Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Rogue Software sources

  • Please log in to reply
2 replies to this topic

#1 Kevin.Murphy


  • Members
  • 2 posts
  • Gender:Male
  • Location:Southern NH
  • Local time:11:48 PM

Posted 05 April 2010 - 12:08 PM

I've just cleaned up a PC that was infected with the Rogue Spyware program Antivirus Suite, which was yet another variant of Antivirus XP, etc.

This user stated they were on MSN and had clicked on a couple articles and then was looking a review of something on Consumer Reports. A recent past infected user stated they were on Facebook at the time.

I have 2 questions;

1) How are these rogue software programs getting themselves downloaded onto our PC's? is there any info as to how specifically they get transmitted/communicated? Are there any special detection methods that webmasters can use to prevent this?

2) Can anything be done to prevent this? I don't know if there's and initial warning where a user can still avoid infection. I also don't know if my CA eTrust can detect/prevent it.
Kevin Murphy

BC AdBot (Login to Remove)


#2 xblindx


  • Banned
  • 1,923 posts
  • Gender:Male
  • Local time:11:48 PM

Posted 05 April 2010 - 12:26 PM

They get in through many many ways. Ads are one of them. Read How did I get infected? to find out more.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,087 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:48 PM

Posted 06 April 2010 - 07:42 AM

Rogue security programs are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware and is often seen with SmitFraud and Vundo infections. SmitFraud is a generic description for a family of rogue applications/trojans such as Win32.Zlob which comes disguised as a fake codec that installs other malware or rogue security products like SpySheriff. Vundo is a Trojan that infects a system with malicious Browser Helper Objects and .dll (Dynamic Link Library) modules attached to system files like Winlogon and Explorer.exe. These infections are responsible for launching unwanted pop ups, advertising for rogue antispyware programs, and downloading more malicious files which hampers system performance. Many variants typically use bogus warning messages and alerts to indicate that your computer is infected with spyware or has critical errors as a scare tactic to goad you into downloading a malicious security application to fix it. The alerts can mimic system messages so they appear as if they are generated by the Windows Operating System. The problem with these types of infections is that they can download other malicious files so the extent of the infection can vary to include backdoor Trojans, Botnets, IRCBots and rootkits which make it more difficult to remove. For more specific information on how these types of rogue programs and infections install themselves, read:
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users