Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus protection racket - problem solved, lots of $


  • Please log in to reply
3 replies to this topic

#1 Wamba1

Wamba1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 04 September 2009 - 12:29 PM

Recently I was invaded by Personal Antivirus, a "scareware" that takes over your browser and more, displaying a popup that urges you to scan for viruses immediately. It won't go away (Control F4 or Control+Alt+Del might work) and begins to scan, displaying several serious-sounding e-mail viruses I've never heard of. I rebooted my notebook and checked my antivirus program; the autoprotect feature was turned off somehow (not by me).

So I checked on the web and found several similar descriptions of P/A as a high pressure sales tool that takes over your computer and tells you to purchase the program in order to protect your computer from the viruses it implants (or not - I'm not clear as to whether these were dummy file names). The distinct effects of being invaded as I was vs. purchasing and downloading the software were not described. However whatever damage the attack does can apparently be overcome by free or inexpensive software.

So. We have a cheesy high pressure "protection racket" from Personal Antivirus, that aims for your pocketbook by hijacking your browser and operating system. Pay up or your PC locks up.

But the racket does not stop here. I, being a paranoid and naive user, freaked out and initiated a chat session with my antivirus provider (after I searched the web for an interactive contact address - none was listed on their site). Here is the explanation I got from them:

Norton: Alright Naive Customer, Personal Antivirus is a Spyware infection. It is a misleading application that may give exaggerated reports of threats on the computer. This program can be downloaded from a Web page and must be manually installed. The program reports false or exaggerated system security threats on the computer.
These rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.

Naive Customer > Do the solicitations like the one I got actually cause any harm or do you have to actually download something to get infected?

Norton > NC, these virus replicates usually without your permission or knowledge. These infections try to hide themselves from the operating system and anti-virus products. They do this by residing in the OS kernel and intercepting all operating system access. Even information passed on to security software can be manipulated in this way, and the security software might consider the computer to be threat free.

Once there is an infection on your computer, it will normally try to spread to other files on your hard drive and to other computers/devices connected to your system. Most of the times, it creates or manipulates entries and keys in your windows registry. For these cases we need to manually remove the registry entries and also remove the infected files.


Sounds serious to me, says I. OK, says Norton. We have two options: scan and remove remotely; or scan and remove with tune-up. I chose the second option and paid the price of several A/V programs to have them take over my notebook for an hour and clean it up. But hey, it's got a 7 day warranty!

Sorry to moan, but I wanted to offer my experience in case anyone else might be tempted. I should have signed off and checked around to see if there were cheaper solutions, and what the actual damage might be from just receiving the popup message.

Formerly naive customer

Oh, BTW - infected stations can spread the scareware through email - at least Norton says so.

Edited by garmanma, 05 September 2009 - 07:54 PM.
Moved to appropriate forum


BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:08:20 AM

Posted 05 September 2009 - 09:54 PM

Hi Wamba1, welcome to BC! :thumbsup:

Rogue security programs have proliferated like cockroaches lately. Being so easy to make, it's understandable (even I have made a reasonably convincing scareware program [just an experiment, not for evil!]) And they are profitable. Many, many credulous users have shelled out money to the makers of these programs.

I'm glad to hear that you were able to solve this problem. Even though you had to shell out some cash, at least it wasn't to the bad guys!

For anyone else affected by this rogue program, please read Bleeping Computer's guide for removing Personal Antivirus, which can be found here: http://www.bleepingcomputer.com/virus-remo...sonal-antivirus

Edited by Amazing Andrew, 05 September 2009 - 09:58 PM.


#3 Wamba1

Wamba1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 05 September 2009 - 10:34 PM

Andrew,
I'm not surprised that these rogue programs are spreading - the strategy resembles the plot of the film, "The Net", but on a much lower and non-lethal scale. I would advise anyone who gets these popups not to panic; do a little research and try to find a cheap way to remove the files.

And while I have your attention, I wonder if you could share your opinion of the MalwareBytes software?

Thanks,
Jim

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:08:20 AM

Posted 05 September 2009 - 11:19 PM

Malwarebytes' products are reputable and powerful.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users