Courtesy of Panda Security.
This week’s PandaLabs report looks at the SmartVirusEliminator adware, and the MSNWorm.GU worm.
The SmartVirusEliminator adware displays the following window while being downloaded.
Then, once it is downloaded and installed, it opens a window similar to the Windows security window.
This adware tries to pass itself off as a legitimate antivirus. To do so, it scans the computer and displays fake warnings to convince users they are infected. To disinfect the computer from the threats “detected” by the fake antivirus, users must purchase it by providing their bank details, which is the malware’s ultimate objective.
The MSNWorm.GU worm uses the popular MSN Messenger application to spread. It infects systems silently without any visible symptoms. However, a characteristic icon is displayed.
MSNWorm.GU worm modifies the Windows registry so that it launches on every system start-up, and goes memory resident. It also copies itself to C:\WINDOWS\system32\wupdate.exe.
While users chat through an instant messaging application (e.g. MSN Messenger), they receive a message from one of their contacts (which doesn’t raise suspicion), with a link to download a file. If the user clicks the link, the worm installs on the system and the infection begins.
First, the worm connects to a server to check whether there are any up-to-date versions of itself which will then be downloaded to the computer. If there are not, it makes a copy of itself in the system path.
It then creates a series of traces to this copy, or to the updated version of itself. One of the traces aims at ensuring the worm is launched on every system start-up.
The worm has bot features, which allows it to open a connection to communicate with its creator waiting for commands. Finally, the file stays memory resident, awaiting a new connection to another instant messaging application in order to spread.
More information about these and other malicious codes is available in the Panda Security Encyclopedia.
If you become infected by this, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.
If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.
The following free resources can provide tools and the advice you will need to attempt removal.
Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.
411 Spyware – a site that specializes in malware removal. I highly recommend this site.
Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.
SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.
What you can do to reduce the chances of infecting your system with rogue software.
Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.
Do not click on unsolicited invitations to download software of any kind.
Additional precautions you can take to protect your computer system:
When surfing the web: Stop. Think. Click
Don’t open unknown email attachments
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable scripting features in email programs
Make regular backups of critical data
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on the computer.
Install a personal firewall on the computer.
Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure the anti-virus software scans all email attachments
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.