Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSRT Tackles Fake Microsoft Security Essentials

10 Nov 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
MSRT Tackles Fake Microsoft Security Essentials

Quote:

We've seen a few rogue security programs use elements of legitimate security software in order to try to make themselves appear more authentic. It was inevitable that Microsoft Security Essentials would be the target of this kind mimicry. While some rogues have simply copied Security Essentials' name, others have gone further by imitating elements of the Security Essentials user interface. By far the most prevalent of these is Win32/FakePAV, which is this month's addition to the MSRT family list.

When FakePAV sees an attempt to run certain programs, it displays a fake Security Essentials alert dialog.




At first glance, there is very little that differentiates this from a real Security Essentials alert, beyond the bogus malware name ("Unknown Win32/Trojan"). You can close the window, but in a crude attempt to emulate the behavior of real-time malware blocking, FakePAV also terminates the program that it reports as a threat. This effectively means you can't run programs in FakePAV's kill list, including Internet Explorer and other common web browsers. This kind of technique has become extremely popular with rogues and serves the dual purpose of making the claims of infection more convincing and making the machine harder to use without registering the rogue.

Predictably, FakePAV's behavior differs greatly from Security Essentials' when you ask it to clean what it has found. FakePAV claims that it can't remove the threat and prompts you to "scan online".



It then pretends to scan the file again. Earlier variants of FakePAV would display bogus results from a list of anti-virus scanners, including legitimate ones, but invariably only five fictional scanners were reported to actually detect the threat:
  • Red Cross Antivirus
  • Peak Protection 2010
  • Pest Detector 4.1
  • Major Defense Kit
  • AntiSpy Safeguard
Source -
MSRT Tackles Fake Microsoft Security Essentials - Microsoft Malware Protection Center - Site Home - TechNet Blogs


My System SpecsSystem Spec
.

11 Nov 2010   #2
roban

Windows 7 Professional 64bit
 
 

I just fixed a client's system infected by Thinkpoint, another MSE fake alert variant. Very nasty stuff.
My System SpecsSystem Spec
11 Nov 2010   #3
Orbital Shark

 
 

Quote   Quote: Originally Posted by roban View Post
I just fixed a client's system infected by Thinkpoint, another MSE fake alert variant. Very nasty stuff.
Somehow I ended up with it but soon killed it
My System SpecsSystem Spec
.


11 Nov 2010   #4
Zepher

Windows 7 Ultimate 64bit
 
 

I am cleaning the one in the OP's pic right now on a clients laptop.
My System SpecsSystem Spec
Reply

 MSRT Tackles Fake Microsoft Security Essentials




Thread Tools





Similar help and support threads
Thread Forum
Security Essentials 2011 / 2010 - Rogue Microsoft Security Essentials
Security Essentials 2011 / 2010 - Rogue Microsoft Security Essentials Has Many Faces - Softpedia
Security News
Free Microsoft Security Tool Kills Microsoft Security Essentials Alert
Free Microsoft Security Tool Kills Microsoft Security Essentials Alert Rogue - Softpedia
Security News
Fake Microsoft Security Essentials software on the loose.
More - Fake Microsoft Security Essentials software on the loose.
Security News
New Scareware Displays Fake Microsoft Security Essentials Alerts
New Scareware Displays Fake Microsoft Security Essentials Alerts - Softpedia
System Security
Microsoft Killing MSE Security Essentials Fake.
More - Microsoft Killing Microsoft Security Essentials Fake – Security Essentials 2010 - With the Malicious Software Removal Tool - Softpedia
News
MSRT Fake
This one comes from a drive-by download with the domain hosted in Moldova. The fake tool may install on your system as “Protection System”. Complete report with images at Malware Diaries » Blog Archive » MSRT Not!
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 19:27.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App