Fake Anti virus on the rise?

[ipaine]

Hey just wondering if anyone else out there is seeing a rise in the number of attacks with regards to a fake anti virus going by the name of "Win 7 2011 Total Security"?

I'm wondering since I have seen a few cases in the last few days here at work and I have also seen some outside of work with family. This is a large amount compared to normal around here.

I do know that it is not easy to get rid of as it seems to just keep on coming back or at the least random hijacking of the browser even after it appears gone.

Just wondering if anyone else is seeing this or not.

[enaberif]

Its because idiots keep falling for those stupid "OOOH this person got banned from school" links on Facebook, using Limewire/Bearshare, or just opening stupid email attachments on their system.

Also doesn't help people don't even bother running a antivirus on their system and I'm not talking the likes of AVG, McAfee, Norton or Kaspersky.. But also people need to realize common sense plays a huge rule.

Also those aren't viruses they are Spyware/Malware phishing for your credit card info ;)

[FiXT]

Yes, there has been a marked increase in the "Security Centre" virus. They exist for Windows XP, Vista and 7. They tend to mimic the MSE look and feel. I've had virtually every relative call me in the past month with the issue. I myself succumb to it on one of my PC's (and PS ena, I don't use facebook, or P2P).

I've also seen and heard of an enormous increase in Virus removal service requests for some local computer PC repair shops for that exact virus, though it was taken on a few different forms, but invariable it always mimics some sort of virus scanner.

There has also been a large number of websites that have been built to imitate a virus scanner, which I have noticed is where many of the infections happen. People click on the "close/exit" button, which is actually on the website itself and thus a hyperlink - and whamo - you have yourself a virus

However, I honestly am not to sure where I managed to contract it from. I only use the PC for note taking, research on the go and to answer emails (which is on a private domain & receives no email except form known contacts)

[MacJunky]

Not too long ago on my notebook google brought up a link to one of those sites when I was searching for something completely different. This is the absolute first time I have ever even seen one in person. I detach the tab to it's own window and the veery top right close button (not something in the page) and File->Close (this was FF 3.6, it still has that menu option unlike FF4 mozillayoucocksuckers) did not work at all!
I had to open up task manager and kill firefox. I wish it separated individual windows into separate processes(without using the multiple profile workaround) -_-
So later I start up MSE and it removes some stuff in the cache and that is about it.(I did not click on anything in the page itself) So far so good.



I have a very important question.



WHY THE **** ARE SITES ALLOWED TO DISABLE/HIJACK/IGNORE THE MOTHERFUCKING WINDOW CLOSE FUNCTION?


Seriously. What. The. ****. That. Is. Bullshit.

FUCKIN SCRIPTS NEED TO **** OFF!

The old internet was better.

[enaberif]

Quote:

Originally Posted by FiXT

Yes, there has been a marked increase in the "Security Centre" virus. They exist for Windows XP, Vista and 7. They tend to mimic the MSE look and feel. I've had virtually every relative call me in the past month with the issue. I myself succumb to it on one of my PC's (and PS ena, I don't use facebook, or P2P).

I've also seen and heard of an enormous increase in Virus removal service requests for some local computer PC repair shops for that exact virus, though it was taken on a few different forms, but invariable it always mimics some sort of virus scanner.

There has also been a large number of websites that have been built to imitate a virus scanner, which I have noticed is where many of the infections happen. People click on the "close/exit" button, which is actually on the website itself and thus a hyperlink - and whamo - you have yourself a virus

However, I honestly am not to sure where I managed to contract it from. I only use the PC for note taking, research on the go and to answer emails (which is on a private domain & receives no email except form known contacts)

Banners on websites can contain malicious code that can become executed on your system. This is a very good reason of which I use Firefox and Ad Block for ..

The only time I've had any issues is when you click a stupid image on google images and it opens a tab and says your system is infected.

Quote:

Originally Posted by MacJunky

Not too long ago on my notebook google brought up a link to one of those sites when I was searching for something completely different. This is the absolute first time I have ever even seen one in person. I detach the tab to it's own window and the veery top right close button (not something in the page) and File->Close (this was FF 3.6, it still has that menu option unlike FF4 mozillayoucocksuckers) did not work at all!
I had to open up task manager and kill firefox. I wish it separated individual windows into separate processes(without using the multiple profile workaround) -_-
So later I start up MSE and it removes some stuff in the cache and that is about it.(I did not click on anything in the page itself) So far so good.

I have a very important question.

WHY THE **** ARE SITES ALLOWED TO DISABLE/HIJACK/IGNORE THE MOTHERFUCKING WINDOW CLOSE FUNCTION?

Seriously. What. The. ****. That. Is. Bullshit.

FUCKIN SCRIPTS NEED TO **** OFF!

The old internet was better.

Its not even that.. its pop up windows that say your system is infected and they have made the entire window a hyperlink that can compromise your system as well.

We had a system in here that we cleared out of viruses and they were back 2 weeks later infected again.

[ipaine]

Yea, the big problem with these is that they do just popup and appear to have the close "x" and that is what most of our users see and think hey I will just close this, which of course is just clicking on the link that sends everything down to them. I keep telling them what MSE or forefront looks like if they do get a warning from them and that anything else is bad. They are told to stop and either call us if they don't know what to do or to use task manager and kill ie or ff or whatever browser is open. Or in the case of my family that got it I just said that if they can't figure out the task manager then just do a hard power off. Sure it is a little extreme, but it is still better than getting infected.

One other thing that I have seen this virus do, is it will hijack other functions of the machine. For example if you right-click on computer and select properties, it pulls up a fake action center. It also pulls that same fake action center screen up if you try to start your existing antivirus such as MSE or even Malwarebytes.

Then of course there is the browser redirecting that you have to watch out for if they are trying to find a tool to clean their machine.

[enaberif]

Quote:

Originally Posted by ipaine

Yea, the big problem with these is that they do just popup and appear to have the close "x" and that is what most of our users see and think hey I will just close this, which of course is just clicking on the link that sends everything down to them. I keep telling them what MSE or forefront looks like if they do get a warning from them and that anything else is bad. They are told to stop and either call us if they don't know what to do or to use task manager and kill ie or ff or whatever browser is open. Or in the case of my family that got it I just said that if they can't figure out the task manager then just do a hard power off. Sure it is a little extreme, but it is still better than getting infected.

One other thing that I have seen this virus do, is it will hijack other functions of the machine. For example if you right-click on computer and select properties, it pulls up a fake action center. It also pulls that same fake action center screen up if you try to start your existing antivirus such as MSE or even Malwarebytes.

Then of course there is the browser redirecting that you have to watch out for if they are trying to find a tool to clean their machine.

Yup they will even go in and disable major functions like "Task Manager" so you can't even shut it down that way.

[Keltron 3030]

Quote:

Originally Posted by enaberif

Yup they will even go in and disable major functions like "Task Manager" so you can't even shut it down that way.

This is when you bring in something like RKill into the picture to properly shut down the process

On topic, my parents have succumbed to these fake virus scanner programs. I know cuz i spent one Saturday cleaning the damn thing . I tell them they dont need anything else then what they got (Norton's, unfortunately) and I hope they listened cuz im not doin it again.........for free, that is

[francisw19]

If you haven't done so, check out something like Sandboxie to isolate your browser. I have mine setup to only allow my browser, java, flash, etc... to run and block everything else. Once I close my browser, it clears out any changes to the disk initiated by the sandboxed program.

Out of the box, you have to tighten it up a bit to suit your setup. But, if you make the right adjustments, Sandboxie is quite solid and should block out alot of the BS out there like these rouge anti-virus programs.

[martincrow]

I had this virus attack on my system last year and it eaten my browser. I was using Firefox on windows xp at that time and suddenly there was an warning window appeared at the desktop saying that virus scan is under process and then my computer was reported as corrupted by virus. When i tried to close that message window i found that it is telling me to install the latest version of the window 7 security system software. And finally my browsers stopped responding.

digital signature