Rogue security software is software that uses malware, or malicious tools, to advertise or install itself. Unless you have had the bad experience of installing this type of malicious software, you may not be aware that such a class of software even exists. But it does.
Frequently, after installation on a system, an attempt is made to force users to pay for removal of nonexistent malware. Rogue software will often install and use a Trojan horse to download a trial version, or it will perform other actions on a machine that are detrimental including slowing down the computer drastically.
After installation of rogue security software, false positives; a fake or false malware detection warning in a computer scan, are the primary methods used to convince the unlucky user to purchase the product. After all, a dialogue box that states “WARNING! Your computer is infected with spyware! – Buy [XYZ] to remove it!” is a powerful motivator. Clicking on the OK button takes the user to the product download site.
Advanced XP Fixer (a clone of WinIFixer), is rogue anti-spyware software from Bakasoftware (Bakasoftware.com), which also operates under the name Pandora Software, that tricks users into installing the program and attempts to convince the user that the computer has been infected. Reportedly, Advanced XP Fixer can also be installed through Internet browser exploits, or by means of the Zlob or Vundo.Trojans.
When the program runs, a warning message appears indicating that the computer has been infected by malware. Subsequently, a screensaver launches which shows cockroaches eating the desktop.
As with all rogue security applications, Advanced XP Fixer was developed to mislead unaware computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application. If the full program fee is not paid, Advanced XP Fixer continues to display warning messages.
To complicate matters Advanced XP Fixer has the potential to reduce a computer’s performance by exploiting its resources, and may delete files and disable applications.
Generally, reputable anti-spyware software is capable of detecting rogue software if it attempts to install, or on a malware scan. But this is not always the case. Anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.
A good partial solution to this problem is to ensure you have installed, and are running, an anti-malware application such as ThreatFire 3, free from PC Tools. This type of program operates using heuristics, or behavioral analysis to identify newer threats.
As well, Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure. RogueRemover will safely remove a number of rogue security applications.
A further resource worth noting is the Bleeping Computer web site where help is available for many computer related problems, including the removal of rogue software.
There seems to be an epidemic of rogue security software on the Internet at the moment; much of it using social engineering to convince users’ to download an unsafe product. So you must be sure, that any security application you are considering installing on your computer is recognized as legitimate by industry experts. An excellent web site that will keep you in the loop, and advise you what products work and have a deserved reputation for quality performance, is Spyware Warrior.