Nasty "Antivirus 2009" Fraudware/virus

#1

Seen three cases of these in the last week alone. It's very nasty and difficult to get rid of. If you see any popups relating to this, shut down your browser immediately and do a scan to make sure you haven't been infiltrated.

If you already have it on your system, you will certainly know about it as it'll pop up on your screen and start up and will look like this:

It's known as Fraudware - it does a "scan" of your system, produces fake results and then tells you to pay for the product to remove the threats. Do not under any circumstances click on any of the Registration, Buy Now, or Remove buttons on the program window.

There's some very similar software I've seen called AntiVirXP08 and Vista AV, which are both very similar to the above.

It can be manually removed by ending the process in task manager, then do a Search on your PC for the EXE file and delete it, preferably via Safe Mode. Then do a full virus scan to make sure no nasty files are left behind.

crazydude1992 · #2

Havent those people got anything better to do?

kals · #3

crazydude1992 wrote:Havent those people got anything better to do?

Malware is a multi-billion dollar industry so these low lives have a big incentive to infect people's computers. However, if it weren't for malware vendors other firms wouldn't be in business. People like MacAfee, Symantec, MessageLabs, Postini, SurfControl, Websence, and even the likes of Google and Microsoft all have offerings to protect businesses and consumers.

These attacks, as Paul has mentioned above, are really interesting as they are socially engineered to appeal to you in some way, be it emotionally, physically, etc.... In the past we have seen the Anna Kournikova virus which made you open a malware infected file by tricking you into believing you about to see a naked picture of her. More recently we have seen phishing scams which make you give out your bank details by making you believe there are issues with your bank account, only to be lead to a fake landing page. Nigerian 419 scams are still out there too. Who hasn't received an email from a Nigerian Prince offering millions of pounds recently? Scammers are using everyday scenarios (porn, your money, your computer) to socially engineer ways to trick you into trusting them. And it works.

ellis · #4

I had this. Its the first piece of malware I've had for years, which shows how easy it is to get.

A program which has been adapted specificly to remove it can be found here. http://www.malwarebytes.org/ Worked great.

#5

kals wrote:
crazydude1992 wrote:Havent those people got anything better to do?
Malware is a multi-billion dollar industry so these low lives have a big incentive to infect people's computers. However, if it weren't for malware vendors other firms wouldn't be in business. People like MacAfee, Symantec, MessageLabs, Postini, SurfControl, Websence, and even the likes of Google and Microsoft all have offerings to protect businesses and consumers.

Well, if I'm honest, by the time I've finished tomorrow's job, I will have earned close to £200 from that one virus infection...

Festa_PWR · #6

i got rid of that off my mums PC a few weeks back.

Pretty easy to get rid of if you know what your doing

Barre · #7

I had it to and couldn't get rid of it so i formatted my PC

DoubleFault · #8

Is this the same thing? I haven't ever seen this before, but now it keeps appearing randomly on all sorts of different websites.

#9

Very similar, yeah. Sounds like it may have affected you in some way. Check your browser addons and disable anything you don't recognise.

DoubleFault · #10

Norton didnt pick it up. Thanks for the advice, ive disabled some of the add-ons and it hasnt affected me, so its all good!

DoubleFault · #11

kals wrote:Nigerian 419 scams are still out there too. Who hasn't received an email from a Nigerian Prince offering millions of pounds recently?

Those emails make stories like this one even more amusing:

Click

kals · #12

Haha that's funny. You can imagine the scene in the NUFC Directors office:

"Hey, I think someone wants to buy the club. Listen. I've just received an email from a Prince in Nigeria offering us £30m as long as we provide them our bank details."