Infected website, download fake AV for testing. Safe?

[Neverhavemoney]

Hey guys,
I finally got a pop-up ive been wanting for a few months now. It is one of those fake virus scanning websites trying to run a fake scan (just a .gif picture) and it tells me to download their AV.
Ya let me get right to that! REALLY!
I want to download, not install to my main computer, but just download the installation files to transfer to my old sandbox comptuer. This will be my first attemt at this, and i just wanted peoples input on what you think of this?

Am i alright to download this? A second opinion never hurts. Cant know everything. Damn hard pill to swollow haha!:roflmao:

Thanks everyone,
Ben

 

[not so gray matter]

Well, if you're going to let it run its course to see what it does, make sure that the computer is completely isolated with ZERO and I mean ZERO information on it.

Also, keep in mind that not only can this sort of thing mess with your software, but in rare cases it can kill hardware if it's really horrid.

 

[polarbear]

Just had to post here.. really want to watch the out come of this one... Too many dirty AV companies out there trying to take advantage of the little folk... GL

 

[Neverhavemoney]

I know polar, this is why i want to download it. I want to write up a full detailed article on what happens when you get infected like this, and also create a package to get rid of this nasty, information stealing hoax. I hate these things, and they keep coming out with new ones every year. It sucks.

O well. Thanks,
Ben

Just had to post here.. really want to watch the out come of this one... Too many dirty AV companies out there trying to take advantage of the little folk... GL

 

[Jaxryley]

Do it all the time here.
Fighter Jets Chasing Ufo Captured On Video - Wilders Security Forums

 

[Thorsen]

Well, each Fake AV is different and sometimes require different removal tools.

You could however start the thread with that one AV and then each time you find a new one, dl it and solve the process needed to remove it and post on how you solved it.

It would be good to have a general tutorial though on what to do if you get infected by fake AV. As far as first steps or tips and tricks to get the best results.

 

[Corrine]

I want to download, not install to my main computer, but just download the installation files to transfer to my old sandbox comptuer. This will be my first attemt at this, and i just wanted peoples input on what you think of this?

Ben

Hi, Ben.

Since you need to ask, I think you know my answer. No, I do not recommend it. Merely clicking the link will start the installation. That said, if this is something you are going to do anyway, I strongly advise that you have a really good backup of all your files and if you have a home network, disconnect other computers from the network. Although not 100% safe, you need to download with VM.

As to illustrating what happens, I believe SunbeltBLOG has posted videos of what happens and I'm sure others have as well.

You could however start the thread with that one AV and then each time you find a new one, dl it and solve the process needed to remove it and post on how you solved it.

No need to re-invent the wheel. Bleeping Computer does an excellent job of providing instructions: Virus, Spyware, & Malware Removal Guides

 

[Jaxryley]

Merely clicking the link starts the download of the setup.exe which then needs to be executed in order to start the installation.

If you want to go anywhere on the net and deliberately download malware then may I suggest you run your browser through Sandboxie and execute any downloads through Sandboxie as well.

Take a bit of time to learn Sandboxie's capabilities and I doubt you would ever surf without it again.

I also virtualize my system with Returnil (prefer older version) and also use virtual machines but I still have images as backups.

 

[swarfega]

I would recommend doing this (if you insist on doing it) in an isolated virtual environment with integration tools disabled. Make sure you install av/malware programs in that vm.

 

[Neverhavemoney]

Jax,
I dont understand virtual computing. Care to go more into it? Im looking to do testing with this, because i understand that you can't become infected but i have no idea how. Can you explain what it does?

Thanks,
Ben

Merely clicking the link starts the download of the setup.exe which then needs to be executed in order to start the installation.

If you want to go anywhere on the net and deliberately download malware then may I suggest you run your browser through Sandboxie and execute any downloads through Sandboxie as well.

Take a bit of time to learn Sandboxie's capabilities and I doubt you would ever surf without it again.

I also virtualize my system with Returnil (prefer older version) and also use virtual machines but I still have images as backups.

 

[ken9122]

Ben, I've had to cleanup several computers with these infections. My advice is don't play with them.

Ken

 

[Jaxryley]

Jax,
I dont understand virtual computing. Care to go more into it? Im looking to do testing with this, because i understand that you can't become infected but i have no idea how. Can you explain what it does?

You certainly can get get infected using a virtual system but on reboot the system returns to exactly how it was before entering virtual mode.

There a few different aspects such as sandboxie which creates a confined secure workspace within the real system.

Returnil, Shadow Defender and Wondershare Time Freeze sort of create a copy of the entire system that all the work is done in and is gone at reboot.

And then you have snapshot apps which I haven't really used but I have heard good and bad things about them, mostly good though.

May be best if you tread lightly and have a read through a few topics on the subject over at Wilders.

Light virtualization: Returnil/PowerShadow/ShadowDefender/ShadowUser Pro - Wilders Security Forums

sandboxing & virtualization - Wilders Security Forums

 

[Neverhavemoney]

Im very knowledgeable with infections, and things like this. I was head of the Vistax64 Infection Resolving Team. It was a great group of people we had.

Ben, I've had to cleanup several computers with these infections. My advice is don't play with them.

Ken

 

[tw33k]

The very fact that you had to ask this in a public forum makes me wonder about your "knowledge with infections" Like Corrine said, there are plent of "articles" and videos around on this. It's not as if you would your "report" would be a world first. My opinion: waste of time.

 

[SIW2]

It's not as if you would your "report" would be a world first. My opinion: waste of time.

Thats what they said to me when I climbed Everest.

 

[Jaxryley]

Forums are about asking for advice regardless on your expertise.

I've done heaps of things on my machine such as running an nLited XP VM in a 2 gig ramdrive. What's it good for, probably nothing else than a learning curve in knowing that I can do it.

And yep I work voluntarily with an antimalware team of great fellas that are so far ahead of me in pc knowledge it's embarrassing.

 

[smarteyeball]

I posted this on here because I wanted people, honest people who work with the stuff to let me know certain things about doing this.

Settle mate


If you don't wish to run a VM - do you have enough room on your HDD for a 'throw away' installation? or even a seperate HDD?

You could could always dual boot with another installation, infect it - Do your best to fix it and if worse comes to worse, scrap the installation.

The only potential problem would be running the risk of a particularly nasty bugger getting into your MBR/boot data and infect all installed machines.


As for Virtual Machines, Virtual Box would be the quickest and easiest way to get a VM up and running.

Just don't allow it to share any of the Hosts folders.

 

[Neverhavemoney]

I am not going to be installing this software to my main computer. I have an old computer. I am going to be transfering it to my old computer via flash drive.

Thanks,
Ben

 

[Neverhavemoney]

My old computer isn't connected to the internet so I can't download it right from there. I refuse to incase an infection travels across my network.

Thanks,
Ben