Nightmare Scareware – Be Prepared

Scareware, otherwise known as “rogue security software”, is the stuff of nightmares.

Scareware is a particularly vicious form of malware, designed specifically to convince the victim to pay for the “full” version of an application in order to remove what are, in fact, false positives that these program are designed to display on the infected computer in various ways; fake scan results, pop-ups and system tray notifications.

Delivery methods used by these parasites include Trojans, infected websites, misleading advertisements, and Internet Browser security holes. They can also be downloaded voluntarily, from rogue security software websites, and from “adult” websites. As one of my friends put it “It’s easy to be bitten by a dog like that”.

The average computer user that I speak with informally, has no idea that rogue applications exist. But they do, and cyber crooks are continuing to develop and distribute scareware at a furious pace; there are literally thousands of variants of this type of malware currently circulating on the Internet. It’s fair to say; distribution has now reached virtual epidemic proportions.

One of my Internet friends runs a specialized site, 411 Spyware , that deals specifically with malware removal advice, and virtually every day, she posts an article on a newly discovered scareware application.

Scareware is designed to continue to load on boot up, and will then generate its fake or false malware detection warnings. Even if the victim is tricked into paying for the “full” version, scareware will continue to run as a background process, incessantly reporting those fake or false malware detection warnings we talked about earlier. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.

While it’s true that reputable anti-spyware software is often capable of detecting rogue software if it attempts to install, this is not always the case. Anti-malware programs that rely on a definition database can frequently be behind the curve in recognizing the newest threats.

It’s all about the money:

So how much money is involved here? Lots – according to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly through scareware attacks.

At a personal level, I have heard some horrendous stories from readers where the common thread has been the debiting of their credit cards, multiple times, by the cyber-criminals responsible for the distribution of scareware.

What can you do to ensure you are protected, or to reduce the chances you will become a victim?

Consider the ramifications carefully before responding to a Windows Security Alert pop-up message. This is a favorite vehicle used by rogue security application to begin the process of infecting unwary users’ computers.

Be cautious in downloading freeware, or shareware programs. Spyware, including scareware, is occasionally concealed in these programs. Download freeware applications only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications, since exposure to rogue security applications is widespread.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on, that offers substantial protection against dangerous websites.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Ghost Antivirus, TwittWorm.A, Sinowal.WTF – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at a worm, a Trojan and a new fake antivirus.

Further on in this article, you’ll find instructions for removing Ghost Antivirus.

TwittWorm.A:

TwittWorm.A is a worm that uses Twitter and Messenger in order to spread, sending a malicious message to all contacts of the infected user.

These messages appeal to the curiosity of users, with subjects such as “I just got a piercing and you’ll never guess where! Take a look at the photo. 😉  ” or “You’re going to be mad at me for sending you this photo, but you NEED to see it :3”.

The worm edits the registry so the system cannot be restored or started in safe mode. It also makes a series of changes to the host file to prevent users from accessing certain Web pages, particularly those related to antivirus companies.

Another feature is; it prevents the running of certain programs for viewing active processes, or monitoring network traffic. Twittworm.A also spreads through USB devices, creating an autorun.inf to automatically infect computers on connection. To protect these types of devices, Panda Security has launched Panda USB Vaccine, which can be downloaded free.

Sinowal.WTF:

Sinowal.WTF is a keylogger Trojan, designed to capture keystrokes with an aim to stealing passwords and other information from infected systems. This Trojan reaches computers through an email claiming to have been sent from MySpace.

The message warns victims about a change to the user’s password and contains a .zip file attachment which supposedly contains the new password. The attached file, once extracted, has an Excel icon, but is really malware. When run, the system is infected and the icon disappears.

Ghost Antivirus:

Ghost Antivirus is a new strain of fake antivirus. As with other malware of this kind, it tries to fool users by displaying false infections, remote connections and vulnerabilities that do not exist.

If users fall for the trap, they are directed to a screen where their credit card details are requested to carry out the transaction.

This way, as well as obtaining money for a service that will never be provided,
cyber-crooks steal users’ credit card details.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

The computer security software industry has formed an organization called the Common Computing Security Standards Forum, to combat the rise of Rogue Anti-Virus. Among other things, it publishes a list of legitimate Computer Security Software Companies.

The following free resources, can provide tools and the advice you will need to attempt removal of Ghost Antivirus .

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Live Pc Care, Desktop Defender 2010, APcDefender Fake Antiviruses – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at three fake antiviruses: Live PC Care, Desktop Defender 2010 and APcDefender.

Live PC Care:

As usual with these malicious codes, first it carries out a fake scan of the infected user’s computer, and then claims the system is infected. It asks the user to purchase a license (of a fake antivirus), at a very attractive price to resolve this issue.

If users purchase it, they will have paid for fraudulent software. This fake antivirus stands out because of the way it spreads, as it uses Black Hat SEO techniques, exploiting the launch of Google’s Nexus One phone, and the Haiti earthquake. Thanks to these techniques, it manages to include malicious malware-downloading links in search engines’ top results.

Desktop Defender 2010:

Desktop Defender 2010 also makes users believe their computers are
infected, and prompts users to purchase the product.

APcDefender:

Finally, APcDefender uses the same techniques. It is a fake antivirus program that falsely informs users they have dangerous software on their computer.

It tries to fool users by offering them its own anti-malware solution to solve the
problems it claims to have detected, and invites them to purchase the software using their credit cards.  This way, in addition to stealing users’ money, it also obtains their credit card details.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

The computer security software industry has formed an organization called the Common Computing Security Standards Forum, to combat the rise of Rogue Anti-Virus. Among other things, it publishes a list of legitimate Computer Security Software Companies.

The following free resources can provide tools and the advice you will need to attempt removal of these parasites.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

PC Live Guard and GreatDefender – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at two fake antiviruses: PC Live Guard, and GreatDefender.

This type of malware passes itself off as legitimate software applications in order to steal users’ money, by tricking them into believing that they will eliminate threats on their computers.

PC Live Guard’s icon resembles a legitimate antivirus icon. When run, a typical screen is displayed, asking users if they want to scan their PCs.

Regardless of whether users accept or not, it will indicate their computer is infected. Here is the image that will be displayed if users scan their PC

If users do not scan their PC with the fake antivirus, infection warnings are still displayed to scare them into purchasing the product.

GreatDefender is a fake antivirus which informs about potentially dangerous software on the computer, due to it not being correctly protected. It tries to get users to pay with their credit cards in order to install the solution.

The objective of the antivirus is to collect personal and bank details provided by users on purchasing it. As this type of malware cannot reproduce itself, it requires user interaction to infect the PC. To do so, it uses its own websites on which it is advertised as one of the best anti-spyware solutions in the market.

When users access the website, they are given the option to download the antivirus, but when they try, the trial version is unavailable and they are redirected to the pay version.

The installation process is similar to that of any antivirus, allowing users to select the language and location of the files. Once the installation ends, the fake antivirus carries out a full system scan.

It then falsely ensures users that their computers are free from any infections. To make users believe they are protected, an icon is displayed in the Windows desktop, the quick taskbar and the Windows start menu, to make it look as authentic as possible.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

GreatDefender and PC Live Guard removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Safety Antispyware and Internet Security 2010 – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at two new fake antiviruses and a Trojan.

Safety Antispyware and Internet Security 2010 are malicious programs that try to pass themselves off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate threats that actually do not exist.

Safety Antispyware: Safety Antispyware tricks users by warning them their computers are infected by (non-existent) threats, prompting them to buy a program to remove them.

This program can be downloaded from the vendor’s site. The link can also reach users through spam messages, fraudulent Web pages, etc. The fake antivirus shows an icon similar to that of real antivirus programs. Once installed, the program interface opens and runs a full system scan looking for malware.

Then, it shows a series of messages prompting the targeted user to buy the product. If the user decides to follow the program instructions to get rid of the
‘threats’, they will be asked to enter an activation code and be redirected to a website to buy the product.

Internet Security 2010: Once run, Internet Security 2010 scans the computer for malware. However, this is a fake scan that always reports that the computer is infected. Then, it offers users the possibility of disinfecting the computer.

As the fake antivirus version is supposedly a trial version, users are first requested to buy the antivirus license. To this end, the malware opens the user’s Internet browser on the fake antivirus purchase page.

To reassure users that the purchase is safe and the antivirus is legitimate, it shows certificates of authenticity and claims to have been tested by McAfee. It even offers the antivirus license for a long time, apparently at a good price.

If the user decides not to purchase the antivirus, it will keep running and displaying warnings about the threats the user is exposed to if they remain infected and do not update the antivirus. These warnings are displayed in two ways: through warnings on the toolbar or on-screen pop-up messages.

For more information about this type of malware read “The Business of Rogueware“, a report on fake antivirus programs written by Luis Corrons and Sean-Paul Correll, PandaLabs researchers.

Banker.MAI: Banker.MAI is banker malware aimed at stealing banking data, credentials and/or credit card details when users try to log in to their online banking services.

This malware goes memory resident and does not show any symptoms that warn of its presence on the affected computer. The malware works in the background, waiting to be run, and send or receive data.

Banker.MAI arrives as a self-extracting RAR file attached to an email message, usually with the subject “Comprovante Deposito-29092009”. This email message appears to come from a legitimate banking institution, and asks the user to open the attached file to enter some necessary data. If the user opens the file they will become infected. The malware creator is notified via email whenever a computer is successfully infected.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

Safety Antispyware and Internet Security 2010 removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

AntiTroy Fake Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at a new fake antivirus and two Trojans.

Removal help for AntiTroy fake antivirus, follows later in this article.

AntiTroy is a new fake antivirus. This type of malware passes itself off as legitimate security applications in order to steal users’ money, by tricking them into believing that they will eliminate threats – that in reality do not exist.

As soon as AntiTroy is installed, a warning is displayed, indicating the
computer is in danger. It then simulates a system scan reporting a series of infections to scare users into buying the fake  antivirus solution.

When the scan ends, AntiTroy displays a window offering a solution which requires activating the fake antivirus. However, to activate the product, users must pay a fee to the supposed anti-malware vendor.

After this, users receive a code they must enter in the program. Once they do this, the malicious code stops displaying warnings about threats. This aims to
make users believe they have actually bought an antivirus product, whereas, in reality no infection has been removed and users are no more protected than they were before.

Apart from paying for a non-existing solution, the bank details entered could be stolen by cyber-crooks.

Banbra.GMH is a banker Trojan. It is usually inserted in an email that claims to contain photos of a party.

On downloading, the supposed photo, a file called “convite.zip” is downloaded, which contains an executable with the same name.

When run, it simulates an error claiming the program to view the photo must be closed, and it then stops running. Before doing so however, it releases another executable and a DLL.

This second executable will be started in each user session and will register the DLL as an Internet Explorer plug-in, creating two files from which it collects  bank details entered by the user in the browser, to be sent to cyber-crooks later on.

Finally, Kates.D is a Trojan that modifies the Windows settings. It blocks access to websites, redirecting users to another site and monitors network traffic. Additionally, it searches for and ends processes related to antiviruses and computer security programs.

Kates.D is difficult to recognize, as it does not display any messages, or warnings, that indicate it has infected the computer.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

AntiTroy Removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Infected by Scareware? Get Your Wallet Out!

Downloading Fake/Rogue Software Hurt$

Scareware, rogue software, destroyware, call it what you will – if you become infected, you are in for a frustrating, time consuming, and in many cases, an expensive experience.

There are literally thousands of these applications currently in the wild blue, just waiting for the unaware computer user to fall into the trap. It’s such a lucrative business for cybercriminals, that we are now dealing with a virtual epidemic of this type of malware.

Most of these rogue application  use social engineering to convince users’ to download this type of unsafe application, and let’s face it – a dialogue box that states “WARNING! Your computer is infected with spyware! – Click here to remove it!”, is a powerful motivator for many unaware computer users. But here’s the catch – clicking on the OK button starts an infection process by rogue security software. It’s as simple as that!

After installation, false positives; fake or false malware detection warnings in a computer scan, and the promise to remove them, is the primary method used to convince the unlucky victim to purchase the product.

It’s a scam of course; but to make matters worst, the installation of rogue security software frequently leads to a critically disabled PC, or in the worst case scenario, allows hackers access to important personal and financial information.

An example of a rogue security application getting ready to pounce.

If you become infected by scareware then get your money out. Your wallet is going to take a hit – maybe two.

The following factual stories, brought to my attention by the very people who have been victimized, will point out the frustration, and the expense, of having to deal with a rogue software infection.

Victim #1 – “What do you do if you were duped into buying the XP Antivirus software? Should I take any precautions such as canceling credit card and/or email passwords etc.? Is my home edition of avast! 4.8 Antivirus enough to keep me safe from bogus and/or rogue software???? Please help…my computer is my life! Thank you”.

Victim #2 – “Unfortunately I fell for the “virus attack” after trying to remove it, gave in and bought the XPAntivirus. They charged me not only for what I had bought but charged me again, $ 78.83 for something which I hadn’t ordered, nor ever received.

It was a nightmare trying to get in touch with anybody, and I finally connected with a guy with an accent, who told me to E-mail the billing service re: my problem. I wrote them tried to call, it’s been a week, and they still won’t contact me to clarify what occurred. I printed off a purchase order from them when I bought the XP which verifies what I received.

Anybody know what state their in, I’ll notify the states attorneys office. These people are crooks”.

Having watched the development and deployment of scareware over the last two years, and having noted the increasing sophistication of the current crop of scareware applications, I have reluctantly come to the conclusion that scareware removal instructions have limited value, except perhaps, for the most technically sophisticated computer user.

The best advice? Have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage.

However, if you have become infected by scareware, and you want to try your hand at removal, then by all means give it a try. There are literally hundreds of sites that will walk you through the process of attempting to eliminate this type of scourge, but the following sites are among the best I’ve found, at providing the tools, and the advice, you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix – available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

The following recommendations are repeated (particularly for new or inexperienced users), on what steps can be taken to reduce the probability of having to deal with a rogue software infection.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Personal Protector Fake Antivirus, Autoit.HW and Autorun.JOE worms – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at Personal Protector fake antivirus, and the Autoit.HW and Autorun.JOE worms.

Removal help for Personal Protector fake antivirus follows later in this article.

Personal Protector, is a fake antivirus (a type of adware). As with all such malware, it simulates a scan of the computer and claims to detect a series of threats, which is completely untrue. It then offers users the option of eliminating the (non-existent) malware, using a pay version of the fake antivirus.

Once again, the aim of the cyber-crooks is to profit financially from this fraudulent application. Every time users try to remove the malware, supposedly detected on their system, or update components of the application, they will be asked for a payment.

Autoit.HW is a worm that spreads through spoof Web pages and emails which trick users into installing the malware on their computers. It can also spread through removable USB drives. In this case, it takes advantage of the autoplay feature of removable drives to execute even if users have not run the executable file.

Once the computer has been infected with this malware, it disables the
task manager, so that users cannot see active processes on the system. The worm does this in order to hide itself.

With the same aim, it also disables the Windows Registry editor and folder options, so that users cannot change the option to see hidden files, or file extensions.

Autorun.JOE is another worm which, like the previous one, spreads via
email and removable drives. After infecting a computer, it takes the
following malicious actions:

– Disables the task manager
– Disables Windows Registry management tools
– Disables the option to view hidden files.
– Disables the option to view hidden system files.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

Personal Protector Removal Instructions:

If you have become infected by Personal Protector, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

AntiAID and Control Center Fake Antiviruses – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at AntiAID and ControlCenter fake antiviruses.

Removal help for both these nasties follows later in this article.

AntiAID is a fake antivirus which when installed on a computer displays a screen comprising several tabs for configuring the protection level, updates, small tools, etc. This malware first simulates a scan of the computer, falsely claiming to detect various examples of malware.

When the scan is finished, a screen appears displaying the results and a warning about the risks of the threats it has supposedly detected. To delete these ‘threats’ users are asked to enter a registration code, and a browser window opens with the page through which users can pay for this code.

Once again, the aim of cyber-crooks is none other than to profit financially from this fraudulent application. Every time users try to remove the malware supposedly detected on their systems, or update components of the application, they will be asked for a payment.

Another fake antivirus, Control Center, operates in a similar fashion. It
fakes a scan of the system and claims to have detected (non-existent)
malware. It then asks for payment in order to remove the ‘malware’.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

AntiAID and Control Center Removal Instructions:

If you have become infected by AntiAID, Control Center, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site. AntiAID removal, click here. Control Center removal, click here.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Scareware? Maybe (Destroyware? Definitely)

So, you picked up a “scareware” infection. Should you, as the name implies, be “scared”? In my experience, scared doesn’t really cut it, nor does shocked, or alarmed. No, horrified is perhaps the best way to describe that sinking feeing that occurs following a scareware infection. You’ll see why.

While it may be true that this type of malware, otherwise known as “rogue security software”, is scary, it is so much more than that. A more accurate name for this parasitic infectious software is “destroyware”, since the effect it has on a victim’s system is just that.

Rogue security software can write itself into multiple parts of the operating system, and in many cases it can hide its files, registry entries, running process and services, making the infection virtually impossible to find and remove without causing operating system damage.

Once infected by this type of malware, the chances of a safe system recovery are essentially non-existent. The installation of such malware invariable leads to a critically disabled PC. A reformat and a system re-install, are more than likely in the cards. (A good reason to have multiple partitions on your Hard Drive).

Yes, I know, there are literally hundreds of sites that will walk you through the process of attempting to eliminate this type of scourge, but simply put – if your computer becomes infected with the current scareware circulating on the Internet, you are, in most cases, wasting your time attempting to save your system.

If you doubt this, take a look at “My scareware night and how McAfee lost a customer”, in which the author (Larry Dignan of ZDNet), describes a system recovery attempt which was ultimately successful, but…..

The best advice? Have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage.

If you have become infected by scareware (rogue software), and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix – available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

When surfing the web: Stop. Think. Click

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all email attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.