Tip & How-To about Computers & Internet

Antivirus 2009 and 2010 Scam

If you have seen any of these popups shown below, on your computer, you have been infected with a fake antivirus. Not only is it fake, but it tries to force you to buy it, which is illegal and is considered fraud by authorities.
This program and it's many variants, take over administrative control of your PC, disable Task Manager, and regedit as well as replacing your desktop wallpaper with their fake warning. Well, it WOULD be fake, if this program weren't a Virus program all by itself.


Quoted From Bleepingcomputer.com


What this programs does:
Antivirus 2009 is a new rogue (Fake) anti-spyware program from the same family as Antivirus 2008 and Doctor Antivirus . Antivirus 2009 is installed and advertised through the use of misleading web sites that attempt to make you think your computer is infected with a variety of malware. Once installed, Antivirus 2009 will scan your computer and list a variety of fake infections that can't be removed unless you first purchase the software. These fake infections are only being shown to scare you into purchasing the malware.
When Antivirus 2009 is installed, a Internet Explorer browser helper object is also installed that displays fake messages when using Internet Explorer. These messages range from a line at the top of the browser stating an infection was found to adding a box to the Google homepage stating Google detected that your computer was infected. These tactics are just two more methods where Antivirus 2009 uses false information to scare you into purchasing their software.


Doctor Antivirus below



Antivirus 2010 looks almost the same as 2008 and 2009.



Antivirus 2010
is a rogue anti-spyware program from the same family as Antivirus 2008 and Antivirus 2009. Like its previous incarnations, Antivirus 2010 is distributed through the use of advertisements on the Web pretending to be online anti-malware scanners. These advertisements pretend to scan your computer and then state that your computer is infected and that you should download and install Antivirus 2010 to remove these infections. These rogues are also known to be advertised and installed through Trojans that display fake security alerts in your Windows taskbar stating you are infected. Once you click on one of these alerts, it will bring you to the download page for Antivirus 2010, or even download and install it without your permission.
Once Antivirus 2010 is installed on your computer, it will be automatically configured to run when you logon to Windows. This is done by adding a startup that launches the C:WindowsSystem32wingamma.exe executable. This executable will then launch the AV2010.exe and the fake Windows Security Center. Once running, it will scan your computer and list a variety of infections that cannot be removed unless you first purchase the software. This infection will also randomly display fake security alerts on your computer stating that you are infected or have some sort of security risk. If you click on these alerts, it will prompt you to purchase the software. These fake alerts, along with a fake Windows Security Center that advertises Antivirus 2010, are used to further scare you into thinking you are infected so you will purchase this malware.
Another new addition to these types of rogues, is the creation of a fake Blue Screen of Death. At random intervals, Antivirus 2010 will create what appears to be a Windows crash, but in reality is just a hoax. These fake crashes are used to further scare you into purchasing this malware. If you receive this crash, you can simply reboot your computer , or try pressing Alt-Tab or Control-Alt-Delete to get out of it. The text of the crash is:
***STOP: 0x000000D1 (0x0000000, 0xF73120AE, 0xC0000008, 0xC000000)
A spyware application has been detected and Windows has been shut down to prevent damage to your computer
SPYWARE.MONSTER.FX_WILD_0x0000000
If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:
Click to make sure your antivirus software is properly installed. If this is a new installation, ask your software manufacturer for any antivirus updates you might need.
Windows detected unregistered version of Antivirus 2010 protection on your computer. If problem continue, please activate your antivirus software to prevent computer damage and data loss.
*** SRV.sys - Address F73120AE base at C0000000, DateStamp 36b072a3


END QUOTE HERE:


As you can see, all of this looks so very legitimate, as well it should, since THESE particular crooks have taken malware to a whole new level.
Yes, they will get caught, they always do.


The real difference here is that these particular scammers have decided to strong arm you much like a mobster demanding protection money, so the crime as well as the consequences will be much more severe.


The GOOD news though, is that even if you are infected at this very moment with this nasty program, you will be able to remove it before you reboot your PC and come back to Fixya!


Download and run, Malwarebytes Anti malware.
Don't forget to update it first though, just in case the fake antivirus has changed its nature to evade detection.
So far, this is the only program I have found to eliminate this problem, but I'm pretty sure others will follow the same path.


Follow up with Avast Antivirus, if you want something stronger than what others pay hard cash for at the store. Dont forget to uninstall your current Antivirus first, after all, it did fail to kill Antivirus 2010 didn't it?




Happy Hunting!

Please Vote for this Tip if you found it helpful.
Bob S.

Posted by on

Computers & Internet Logo

Related Topics:

Related Questions:

1 Answer

I have an older Dell 8100 that is infected, I cannot use it.


It might be really what it says, but chances are you have accidentally started a "fake virus scam" malware, that acts a bit like a virus, but with an added function of luring you into paying for some miraculous anti-virus, that will cure your computer of the multiple "infections" it has allegedly "discovered".
If you can open Internet Explorer, you may try one of the online virus scanners available. If not, the only thing left is to prepare on a clean computer a startup antivirus CD, from which you could boot your computer and run an antivirus program.

Free Online scanners:
http://www.f-secure.com/en_EMEA/security/tools/online-scanner/
http://www.bitdefender.com/scanner/online/free.html

Free boot antivirus products (CD image to burn):
http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/
http://dlpro.antivir.com/package/rescue_system/common/en/rescue_system-common-en.iso

Please come back with a testimonial if helped :)


Jul 17, 2010 | Dell Dimension 8100 PC Desktop

3 Answers

antivirus protection scan


It *WILL* install a virus if you allow it to. Sometimes these programs make it very difficult to NOT download their ****. It's telling you to download something in the hopes that you WILL accept the download.

***Do NOT download anything that you do not WANT to download. ***

Anytime you get to a website like this, make a note of it to never visit it again. Anytime you want to download something, make SURE it is what you want and nothing more. At the end of the day, it is NOT worth risk. The wrong decision could ruin your computer, lose your files, misdirect your websearches, slow your internet connection, among some of the results. The internet can be a very dangerous place.

Better to err on the side of caution.

Hope this helps.

P.S. Do an antivirus update and run a scan at LEAST once a week. Even the safest websites can put **** on your computer.

Jan 13, 2010 | Computers & Internet

Not finding what you are looking for?

191 people viewed this tip

Ask a Question

Usually answered in minutes!

Top Computers & Internet Experts

Doctor PC
Doctor PC

Level 3 Expert

7733 Answers

kakima

Level 3 Expert

102366 Answers

David Payne
David Payne

Level 3 Expert

14161 Answers

Are you a Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Loading...