. When the PC then tries booting the main HDD, even if the boot priority is changed, the virus is active.

Some MBR viruses will infect USB pen drives also, since some motherboard BIOSs are configured by default to boot from a bootable USB drive before booting the internal HDD. So if the infected USB drive happens to be plugged in before turning on the PC, no virus checker will prevent the boot sector virus from launching if that PC is configured so that USB drives have a higher boot priority than the internal HDD.


#17

These fake anti viruses are ANNOYING, I’ve fixed the same computer TWICE for the same problem…you think the person would learn?! :a


#18

[QUOTE=RCM;2558888]These fake anti viruses are ANNOYING, I’ve fixed the same computer TWICE for the same problem…you think the person would learn?! :a[/QUOTE]
Fool me 2010 times … shame on you …
Fool me 2011 times … shame on me …


#19

I recently upgraded from IE 6 to 8 on XP. On one occasion since then, I encountered a pop-up that looked like the XP Help & Support Center, said I had multiple threats of varying degrees of risk I believe it was (high, low, etc.). Is this a known fake antivirus? During this “episode,” my Norton Antivirus alerted me to nothing. When I clicked on a button to take action, I was asked something to the effect if I wanted to open the file. I bailed when this happened as I did not expect my own, installed software to ask if I wanted to run it. I can’t see any sign that any other AV program is currently running except for Norton. Let me know what you think. Thanks.


#20

[QUOTE=larry boy;2560378]I recently upgraded from IE 6 to 8 on XP. On one occasion since then, I encountered a pop-up that looked like the XP Help & Support Center, said I had multiple threats of varying degrees of risk I believe it was (high, low, etc.). Is this a known fake antivirus? During this “episode,” my Norton Antivirus alerted me to nothing. When I clicked on a button to take action, I was asked something to the effect if I wanted to open the file. I bailed when this happened as I did not expect my own, installed software to ask if I wanted to run it. I can’t see any sign that any other AV program is currently running except for Norton. Let me know what you think. Thanks.[/QUOTE]
Go here:
http://www.microsoft.com/security_essentials/default.aspx
and download the appropriate version for your windows.

Then go here:
http://www.avast.com/en-au/security-software-home-office
and do the same.

Uninstall norton - it’s useless.
Install both of the above.