A common approach for rogue programs is to display fake alerts or warnings stating that your computer has some sort of problem and then to suggest you purchase the particular program it is promoting. The reason behind these is alerts is to make the user think they are infected and thus purchase the program. Today, a new rogue from Russia called Win Antivirus Vista/XP adds an interesting twist to the fake alert scene.
Typically fake alerts come in the form of small Windows or balloons that state that your being attacked, that hidden data is being sent, or that suspicous activity is occurring. These alerts typically look similar to the following two images.
Fake alert Window
Fake balloon alert from the Windows taskbar
Another type of alert, and what I feel was the most inventive, was the use of the SysInternals BlueScreen Screen Saver
to make it appear that your computer was crashing. Today, we found a new fake alert that comes in the form of a process crashing as shown below.
The above alert pretends to be a typical Windows dialog box that would be shown when a process crashes in Windows. The difference is that the normal Windows alert would contain two buttons, and possibly a third, labeled Send Error Report, Don't Send, and Debug depending on the software installed. The fake process crash screen adds an additional button labeled Fix it. This new button, when pressed, will start the Win Antivirus Vista/XP program and start scanning your computer. This new fake alert is attempting to convince you that processes are crashing on your computer and that Win Antivirus can protect. This is obviously false.
For anyone who may have gotten infected by this new rogue, you can use the below guide to disinfect yourself.Read More on how to remove Win Antivirus Vista/XP