uptick in fake antiviruses

Rosco

Rosco

Well-Known Member
Reaction score
352
Location
USA
all of December had a lot of fake antiviruses... Three just since Tuesday. anyone else seen this happening?
 
Hadn't seen a fake av for a while, now have seen 5 right around Christmas.

2 got past MSE, 1past Norton, and 1past AVG, 1 had nothing at all.
 
I have seen 3 in the past 2 weeks. The most recent one called itself Windows System Check. It was nasty. It hid all the files, disabled access to the control panel, task manager, etc. Haven't seen that behavior since last spring. It also had a bootkit which I removed using BitDefender's Bootkit remover.
 
I gotta say, my business has been enjoying the increase in these :o

most seem to have come from ads on legit sites being infected.
 
XP Antivirus 2012, Vista Antivirus 2012...those are the big ones we're setting. The new BETA MSE actually stopped one last night from coming into my system....I saw MSE's popup and auto actions happen before it jumped up on my screen. This was through Chrome too..so good to see the new MSE reaching into that.
 
well i guess its not just me....it sucks for EUs but really helped a slow week. i crushed my goal for December because of these. So far they totally disable anything in the machine to fix it. Makes it great for us techs. These are real nasty ones. every customer had up to date antivirus software. Well i guess if you make $100.00 milllion and the US goverment only makes you pay 8 million in damages i would set up shop again too. We are all in the wrong business i guess, lol!
 
I have fixed two on a windows 7 system. One made it past Trend Micro and the other one was not even running an AV.
 
MisterMalware said:
What I'd like to know is the exact configuration(s) these PCs had before they got infected.
Click to expand...

Both of the ones I fixed didn't have service pack 1 installed. Basically the customer turned off the automatic updates (They told me they did because it was slowing down their internet connection).
 
Bobscomputerservice said:
well i guess its not just me....it sucks for EUs but really helped a slow week. i crushed my goal for December because of these. So far they totally disable anything in the machine to fix it. Makes it great for us techs. These are real nasty ones. every customer had up to date antivirus software. Well i guess if you make $100.00 milllion and the US goverment only makes you pay 8 million in damages i would set up shop again too. We are all in the wrong business i guess, lol!
Click to expand...

I personally am not advertising right now because the yellow pages isn't due until March and I really don't want to swim in cheese with the pizza techs on CL. If anybody has a better idea, let me know. Anyway, it seems that the only way to defeat these is by booting into a VM and doing manual removal, right? I know that before I went on hiatus I was seeing fake AV's that would stop any scan of any antivirus software, even from a VM, and "eat" whatever real AV was on the target PC. I suppose we'll eventually have fake AV's that eat the hard drive. I know that the Russians tried a virus that literally encrypted everything, and they didn't give out a key to unencrypt it if you paid, they just ran up your card. Judging from the rage on forums like these they realized they crossed the line, if you totally destroy data and leave no method of retrieval, you will get a bunch of enraged Yankees.
 
bytebuster said:
I personally am not advertising right now because the yellow pages isn't due until March and I really don't want to swim in cheese with the pizza techs on CL. If anybody has a better idea, let me know. Anyway, it seems that the only way to defeat these is by booting into a VM and doing manual removal, right? I know that before I went on hiatus I was seeing fake AV's that would stop any scan of any antivirus software, even from a VM, and "eat" whatever real AV was on the target PC. I suppose we'll eventually have fake AV's that eat the hard drive. I know that the Russians tried a virus that literally encrypted everything, and they didn't give out a key to unencrypt it if you paid, they just ran up your card. Judging from the rage on forums like these they realized they crossed the line, if you totally destroy data and leave no method of retrieval, you will get a bunch of enraged Yankees.
Click to expand...

on systems in which I can not get around the rogue virus I usually pop in a SARDU cd and run Bitdefender which cleans out the major culprit and then I run all the usual stuff in windows to do a thorough cleaning and to check everything out
 
I did 21 of these in the month of JAN. but have not seen one in the last 4 days. It was really weird just out of the blue it was like everyone had it.
 
I had one come in a couple of days ago (see this thread: http://www.technibble.com/forums/showthread.php?p=268889&posted=1#post268889) and then 3 more calls just today! I haven't checked my voicemail yet, but I am hoping there are more on there as well. Sounds kind of creepy to be happy about problems like this, but I guess even a doctor needs sick people to pay his bills.

@mistermalware
My most recent was on a laptop, vista sp2, running up to date mse. Like I mentioned in the thread linked above, the malware laughed at rskill, tdsskill, and mbam, forcing me to manually delete - which I am not as strong at as I wish I was.
 
You must log in or register to reply here.

Similar threads

britechguy
PayPal's Page on "How to Identify Fake Messages"
Replies
1
Views
504
xrobwx71
xrobwx71
Appletax
[SOLVED] Can't remove fake BSOD that might use mshta.exe
Replies
5
Views
484
NviGate Systems
NviGate Systems
River Valley Computer
New Windows 11 install behavior.
Replies
5
Views
182
brandonkick
B
britechguy
Latest Phishing Attempt, latest reply to a client who asked me "is this legitimate" before doing anything . . .
Replies
10
Views
656
britechguy
britechguy
Velvis
Unifi Network on FIOS keeps disconnecting
2
Replies
24
Views
1K
Velvis
Velvis
Back
Top