Infected website, download fake AV for testing. Safe?

Neverhavemoney · 12 Apr 2010

Hey guys,
I finally got a pop-up ive been wanting for a few months now. It is one of those fake virus scanning websites trying to run a fake scan (just a .gif picture) and it tells me to download their AV.
Ya let me get right to that! REALLY!
I want to download, not install to my main computer, but just download the installation files to transfer to my old sandbox comptuer. This will be my first attemt at this, and i just wanted peoples input on what you think of this?

Am i alright to download this? A second opinion never hurts. Cant know everything. Damn

hard pill to swollow haha!

Thanks everyone,
Ben

not so gray matter · 12 Apr 2010

Well, if you're going to let it run its course to see what it does, make sure that the computer is completely isolated with ZERO and I mean ZERO information on it.

Also, keep in mind that not only can this sort of thing mess with your software, but in rare cases it can kill hardware if it's really horrid.

polarbear · 12 Apr 2010

Just had to post here.. really want to watch the out come of this one... Too many dirty AV companies out there trying to take advantage of the little folk... GL :)

Neverhavemoney · 13 Apr 2010

I know polar, this is why i want to download it. I want to write up a full detailed article on what happens when you get infected like this, and also create a package to get rid of this nasty, information stealing hoax. I hate these things, and they keep coming out with new ones every year. It sucks.

O well. Thanks,
Ben

polarbear said:

Just had to post here.. really want to watch the out come of this one... Too many dirty AV companies out there trying to take advantage of the little folk... GL :)

Jaxryley · 13 Apr 2010

Do it all the time here.
Fighter Jets Chasing Ufo Captured On Video - Wilders Security Forums

Thorsen · 13 Apr 2010

Well, each Fake AV is different and sometimes require different removal tools.

You could however start the thread with that one AV and then each time you find a new one, dl it and solve the process needed to remove it and post on how you solved it.

It would be good to have a general tutorial though on what to do if you get infected by fake AV. As far as first steps or tips and tricks to get the best results.

Corrine · 13 Apr 2010

Neverhavemoney said:

I want to download, not install to my main computer, but just download the installation files to transfer to my old sandbox comptuer. This will be my first attemt at this, and i just wanted peoples input on what you think of this?

Ben

Hi, Ben.

Since you need to ask, I think you know my answer. No, I do not recommend it. Merely clicking the link will start the installation. That said, if this is something you are going to do anyway, I strongly advise that you have a really good backup of all your files and if you have a home network, disconnect other computers from the network. Although not 100% safe, you need to download with VM.

As to illustrating what happens, I believe SunbeltBLOG has posted videos of what happens and I'm sure others have as well.

Thorsen said:

You could however start the thread with that one AV and then each time you find a new one, dl it and solve the process needed to remove it and post on how you solved it.

No need to re-invent the wheel. Bleeping Computer does an excellent job of providing instructions: Virus, Spyware, & Malware Removal Guides

Jaxryley · 13 Apr 2010

Merely clicking the link starts the download of the setup.exe which then needs to be executed in order to start the installation.

If you want to go anywhere on the net and deliberately download malware then may I suggest you run your browser through Sandboxie and execute any downloads through Sandboxie as well.

Take a bit of time to learn Sandboxie's capabilities and I doubt you would ever surf without it again.

I also virtualize my system with Returnil (prefer older version) and also use virtual machines but I still have images as backups.

swarfega · 14 Apr 2010

I would recommend doing this (if you insist on doing it) in an isolated virtual environment with integration tools disabled. Make sure you install av/malware programs in that vm.

Neverhavemoney · 15 Apr 2010

Jax,
I dont understand virtual computing. Care to go more into it? Im looking to do testing with this, because i understand that you can't become infected but i have no idea how. Can you explain what it does?

Thanks,
Ben

Jaxryley said:

Merely clicking the link starts the download of the setup.exe which then needs to be executed in order to start the installation.

If you want to go anywhere on the net and deliberately download malware then may I suggest you run your browser through Sandboxie and execute any downloads through Sandboxie as well.

Take a bit of time to learn Sandboxie's capabilities and I doubt you would ever surf without it again.

I also virtualize my system with Returnil (prefer older version) and also use virtual machines but I still have images as backups.