Courtesy of Panda Security.
PandaLabs’ report this week focuses on two banker Trojans and a fake antivirus.
This week, Panda Security takes a look at AntivirusPro 2010. Once the user is infected with this malware a warning appears informing the user that the computer is infected.
Soon after, a false scan is run.
The scan results claim that the PC is full of malware, and frequent pop-ups are
displayed. This fake antivirus tries to get users to register and for what it
claims is an ‘antivirus service’.
Since this antivirus is a fake antivirus, users end up paying for a product that does not exist, as well as revealing their bank details to cyber-crooks.
Removal help for this nasty is further on in this article.
Trj/Nabload.DNU is a banker Trojan designed to download several Trojans that steal the bank details entered by users on their systems. When the file is run, an image is displayed on the screen, so users do not see the malware being downloaded.
While a video related to the image is displayed on the screen, the Trojan attempts to download the other banker malware from a URL.
Banker Trojan, Trj/SilentBanker.D, modifies users’ bank transfer details, so that cyber-crooks receive the transfer instead of the intended recipient.
When being run, it is deletes itself and it appears that there have been no modifications to the system. It does not display messages or infection warnings on the computer. Once the computer is infected, it connects to several Windows APIs and uses them to fulfill its designed purpose.
While the Trojan intercepts bank transfers and modifies the details, users are displayed a false Web page that resembles the original, with the details they have entered. On confirming the operation, users are unwittingly sending the money to the cyber-crook’s account.
AntivirusPro 2010 Removal:
If you have become infected by AntivirusPro 2010, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.
If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.
The following free resources can provide tools and the advice you will need to attempt removal.
Click here to download free SUPERAntiSpyware to remove AntiVirusPro 2010.
Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.
411 Spyware – a site that specializes in malware removal. I highly recommend this site.
Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.
SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.
What you can do to reduce the chances of infecting your system with rogue software.
Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.
Do not click on unsolicited invitations to download software of any kind.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.