Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New fake alert variant introduced by Win Antivirus Vista/XP

  • Please log in to reply
No replies to this topic

#1 Grinler


    Lawrence Abrams

  • Admin
  • 43,714 posts
  • Gender:Male
  • Location:USA
  • Local time:04:27 AM

Posted 16 February 2009 - 05:13 PM

A common approach for rogue programs is to display fake alerts or warnings stating that your computer has some sort of problem and then to suggest you purchase the particular program it is promoting. The reason behind these is alerts is to make the user think they are infected and thus purchase the program. Today, a new rogue from Russia called Win Antivirus Vista/XP adds an interesting twist to the fake alert scene.

Typically fake alerts come in the form of small Windows or balloons that state that your being attacked, that hidden data is being sent, or that suspicous activity is occurring. These alerts typically look similar to the following two images.

Fake alert Window

Fake balloon alert from the Windows taskbar

Another type of alert, and what I feel was the most inventive, was the use of the SysInternals BlueScreen Screen Saver to make it appear that your computer was crashing. Today, we found a new fake alert that comes in the form of a process crashing as shown below.

The above alert pretends to be a typical Windows dialog box that would be shown when a process crashes in Windows. The difference is that the normal Windows alert would contain two buttons, and possibly a third, labeled Send Error Report, Don't Send, and Debug depending on the software installed. The fake process crash screen adds an additional button labeled Fix it. This new button, when pressed, will start the Win Antivirus Vista/XP program and start scanning your computer. This new fake alert is attempting to convince you that processes are crashing on your computer and that Win Antivirus can protect. This is obviously false.

For anyone who may have gotten infected by this new rogue, you can use the below guide to disinfect yourself.

Read More on how to remove Win Antivirus Vista/XP

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users