Posted by: billmullins | June 1, 2008

XP Antivirus Lies! - Fake Anti-malware Software

There seems to be an epidemic of rogue security software on the Internet at the moment; much of it using social engineering to convince users’ to download an unsafe product.

The message here is: do not click on unsolicited invitations to download software of any kind.

To expand on that point; you need to be sure that any security application you are considering installing on your computer is recognized as legitimate by industry experts. To do that, visit Spyware Warrior, an excellent web site that will advise you what products work and have a deserved reputation for quality performance.

Rogue security software such as XP Antivirus 2008, is software that uses malware, or malicious tools, to advertise or install itself. Unless you have had the bad experience of installing this type of malicious software, you may not be aware that such a class of software even exists. But it does.

This particular rogue security software’s installer is usually found on adult websites, or it can be installed manually from rogue security software websites.

After the installation of XP Antivirus 2008 be prepared for false positives; fake or false malware detection warnings. As with all rogue security applications, XP Antivirus 2008 was developed to mislead unaware computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

If the full program fee is not paid, XP Antivirus 2008 continues to run as a background process incessantly reporting those fake or false malware detection warnings discussed earlier. To really try your patience, this rogue security software cannot be uninstalled using the Windows Add/Remove Programs tool.

There have been some reports indicating that XP Antivirus 2008 has the potential to capture and transmit personal and financial information, although this remains largely unverified.

Generally, reputable anti-spyware software is capable of detecting rogue software if it attempts to install, or on a malware scan. But this is not always the case. Anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

A good partial solution to this problem is to ensure you have installed, and are running, an anti-malware application such as ThreatFire 3, free from PC Tools. This type of program operates using heuristics, or behavioral analysis, to identify newer threats.

As well, Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure. RogueRemover (latest version released May 30/08), will safely remove a number of rogue security applications.

A further resource worth noting is the Bleeping Computer web site where help is available for many computer related problems, including the removal of rogue software.

What you can do to reduce the chances of infecting your system with rogue security software.

  • Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
  • Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
  • Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.
  • Do not click on unsolicited invitations to download software of any kind.

Possibly related posts: (automatically generated)

Posted in Anti-Malware Tools, Firefox Add-ons, Free Security Programs, Freeware, Interconnectivity, Internet Explorer Add-ons, Internet Safety Tools, Malware Advisories, Online Safety, Rogue Software, Safe Surfing, Spyware - Adware Protection, System Security, Windows Tips and Tools, internet scams | Tags: , , , , , , , , , , , , , , , , , ,

« Bogus IRS Tax Notification Email - Don’t Be a Victim!
Safety Tips For Instant Messaging »

Responses

Another home run, Bill.

Folks, I invite you to share this article with anyone you know who surfs the Web. These bogus pop-ups can appear from visiting practically anywhere (any site) these days…

By: Tech Paul on June 1, 2008
at 6:53 pm

Great posting, Bill! Spyware seems to be the one of most rapidly growing types of Internet threats. When we studied this at Web of Trust, I noticed that the easiest way to get spyware on your computer is to install a free anti-spyware software!

By: Esa Suurio on June 2, 2008
at 5:42 am

Hey Bill, Thanks so much for the mention. Nice writeup. This stuff continues to be massively present, run on users’ systems, and not all that reliably detected by traditional AV.

We’ve got a couple recent writeups here http://blog.threatfire.com/2008/05/antivirus-fraud-2008.html
and here
http://blog.threatfire.com/2008/05/year-of-rogueware.html

I’ve got to say that I have not yet seen activity or components from AV2008 that confirms some of the suspicions in the post. We’ll take a closer look:
“There have been some reports indicating that XP Antivirus 2008 has the potential to capture and transmit personal and financial information, although this remains largely unverified.”

You’re really doing well by your readers to provide this current information.

By: Kurt Baumgartner on June 2, 2008
at 12:27 pm

Bill, thanks for the information. I was just on the web looking for a picture of a septic filter and the XP Antivirus partially installed itself. I am now trying to get rid of it. Damn, I hate those virus creators.

By: G K Thompson on June 2, 2008
at 1:04 pm

[...] warnings discussed earlier. To really try your patience, this rogue security software cannot be unihttp://billmullins.wordpress.com/2008/06/01/xp-antivirus-lies-fake-anti-malware-software/Police and DetectivesPeople depend on police officers and detectives to protect their lives and [...]

By: detective on June 2, 2008
at 10:04 pm

Thanks for the info, will keep that in mind.

@ Esa

I noticed that the easiest way to get spyware on your computer is to install a free anti-spyware software

While there are lots of crappy free spyware removal tools there are a number of really good ones as well. Same can be said about Antivirus Tools.

By: Aibek on June 4, 2008
at 2:28 am

I unfortunately fell for the “virus attack” after trying to remove it , gave in and bought the XPAntivirus.
they charged me not only for what I had bought but charged me again, $ 78.83 for something which I hadn’t ordered, nor ever received. It was a nightmare trying to get in touch with anybody, and I finally connected with a guy with an accent, who told me to E-mail the billing service re. my problem. I wrote them tried to call , its been a week, and they still won’t contact me to clarify what occured. I printed off a purchase order from them when I bought the XP which verifies what I received. Anybody know what state their in, I’ll notify the states attorneys office . These people are crooks.

By: B. Beesten on June 7, 2008
at 8:28 pm

What do you do if you were dupped into buying the XP Antivirus software? Should I take any precautions such as canceling credit card and/or email passwords etc.? Is my home edition of avast! 4.8 antivirus enough to keep me safe from bogus and/or rogue software???? Please help…my computer is my life! Thank you.

By: R on June 8, 2008
at 4:44 am

I managed to get this cleaned off someones laptop. Whilst I’m satisfied that its removed, theres is one thing that I cant put back in order. Under ‘my computer’, the c: and d: drives are not listed. How can I get them to list again??

By: Pat on June 9, 2008
at 9:03 am

[...] an unsafe product. The message here is: do not click on unsolicited invitations to download sohttp://billmullins.wordpress.com/2008/06/01/xp-antivirus-lies-fake-anti-malware-software/BitDefender Leads the Pack in Rootkit Detection Enterprise Security TodayMOUNTAIN VIEW, CA, May 27, [...]

By: antivirus 2008 remove on June 11, 2008
at 9:42 pm

[...] warnings discussed earlier. To really try your patience, this rogue security software cannot be unihttp://billmullins.wordpress.com/2008/06/01/xp-antivirus-lies-fake-anti-malware-software/Protector Plus 2008 antivirus software for Windows XP, Windows NT …Protector Plus 2008 antivirus [...]

By: antivirus for windows me on June 12, 2008
at 1:40 pm

Thanks Bill! I have that stupid XP program. I’m going to download a protection program now! Thanks!

By: Brett on June 13, 2008
at 3:17 pm

I was exhorted into buying winspywareprotect. Just as you say, pop-up windows showed critical threats to my computer and the only way out was to buy winspywareprotect for $93. I could not get to any webpage requiring a sign-on; winspywareprotect would issue a warning disguised as, ie - yahoo.com; under the source I found winspywareprotect. Unfortunately for them one of their dll’s is missing and I don’t think their garbage is running on my machine. I intend to contest to Bank of America to get my $93 back. I feel like I was exhorted by the mafia into paying protection money only to find out I’ll be exhorted from now on.

Any ideas for discussions with Bank of America? They already closed my credit card when I called to contest the charge.

By: June on June 18, 2008
at 3:01 pm

Got me too. Stopped Defender from running… I am using Avast! and things are all better :)

My suggestion for those that paid and getting no response. Call your credit card company and decline the charge. Forget trying to work directly with the company. They installed Malware on your computer…. do you really think they will ever refund your money? Call your credit card company and decline the charge. They must remove it.

By: TFB on June 22, 2008
at 2:37 pm

Thanks for the post. I just recently got tangled up in this XP Virus and I am using the suggestions you gave above.

If there is anyone who has removed the virus and has restored their computer to normal, please tell me how you did it.

I can’t find my C: drive and my time and date stamp read “06:45 VIRUS ALERT!”.

Please help :-(

By: kxdixon on June 24, 2008
at 5:46 am

Oh, I almost forgot, the XP Antivirus 2008 Virus also hid all my programs on the start menu.

I’ve never seen anything like that before.

Thanks to anyone who has some experience in solving this problem.

By: kxdixon on June 24, 2008
at 5:52 am

I can conclude that XP antivirus is constantly improved to make it more immune to conventional security software suites. Yesterday I helped out a guy whose PC was infected with this scam, and even though he scanned it in Safe Mode with half a dozen of antivirus programs, the malware was still there! McAfee, Lavasoft, Spybot - all of them failed the fight with XP antivirus. It seems that manual removal is the most effective way to get rid of it.

By: AntivirusExpert on June 24, 2008
at 2:59 pm

Hello. First I have just come across your site and would like to tell you how much I really appreciate it. There is so much information here that I wasn’t aware of. My problem is this: A friend of mine told me her computer was not working properly and she wanted me take a look at it. I found she has XP Antivirus 2008 on it and I just can’t seem to get rid of it. Please tell me which, in any, software programs could help me get rid of this ugly parasite. Many thanks

By: James Johnson on June 25, 2008
at 9:25 am

It’d be nice if you could track these people down and shoot them.

By: Matt on June 25, 2008
at 10:30 am

another infection here, I’m just going to reload the whole machine…. windows defender… what a piece of garbage

By: Joe on June 25, 2008
at 12:11 pm

[...] beberapa link, seperti Bill Mullins, juga yang ini, dan ini. Virus ini bekerja dengan menyusup melalui security-hole browser, nah [...]

By: XP Antivirus 2008 - Social Engineering at Wahyu Mahardian on June 26, 2008
at 3:45 am

[...] beberapa link, seperti Bill Mullins, juga yang ini, dan ini. Virus ini bekerja dengan menyusup melalui security-hole browser, nah [...]

By: XP Antivirus 2008 / Antivirus XP 2008 - Social Engineering at Wahyu Mahardian on June 26, 2008
at 5:15 am

ii honestly don’t know what some people do to get so many viruses. i download a crap load of programs and torrents everyday without any anti anything and have yet gotten anything.

You cant blame the people who make this stuff for your actions, they cant put this on your comp without your permission.

pay attention people to what you do online.

By: Eric Hamby on June 26, 2008
at 8:22 am

[...] XP Antivirus Lies! - Fake Anti-malware Software [image] There seems to be an epidemic of rogue security software on the Internet at the moment; much of it using social [...] [...]

By: Top Posts « WordPress.com on June 26, 2008
at 7:10 pm

[...] beberapa link, seperti Bill Mullins, juga yang ini, ini, dan ini. Virus ini bekerja dengan menyusup melalui security-hole browser, nah [...]

By: XP Antivirus 2008 / Antivirus XP 2008 - Social Engineering at Wahyu Mahardian on June 27, 2008
at 2:11 am

For those averse to the manual method of removal, please try this uninstall program which completely eliminated the infection for me . Go to http://www.revouninstaller.com and download their software. Follow the instructions carefully and you should have no problem. For uninstalling Antivirus XP 2008 , I suggest you use advanced mode option which will track for all entries created by this malware in registry , files and folders and whatever bits and pieces left behind.

Personally, I find this software to be the finest in uninstalling downloaded programs. Try it and give a post on the results.

By: Bharat Menon on June 29, 2008
at 11:10 am

I DELETED program files “ISecurity” and got rid of 90% of the pop ups and alerts after rebooting. But it has messed up visibility of C drive and SETTINGS visibility ans I’ve still got VIRUS ALERT! by my time on taskbar and on all my files and emails. Anyone know how to get rid of this last part? Ken

By: ken waller on July 2, 2008
at 4:42 pm

this did the job

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

put directorys back and got rid of VIRUS ALERT! message

By: ken waller on July 2, 2008
at 6:09 pm

Its sound like this thing is getting nastier i my case. I can’t do a system restore, it hid my programs on my start menu, my C drive access is gone, it doesn’t work to go to Add and remove programs Now for the kicker I can’t even get to my Start–>Run to manually get rid of this thing. What else can I do I am to the point of wiping the hole thing. Please help

By: Travis on July 5, 2008
at 5:04 am

Thanks so much for this most helpful website. I am a bit of an ignoramus about these things but I think I have got rid of the bloody thing, using the Smitfraud.exe recommended by Ken Waller. My appreciation to you.

FYI my bank in the UK has refused to take action, but I think I am going to write and complain to their Head office. They have had loads of requests for help, so much that they gav e me a number in the US to try.

By: lady who lunches on July 7, 2008
at 1:53 am

Bill,

Thank you for the excellent article. I spent a good part of last Saturday afternoon helping a friend rid himself of Antivirus 2008, which required deleting a passel of files and eventually recovering the operating system on his computer.

I am forwarding your article to him for future reference.

R

By: RB on July 7, 2008
at 11:42 am

Thank you so much for the great responses and the free downloads to fix my comp. With out stumbling into here I don’t think I could have fixed my problems. I still have one problem, even after using http://siri.urz.free.fr/Fix/SmitfraudFix.exe I can’t get my properties back to normal or my background picture if anyone has any ideas let me know please :(

By: Calen on July 8, 2008
at 10:32 am

Never mind my last post, It did fix the problem, Again thanks Ken Waller and bill mullins for all the help you have given.

By: Calen on July 8, 2008
at 10:34 am

After working all day I came home to see that my comp is still infected, and has downloaded something called malware 2008 since I had deleted the antivirus 2008 earlier today. Is there any way to remove this stuff, and to hold those who create it responsible for their actions lawfully?

By: Calen on July 8, 2008
at 11:39 pm

I gave a long search on this topic and found another free malware removal program and found Malwarebytes’ its also freeware and it finished off what was left on my system of antivirus 2008 and malware 2008 unfortuneatly I lost the link to the program but a quick google search should bring it up for anyone still haveing problems.

By: Calen on July 9, 2008
at 12:20 am

Hi, I just saw this site because i installed this stupid fake security system even though I had a real security software. Since then, some virus warning comes up over and over again. Also, on internet, the security site suddenly comes up on the window and goes into the adult site.

Seriously, if anyone know how to solve this problem, I’d appriciate you will tell me about it. Otherwise, I don’t know how to stop this!1

By: Yousuke on July 11, 2008
at 9:30 pm

I was looking to purchase a copy of Nero 8 and found a ‘free trial’ which I downloaded - not from the Nero site stupidly and I AM kicking myself. Anyway, it came with XP Antivirus 2008. I’ve downloaded Spyware Terminator which found some files but it can’t delete everything. Even Kaspersky finds certain files and won’t delete them. I ran Spyware Terminatore in ‘Safe Mode’. Now, I have re-booted and I’m not getting an option for ’safe mode’. Has this virus been created to be intelligent enough to track what you are trying to do in order to get rid of it and then counteract what you try (ie stopping the safe mode option?).

damn, I’m pretty savvy when it comes to computers but this one has got me!

any help???

By: Christian Francis on July 15, 2008
at 4:11 pm

I would suggest a system restore to a point before you installed the program as the easiest solution first. (THEN run the virus scan). Failing that, do a google search for xp antivirus 2008 removal and follow the steps.

By: Quickclay on August 11, 2008
at 11:13 am

The only way I was able to really effectively remove it required a second computer, a router, and about 3 hours. It’s a little involved, but this method has been used to completely eradicate even the most stubborn viruses. I call it the “Global Thermonuclear Option”:

1) On a good computer, download the Knoppix CD version and burn it onto CD.
2) Shutdown the bad computer the “right” way (start / shutdown / shutdown computer).
3) Start the bad computer with the Knoppix CD.
4) While waiting on the computer to start, go to the good computer, and make sure the virus scanner on it is up to date (if it doesn’t have one, use Avast from http://www.avast.com ). Be aware that there is a malware site called www-avast.com (note the dash rather than the dot), so make sure you’re at the right one.
5) Connect both your computers into your router. It is possible to do this wirelessly, but it will be slower.
6) On the infected computer, open up all the Hard drives by double-clicking on them from the desktop in Knoppix. Close the windows that open up, then right-click on each of the hard drives and click on “Change Read/Write mode”. When knoppix asks if you want to make each drive writable, click on “yes”.
7) While still on the infected computer, go to the “K” icon (lower left), then “KNOPPIX”, then “Services”, then click on “Start Samba Server”.
7) If it asks to set a password for the knoppix user, use something simple like “knoppix123″ — this is not a permanent username being created — after you reboot the bad computer, this will all be gone.
8) when it says “export all harddrives…”, click on “Yes”.
9) On the good computer, go to Start, then Run, then type \\KNOPPIX and hit ENTER.
10) The computer will ask for a name and password. Use “knoppix” as the username, and then the password you set up in step 7.
11) For any share that looks like “hda1″, “sda1″, “hdb1″, “hda2″, etc. (starts with hd, then a letter, then a number, or “sd”, then a letter, then a number), right-click on it, then click on “Map Network Drive”. Windows will assign a drive letter for you, you just need to click “Finish”.
12) Start your virus scanner and tell it to scan the remote drives. In this case, we’ll assume you use Avast, and that the network drive . you’re trying to scan are Z: and Y:. You would open Avast, then click on “Folder Selection” on the right in the middle (looks like a folder icon), then check the boxes for Y: and Z: (or all the network drives). You’ll be able to tell which ones are network drives because they identify themselves as “knoppix”. Click “OK”, then the “play” icon from avast, which will start the scan. Check the instructions on how to use your virus scanner program for more details. Essentially, you want to scan archives, and you want the scan to be as thorough as possible.
13) After the virus scan is done, download the installer for Avast on the good computer, and copy it to the previously infected computer, in the root directory. If the computer has as more than one hard drive, copy it to all the hard drives, if it will fit.
13) Close avast on the good computer, then go to the “My Computer” icon and disconnect the network drives that you just scanned.
14) Go to the previously infected computer, click on the “K” icon, then “Log out”, then “shut down”. Follow the instructions on removing the CD-ROM, and reboot the computer into safe mode.
15) As soon as the previously infected computer starts, go to Start, then Run, and type “C:\Setupeng.exe” (or whatever the filename of the avast installer was). Allow avast to install. It is not necessary to run a boot-time scan, as you’ve essentially just done that over the network. Reboot the computer into normal Windows.
16) The previously infected computer will have no trace of the viruses that Avast found and deleted during the network scan.

By: Steven Falken on August 13, 2008
at 1:08 pm

Leave a response






Your response:

Categories