Courtesy of Panda Security: This week’s PandaLabs report looks at Personal Protector fake antivirus, and the Autoit.HW and Autorun.JOE worms.
Removal help for Personal Protector fake antivirus follows later in this article.
Personal Protector, is a fake antivirus (a type of adware). As with all such malware, it simulates a scan of the computer and claims to detect a series of threats, which is completely untrue. It then offers users the option of eliminating the (non-existent) malware, using a pay version of the fake antivirus.
Once again, the aim of the cyber-crooks is to profit financially from this fraudulent application. Every time users try to remove the malware, supposedly detected on their system, or update components of the application, they will be asked for a payment.
Autoit.HW is a worm that spreads through spoof Web pages and emails which trick users into installing the malware on their computers. It can also spread through removable USB drives. In this case, it takes advantage of the autoplay feature of removable drives to execute even if users have not run the executable file.
Once the computer has been infected with this malware, it disables the
task manager, so that users cannot see active processes on the system. The worm does this in order to hide itself.
With the same aim, it also disables the Windows Registry editor and folder options, so that users cannot change the option to see hidden files, or file extensions.
Autorun.JOE is another worm which, like the previous one, spreads via
email and removable drives. After infecting a computer, it takes the
following malicious actions:
- Disables the task manager
- Disables Windows Registry management tools
- Disables the option to view hidden files.
- Disables the option to view hidden system files.
Personal Protector Removal Instructions:
If you have become infected by Personal Protector, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.
If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.
The following free resources can provide tools and the advice you will need to attempt removal.
Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.
411 Spyware – a site that specializes in malware removal. I highly recommend this site.
Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.
SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.
What you can do to reduce the chances of infecting your system with rogue, or malicious, software.
Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.
Do not click on unsolicited invitations to download software of any kind.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.