Tip & How-To about Computers & Internet
If you have seen any of these popups shown below, on your computer, you have been infected with a fake antivirus. Not only is it fake, but it tries to force you to buy it, which is illegal and is considered fraud by authorities.
This program and it's many variants, take over administrative control of your PC, disable Task Manager, and regedit as well as replacing your desktop wallpaper with their fake warning. Well, it WOULD be fake, if this program weren't a Virus program all by itself.
Quoted From Bleepingcomputer.com
What this programs does:
Antivirus 2009 is a new rogue (Fake) anti-spyware program from the same family as Antivirus 2008 and Doctor Antivirus . Antivirus 2009 is installed and advertised through the use of misleading web sites that attempt to make you think your computer is infected with a variety of malware. Once installed, Antivirus 2009 will scan your computer and list a variety of fake infections that can't be removed unless you first purchase the software. These fake infections are only being shown to scare you into purchasing the malware.
When Antivirus 2009 is installed, a Internet Explorer browser helper object is also installed that displays fake messages when using Internet Explorer. These messages range from a line at the top of the browser stating an infection was found to adding a box to the Google homepage stating Google detected that your computer was infected. These tactics are just two more methods where Antivirus 2009 uses false information to scare you into purchasing their software.
Doctor Antivirus below
Antivirus 2010 looks almost the same as 2008 and 2009.
Antivirus 2010 is a rogue anti-spyware program from the same family as Antivirus 2008 and Antivirus 2009. Like its previous incarnations, Antivirus 2010 is distributed through the use of advertisements on the Web pretending to be online anti-malware scanners. These advertisements pretend to scan your computer and then state that your computer is infected and that you should download and install Antivirus 2010 to remove these infections. These rogues are also known to be advertised and installed through Trojans that display fake security alerts in your Windows taskbar stating you are infected. Once you click on one of these alerts, it will bring you to the download page for Antivirus 2010, or even download and install it without your permission.
Once Antivirus 2010 is installed on your computer, it will be automatically configured to run when you logon to Windows. This is done by adding a startup that launches the C:WindowsSystem32wingamma.exe executable. This executable will then launch the AV2010.exe and the fake Windows Security Center. Once running, it will scan your computer and list a variety of infections that cannot be removed unless you first purchase the software. This infection will also randomly display fake security alerts on your computer stating that you are infected or have some sort of security risk. If you click on these alerts, it will prompt you to purchase the software. These fake alerts, along with a fake Windows Security Center that advertises Antivirus 2010, are used to further scare you into thinking you are infected so you will purchase this malware.
Another new addition to these types of rogues, is the creation of a fake Blue Screen of Death. At random intervals, Antivirus 2010 will create what appears to be a Windows crash, but in reality is just a hoax. These fake crashes are used to further scare you into purchasing this malware. If you receive this crash, you can simply reboot your computer , or try pressing Alt-Tab or Control-Alt-Delete to get out of it. The text of the crash is:
***STOP: 0x000000D1 (0x0000000, 0xF73120AE, 0xC0000008, 0xC000000)
A spyware application has been detected and Windows has been shut down to prevent damage to your computer
If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:
Click to make sure your antivirus software is properly installed. If this is a new installation, ask your software manufacturer for any antivirus updates you might need.
Windows detected unregistered version of Antivirus 2010 protection on your computer. If problem continue, please activate your antivirus software to prevent computer damage and data loss.
*** SRV.sys - Address F73120AE base at C0000000, DateStamp 36b072a3
END QUOTE HERE:
As you can see, all of this looks so very legitimate, as well it should, since THESE particular crooks have taken malware to a whole new level.
Yes, they will get caught, they always do.
The real difference here is that these particular scammers have decided to strong arm you much like a mobster demanding protection money, so the crime as well as the consequences will be much more severe.
The GOOD news though, is that even if you are infected at this very moment with this nasty program, you will be able to remove it before you reboot your PC and come back to Fixya!
Download and run, Malwarebytes Anti malware.
Don't forget to update it first though, just in case the fake antivirus has changed its nature to evade detection.
So far, this is the only program I have found to eliminate this problem, but I'm pretty sure others will follow the same path.
Follow up with Avast Antivirus, if you want something stronger than what others pay hard cash for at the store. Dont forget to uninstall your current Antivirus first, after all, it did fail to kill Antivirus 2010 didn't it?
Please Vote for this Tip if you found it helpful.
Posted by Bob Sloan on
Jul 17, 2010 | Dell Dimension 8100 PC Desktop
Jan 13, 2010 | Computers & Internet
191 people viewed this tip
Usually answered in minutes!