Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSRT Tackles Fake Microsoft Security Essentials


10 Nov 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
MSRT Tackles Fake Microsoft Security Essentials

Quote:

We've seen a few rogue security programs use elements of legitimate security software in order to try to make themselves appear more authentic. It was inevitable that Microsoft Security Essentials would be the target of this kind mimicry. While some rogues have simply copied Security Essentials' name, others have gone further by imitating elements of the Security Essentials user interface. By far the most prevalent of these is Win32/FakePAV, which is this month's addition to the MSRT family list.

When FakePAV sees an attempt to run certain programs, it displays a fake Security Essentials alert dialog.




At first glance, there is very little that differentiates this from a real Security Essentials alert, beyond the bogus malware name ("Unknown Win32/Trojan"). You can close the window, but in a crude attempt to emulate the behavior of real-time malware blocking, FakePAV also terminates the program that it reports as a threat. This effectively means you can't run programs in FakePAV's kill list, including Internet Explorer and other common web browsers. This kind of technique has become extremely popular with rogues and serves the dual purpose of making the claims of infection more convincing and making the machine harder to use without registering the rogue.

Predictably, FakePAV's behavior differs greatly from Security Essentials' when you ask it to clean what it has found. FakePAV claims that it can't remove the threat and prompts you to "scan online".



It then pretends to scan the file again. Earlier variants of FakePAV would display bogus results from a list of anti-virus scanners, including legitimate ones, but invariably only five fictional scanners were reported to actually detect the threat:
  • Red Cross Antivirus
  • Peak Protection 2010
  • Pest Detector 4.1
  • Major Defense Kit
  • AntiSpy Safeguard
Source -
MSRT Tackles Fake Microsoft Security Essentials - Microsoft Malware Protection Center - Site Home - TechNet Blogs

My System SpecsSystem Spec
.

11 Nov 2010   #2

Windows 7 Professional 64bit
 
 

I just fixed a client's system infected by Thinkpoint, another MSE fake alert variant. Very nasty stuff.
My System SpecsSystem Spec
11 Nov 2010   #3

 
 

Quote   Quote: Originally Posted by roban View Post
I just fixed a client's system infected by Thinkpoint, another MSE fake alert variant. Very nasty stuff.
Somehow I ended up with it but soon killed it
My System SpecsSystem Spec
.


11 Nov 2010   #4

Windows 7 Ultimate 64bit
 
 

I am cleaning the one in the OP's pic right now on a clients laptop.
My System SpecsSystem Spec
Reply

 MSRT Tackles Fake Microsoft Security Essentials




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:40 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33