FAKE ANTIVIRUS MALWARE This information has come from http://www.bleepingcomputer.com/ - a very useful resource if you are having computer issues. The latest tactic currently being used by malware creators is to use fake computer security warnings to trick users into installing what appears to be genuine antivirus or anti-malware software. The aims of this sort of attack on your computer can vary but the particular infection referred to in this document is a scam aimed at persuading you to spend money on buying what is fake antivirus/antimalware software. Other infections of this type have been used to download viruses, scan and steal personal data or hijack computers to bombard users with spam, adverts and all sorts of inappropriate web content. The warnings vary but can look like one of these:
This bogus software goes by many different names depending on the version of Windows that you use, including XP Anti-Virus 2011, Vista Total Security 2011, and Win 7 Home Security. When this particular rogue is installed, it will install itself as a variety of different program names, with each having their own graphical user interface depending on the version of Windows that the computer is running. The table below shows several of the names that this software can use: Windows XP Rogue Names Windows Vista Rogue Names Windows 7 Rogue Names XP Anti-Virus Vista Anti-Virus Win 7 Anti-Virus XP Anti-Virus 2011 Vista Anti-Virus 2011 Win 7 Anti-Virus 2011 XP Anti-Spyware Vista Anti-Spyware Win 7 Anti-Spyware XP Anti-Spyware 2011 Vista Anti-Spyware 2011 Win 7 Anti-Spyware 2011 XP Home Security Vista Home Security Win 7 Home Security XP Home Security 2011 Vista Home Security 2011 Win 7 Home Security 2011 XP Total Security Vista Total Security Win 7 Total Security XP Total Security 2011 Vista Total Security 2011 Win 7 Total Security 2011 XP Security Vista Security Win 7 Security XP Security 2011 Vista Security 2011 Win 7 Security 2011 XP Internet Security Vista Internet Security Win 7 Internet Security XP Internet Security 2011 Vista Internet Security 2011 Win 7 Internet Security 2011 When installed, this rogue software pretends to be a security update for Windows installed via Automatic Updates. It will then install itself as a single program with a random 3-letter name and configure itself to launch every time you start another program. It will also modify certain system settings on your computer so that when you launch Internet Explorer from the Window Start Menu it will launch the rogue instead and display a fake firewall warning. The fake software presents an interface that looks VERY like the Windows security centre:
For reference the proper Windows security centre interfaces for Windows XP, Vista and Windows 7 are shown below. It is important to note that the Windows security centre will never show Scan now, Update now or scan progress bars, ask you to download software or open up whenever you try and start a program or access the Internet. Windows XP Windows Vista
Windows 7 Once started, the rogue itself, like all other rogues, will scan your computer and state that there are numerous infections on it. If you attempt to use the program to remove any of these infections, though, it will state that you need to purchase the program first. The infections referred to by this program are actually valid Windows operating system files so please DO NOT try to remove them manually as you may stop your computer from working. The rogue also uses aggressive techniques to make it so that you cannot remove it. When you attempt to launch a program, if it is considered to be a security risk the rogue will terminate it and instead display a false security alert stating that the program is infected. The text of this alert is: Win 7 Anti-Spyware 2011 Firewall Alert Win 7 Anti-Spyware 2011 has blocked a program from accessing the internet Internet Explorer is infected with Trojan-BNK.Win32.Keylogger.gen Private data can be stolen by third parties, including credit card details and passwords Just like the scan results, this fake infection alert can be ignored. XP Total Security 2011, Vista Internet Security 2011, and Win 7 Security 2011 will also display fake security alerts on the infected computer. The text of some of these alerts are: System danger! Your system security is in danger. Privacy threats detected. Spyware, keyloggers or Trojans may be working the background right now. Perform an in-depth scan and removal now, click here. System Hijack! System security threat was detected. Viruses and/or spyware may be damaging your system now. Prevent infection and data loss or stealing by running a free security scan.
Privacy threat! Spyware intrusion detected. Your system is infected. System integrity is at risk. Private data can be stolen by third parties, including credit card details and passwords. Click here to perform a security repair. Stealth intrusion! Infection detected in the background. Your computer is now attacked by spyware and rogue software. Eliminate the infection safely, perform a security scan and deletion now. Just like the scan results, these security warnings and alerts are all fake and should be ignored. XP Anti-Virus 2011, Vista Total Security 2011, and Win 7 Home Security 2011 will also hijack Internet Explorer so that you cannot visit certain sites. It does this so that you cannot receive help or information at sites like BleepingComputer.com on how to remove this infection. When you attempt to visit these sites you will instead be shown a fake alert stating that the site you are visiting is dangerous and that the rogue is blocking it for your protection. The message that you will see is: Internet Explorer alert. Visiting this site may pose a security threat to your system! Possible reasons include: - Dangerous code found in this site's pages which installed unwanted software into your system. - Suspicious and potentially unsafe network activity detected. - Spyware infections in your system - Complaints from other users about this site. - Port and system scans performed by the site being visited. Things you can do: - Get a copy of Vista Antispyware 2011 to safeguard your PC while surfing the web (RECOMMENDED) - Run a spyware, virus and malware scan - Continue surfing without any security measures (DANGEROUS) WHAT DO I DO IF I SEE ONE OF THESE FAKE WARNINGS? If you see one of the fake security warnings when you are using the Internet, try closing Internet Explorer (or whatever web browser you are using). Whatever you do DO NOT click on the fake security warning! If you can t close your web browser you can try to shut down or switch off your PC you can do this by holding the power button on your computer/laptop in for about 5 seconds. This is not the recommended method of switching off a computer and can cause data corruption so it is a last resort. I take no responsibility for any problems that arise if you use this method on your personal computer equipment! Please see www.bleepingcomputer.com for advice on removing this type of virus. It is worth noting that there are many, many variants of this type of fake security software scam so please be VERY careful about any suspicious security messages that you may see when browsing the Internet. NO reputable security company (Mcafee, AVG, Symantec/Norton) will automatically scan your computer when you visit a website and prompt you to install antivirus software, so if in doubt DO NOT DOWNLOAD!