Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Fake Antivirus Software Uses Ransom Threats

07 Sep 2010   #1
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 
Fake Antivirus Software Uses Ransom Threats

Quote:
The most prevalent malware variant during August was TotalSecurity W32/FakeAlert.LU!tr, a malicious program that masquerades as antivirus software in order to sell worthless licenses for non-existent malware. On its own it accounted for 37.3 percent of all malware threats detected by the company during the month.

Unlike standard fake antivirus programs, however, the new version of TotalSecurity takes the ruse a stage further by preventing any applications other than a web browser to run, claiming they are "infected." The user is invited to have the infection cleaned by buying the bogus TotalSecurity product.
Read More:

Fake Antivirus Software Uses Ransom Threats - PCWorld


My System SpecsSystem Spec
.
07 Sep 2010   #2
baarod

El Capitan / Windows 10
 
 

Used to be I could fix these without even having my keyring usb drive with me (rare occasion that is!) by tapping F8 while starting up, selecting Safe Mode with Networking, resetting IE, proxy and hosts file and downloading Malwarebytes. Anymore, Malwarebytes is not catching many of these as they are polymorphing, encrypting or obfuscating (or all three!) and the only sure way to clean up is to boot the computer from USB into my custom WinPE or Ubuntu environment provided that's possible on the hardware. If that doesn't work I take it back to the shop to plug the drive into a bench system for cleaning. If that's not an option I do it manually by running http://live.sysinternals.com/autoruns.exe. What a lifesaver -- that little cache of utilities runs right from the webpage and since the apps run from the browser cache, none of the malware has figured out how to block it. I can get signatures on all the startup code for all user and service accounts and even launch a websearch for unfamiliar items right from autoruns. Usually that and malwarebytes gets the computer clean enough for a standard boot and thorough scan with Security Essentials, which just keeps getting better and better. The current beta is smaller, faster and lower overhead while catching more malware earlier.

It's a love/hate relationship with this malware stuff -- you kind of have to respect it, I enjoy fighting it and I could not make a living without cleaning it up but it's still evil and the average Joe absolutely hates it and hates me if I clean the computer, install MSSE and he gets infected again because his rugrats click ignore...
My System SpecsSystem Spec
07 Sep 2010   #3
Keiichi25

Windows 7 Ultimate x64 and Home Premium x64
 
 

Actually, this sounds exactly like the variant I mentioned in another thread. I lumped it in with Conflicker, cause it was the same ruse.

There is a way to do it without using a USB key, however, it requires you have a local account that has not been logged into, as this version hits the Hkey Root branch to setup .exe to run through the malware. Once you remove the programs from the system (Usually hiding through the Attrib +SH method in some random system folder location) you can then go back into the 'infected' account on the machine and then run an scanner (After it forces you to find the application) to clean up the registry entries.

It's more work than a USB cleanup, but an option when you don't have the ability to do so or know how to do it.
My System SpecsSystem Spec
.

07 Sep 2010   #4
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote:
http://live.sysinternals.com/autoruns.exe. What a lifesaver -- that little cache of utilities runs right from the webpage and since the apps run from the browser cache, none of the malware has figured out how to block it.
Exellent little app!
My System SpecsSystem Spec
07 Sep 2010   #5
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Bleeping Computer has had instructions for removing Total Security for some time: How to remove Total Security (Uninstall Guide).
My System SpecsSystem Spec
07 Sep 2010   #6
baarod

El Capitan / Windows 10
 
 

Quote   Quote: Originally Posted by Corrine View Post
Bleeping Computer has had instructions for removing Total Security for some time: How to remove Total Security (Uninstall Guide).
That's great when it's exactly that malware, that variant and the only malware instance. Anymore, with all the polymorphism, infection helpers, droppers and whatnot, just removing one startup item is not enough.
My System SpecsSystem Spec
09 Sep 2010   #7
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

Actually, sysinternals has a LOT of useful tools.

Windows Sysinternals: Documentation, downloads and additional resources

Explore the site sometime. Good software and it's free to boot.

File and Disk Utilities
Networking Utilities
Process Utilities
Security Utilities
System Information Utilites
Miscellaneous Utilities

Quote:
FIVE FAVORITE SYSINTERNALS TOOLS AND WHAT THEY DO
Derek Schauland lists his favorite Sysinternals tools -- the ones he uses the most often -- and shows what each of them does.
Five favorite Sysinternals tools and what they do | Network Administrator | TechRepublic.com
My System SpecsSystem Spec
Reply

 Fake Antivirus Software Uses Ransom Threats




Thread Tools




Similar help and support threads
Thread Forum
Trend Micro Fake Antivirus (FakeAV) Removal Tool [Beta]
Source A Guy
System Security
Kaspersky Antivirus Son Kidnapped, Held for Ransom
more here >>>>> Kaspersky Antivirus Son Kidnapped, Held for Ransom / Infopackets.com
Chillout Room
13 Million PCs Infected with Fake Antivirus Cleaner
Microsoft security solutions have helped clean over 13 million computers worldwide infected with rogue antivirus software in 2009. However, according to volume eight of the Microsoft Security Intelligence Report (SIRv8), fake antivirus is a growing problem, with the number of compromised ...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:16.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App