Fake Antivirus Software Uses Ransom Threats

Borg 386

ADHD Senior Member
Guru
Gold Member
VIP
Local time
3:31 PM
Messages
5,489
Location
In a house with a cat trying to kill me
The most prevalent malware variant during August was TotalSecurity W32/FakeAlert.LU!tr, a malicious program that masquerades as antivirus software in order to sell worthless licenses for non-existent malware. On its own it accounted for 37.3 percent of all malware threats detected by the company during the month.

Unlike standard fake antivirus programs, however, the new version of TotalSecurity takes the ruse a stage further by preventing any applications other than a web browser to run, claiming they are "infected." The user is invited to have the infection cleaned by buying the bogus TotalSecurity product.

Read More:

Fake Antivirus Software Uses Ransom Threats - PCWorld
 

My Computer My Computer

At a glance

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1,...Intel Core 2 Duo 2.93GHzNot much with my ADHDATI Radeon HD 4350
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
Used to be I could fix these without even having my keyring usb drive with me (rare occasion that is!) by tapping F8 while starting up, selecting Safe Mode with Networking, resetting IE, proxy and hosts file and downloading Malwarebytes. Anymore, Malwarebytes is not catching many of these as they are polymorphing, encrypting or obfuscating (or all three!) and the only sure way to clean up is to boot the computer from USB into my custom WinPE or Ubuntu environment provided that's possible on the hardware. If that doesn't work I take it back to the shop to plug the drive into a bench system for cleaning. If that's not an option I do it manually by running http://live.sysinternals.com/autoruns.exe. What a lifesaver -- that little cache of utilities runs right from the webpage and since the apps run from the browser cache, none of the malware has figured out how to block it. I can get signatures on all the startup code for all user and service accounts and even launch a websearch for unfamiliar items right from autoruns. Usually that and malwarebytes gets the computer clean enough for a standard boot and thorough scan with Security Essentials, which just keeps getting better and better. The current beta is smaller, faster and lower overhead while catching more malware earlier.

It's a love/hate relationship with this malware stuff -- you kind of have to respect it, I enjoy fighting it and I could not make a living without cleaning it up but it's still evil and the average Joe absolutely hates it and hates me if I clean the computer, install MSSE and he gets infected again because his rugrats click ignore...
 

My Computer My Computer

At a glance

El Capitan / Windows 10i7-4980HQ16GBIris 5200
Computer type
Laptop
Computer Manufacturer/Model Number
Apple
OS
El Capitan / Windows 10
CPU
i7-4980HQ
Memory
16GB
Graphics Card(s)
Iris 5200
Actually, this sounds exactly like the variant I mentioned in another thread. I lumped it in with Conflicker, cause it was the same ruse.

There is a way to do it without using a USB key, however, it requires you have a local account that has not been logged into, as this version hits the Hkey Root branch to setup .exe to run through the malware. Once you remove the programs from the system (Usually hiding through the Attrib +SH method in some random system folder location) you can then go back into the 'infected' account on the machine and then run an scanner (After it forces you to find the application) to clean up the registry entries.

It's more work than a USB cleanup, but an option when you don't have the ability to do so or know how to do it.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 and Home Premium x64Intel i7 960 (3.2 GHz Quad Core)12 Gigs (Triple Channel)Alienware OEM nVidia GTX 560 Ti (1.25 Gig)
Computer Manufacturer/Model Number
Alienware Area 51 Desktop and Dell Inspirion 17R (N7010)
OS
Windows 7 Ultimate x64 and Home Premium x64
CPU
Intel i7 960 (3.2 GHz Quad Core)
Motherboard
Alienware Intel based X58
Memory
12 Gigs (Triple Channel)
Graphics Card(s)
Alienware OEM nVidia GTX 560 Ti (1.25 Gig)
Sound Card
Creative Labs X-Fi Titanium
Monitor(s) Displays
Samsung PX2370 LED 23" Monitor
Screen Resolution
1920x1080
Hard Drives
2 320 Gig SATA in Raid 1 Configuration (System/App)
1 1 Tera SATA (Games)
1 1 Tera SATA (Data/Music/Videos)
PSU
750 Watt Power Supply
Case
Alienware Area 51 Desktop
Cooling
Liquid Cooled
Keyboard
Logitech G510
Mouse
Microsoft Trackball Explorer
Internet Speed
Cable

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio

My Computer My Computer

At a glance

El Capitan / Windows 10i7-4980HQ16GBIris 5200
Computer type
Laptop
Computer Manufacturer/Model Number
Apple
OS
El Capitan / Windows 10
CPU
i7-4980HQ
Memory
16GB
Graphics Card(s)
Iris 5200
Actually, sysinternals has a LOT of useful tools.

Windows Sysinternals: Documentation, downloads and additional resources

Explore the site sometime. Good software and it's free to boot.

File and Disk Utilities
Networking Utilities
Process Utilities
Security Utilities
System Information Utilites
Miscellaneous Utilities

FIVE FAVORITE SYSINTERNALS TOOLS AND WHAT THEY DO
Derek Schauland lists his favorite Sysinternals tools -- the ones he uses the most often -- and shows what each of them does.
Five favorite Sysinternals tools and what they do | Network Administrator | TechRepublic.com
 

My Computer My Computer

At a glance

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1,...Intel Core 2 Duo 2.93GHzNot much with my ADHDATI Radeon HD 4350
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various
Back
Top