Wednesday, July 29, 2009

FAKE AV SOFTWARE EXTORTION

Fake Anti-Virus stops programs, making you buy their program to remove their malware.

This has been going on for some time and it is getting worse. I have had this happen to a many of my client and have ran into this breed just recently. I had to use Microsoft's MRT to scan and give me a hand and prc viewer to kill the processes as they came to play. I also used AVG's old root kit remover that is no longer available BEFORE I could INSTALL or RUN any other software such as Malware Bytes, Spybot and other programs as well. I couldn't even completely kill it in safemode. I would removed the files manually but they would reduplicate themselves. I found that with these types of infections, if you do a search for all files, including hidden and system files by date modified it is so much quicker. The last one I removed was so nasty I couldn't even run ComboFix on it, until followed through on the above.

Read what TrendLabs has to say below.

Taken from Malware Blog
Posted Jul26 2009
Rogue Antivirus Terminates EXE Files
9:02 pm (UTC-7) by Erika Mendoza (Threat Response Engineer)
This weekend, we at TrendLabs came across a FAKEAV variant similar to the one peddled in the solar eclipse 2009 in America attack in this recent blog post. This one, however, introduces another new scare tactic (so far the latest new ploy we’ve seen is the ransomware/FAKEAV that encrypts files in the infected computer and offers a bogus fixtool for a price).
This FAKEAV variant terminates any executed file with an .EXE file extension and displays a pop-up message saying that the .EXE file is infected and cannot execute.


This way, users are left with no choice but to activate the antivirus product since no other application works. This Trojan is detected by Trend Micro as TROJ_FAKEAV.B. It avoids terminating critical processes to prevent system crashes.
Unfortunately, cybercriminals work hard in creating so many gimmicks, that we can only guess what comes next in FAKEAV. Fortunately though, the Trend Micro Smart Protection Network provides users protection from such threats.Read more: http://blog.trendmicro.com/rogue-antivirus-terminates-exe-files/#ixzz0MfvDHv92

Contact a professional to help you:
Computer Repair Lakeland, FL
863-521-1079