Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Antivirus Overwhelming Scanners

Posted by CmdrTaco on from the i'd-rather-be-phishing dept.

ChiefMonkeyGrinder writes "Rogue or bogus programs passing themselves off as real antivirus software have been one of the malware themes of 2009, but the APWG's numbers for the first half of the year show that the organisation's members detected 485,000 samples, more than five times the total for the whole of 2008."

6 of 334 comments (clear)

  1. Are we surprised? by Canazza · · Score: 5, Informative

    Adverts for these things get into legitimate sites all the time through things like adwords, even though they're normally taken off quite sharpish, they're still there. They still cause problems and numpties do click on them. The old IBK error keeps appearing. As long as people aren't educated as to how this all works the problem will remain huge.

    The problem with Anti-virus is that every few years a new guy appears on the block. First it was Norton, then Mcafee, then AVG, Kaspersky, and now whatever AV's the in-thing to use. There are new viruses out there all the time too, and if there's one thing that normal people are aware of it's that there are alot of viruses out there, and that your AV doesn't give 100% protection, so when something pops up saying "You're infected! Our AV will cure it!" they're likely to believe that their current AV is defective, because clearly this one spotted it, they download it and BAM! world of trouble.

    It's depressing sometimes, but gladly, I've not had to remove it from any PCs in a while, whenever I do I recommend they replace their browser with Firefox and Adblock plus (Not noscript, I did that once and I got bollocked for that a bit because 'using the web was too hard as he had to press buttons every site he went on', the guy was a real pleb but nevermind) - and ABP stopped all the ads, and thus, stopped them downloading and installing that shite.

    --
    It pays to be obvious, especially if you have a reputation for being subtle.
  2. Re:AV2009 To The Rescue by Darkness404 · · Score: 5, Informative

    Note to clueless mods, Antivirus 2009 is one of these fake antiviruses, mod them funny, not interesting....

    --
    Taxation is legalized theft, no more, no less.
  3. Combofix by Anonymous Coward · · Score: 5, Informative

    I'm posting to say: COMBOFIX. This thing magically removes Antivirus 2009 and 2010, even the rootkit versions that MBAM falters on (or that prevent MBAM from running, even in safe mode).

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Use it. Love it. Marvel at its simplicity, its beauty.

  4. Re:AV2009 To The Rescue by kimvette · · Score: 5, Informative

    See my other post on this subject. Antivirus XP (and variants) can be removed by hand but it's a tedious process. Malwarebytes removes it VERY easily though. With some Antivirus ($FOO) variants you do need to rename the Malwarebytes installer filename and then the executable filename but once you get the process launched it will fully automate the removal process. IMHO Malwarebytes is the very best ad/malware removal utility at the moment, with Spybot S&D and Superantispyware being tied for a very distant second.

    --
    The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
  5. Getting these all over the place by Girtych · · Score: 5, Informative

    I work for a IT department here in California, and we get about three fake-antivirus-infected computers every week. Lately, the malware's been getting more difficult to remove- it's been hooking into system processes so that it can continually replace itself if part of the program gets deleted.
    Thankfully, we've found a fairly nice remedy that doesn't force us to wipe the hard drive. Don't bother with Ad-Aware or Spybot S&D anymore- they've become very ineffective as of late.

    First we hit it with a scan from Malwarebytes Anti-Malware, a free scanner you can download here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol

    Then, on the infected computer, we download and run (in safe mode) a somewhat obscure free program called Combofix, which is available here: http://www.combofix.org/

    After that, we run one more follow-up scan with Malwarebytes to ensure that the computer is clean.

    So far, this combination of steps has eliminated the infections that we've come across.

  6. Re:The worst offenders by Deathlizard · · Score: 5, Informative

    To remove norton, Don't bother with the uninstaller. Get the Norton Removal tool from their site:

    http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

    This is for ANY install of ANY norton products. It also gets rid of shared files and their registry settings.

    --
    In Soviet Russia, Trojan exploits YOU!