Tag Archives: fake antivirus

Ghost Antivirus, TwittWorm.A, Sinowal.WTF – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at a worm, a Trojan and a new fake antivirus.

Further on in this article, you’ll find instructions for removing Ghost Antivirus.

TwittWorm.A:

TwittWorm.A is a worm that uses Twitter and Messenger in order to spread, sending a malicious message to all contacts of the infected user.

These messages appeal to the curiosity of users, with subjects such as “I just got a piercing and you’ll never guess where! Take a look at the photo. 😉  ” or “You’re going to be mad at me for sending you this photo, but you NEED to see it :3”.

The worm edits the registry so the system cannot be restored or started in safe mode. It also makes a series of changes to the host file to prevent users from accessing certain Web pages, particularly those related to antivirus companies.

Another feature is; it prevents the running of certain programs for viewing active processes, or monitoring network traffic. Twittworm.A also spreads through USB devices, creating an autorun.inf to automatically infect computers on connection. To protect these types of devices, Panda Security has launched Panda USB Vaccine, which can be downloaded free.

Sinowal.WTF:

Sinowal.WTF is a keylogger Trojan, designed to capture keystrokes with an aim to stealing passwords and other information from infected systems. This Trojan reaches computers through an email claiming to have been sent from MySpace.

image

The message warns victims about a change to the user’s password and contains a .zip file attachment which supposedly contains the new password. The attached file, once extracted, has an Excel icon, but is really malware. When run, the system is infected and the icon disappears.

Ghost Antivirus:

Ghost Antivirus is a new strain of fake antivirus. As with other malware of this kind, it tries to fool users by displaying false infections, remote connections and vulnerabilities that do not exist.

image

If users fall for the trap, they are directed to a screen where their credit card details are requested to carry out the transaction.

image

This way, as well as obtaining money for a service that will never be provided,
cyber-crooks steal users’ credit card details.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

The computer security software industry has formed an organization called the Common Computing Security Standards Forum, to combat the rise of Rogue Anti-Virus. Among other things, it publishes a list of legitimate Computer Security Software Companies.

The following free resources, can provide tools and the advice you will need to attempt removal of Ghost Antivirus .

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Free Anti-malware Software, Freeware, internet scams, Internet Security Alerts, Malware Advisories, Malware Removal, Panda Security, PandaLabs, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, Windows Tips and Tools, worms

Live Pc Care, Desktop Defender 2010, APcDefender Fake Antiviruses – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at three fake antiviruses: Live PC Care, Desktop Defender 2010 and APcDefender.

Live PC Care:

As usual with these malicious codes, first it carries out a fake scan of the infected user’s computer, and then claims the system is infected. It asks the user to purchase a license (of a fake antivirus), at a very attractive price to resolve this issue.

If users purchase it, they will have paid for fraudulent software. This fake antivirus stands out because of the way it spreads, as it uses Black Hat SEO techniques, exploiting the launch of Google’s Nexus One phone, and the Haiti earthquake. Thanks to these techniques, it manages to include malicious malware-downloading links in search engines’ top results.

image

image

Desktop Defender 2010:

Desktop Defender 2010 also makes users believe their computers are
infected, and prompts users to purchase the product.

image

APcDefender:

Finally, APcDefender uses the same techniques. It is a fake antivirus program that falsely informs users they have dangerous software on their computer.

image

It tries to fool users by offering them its own anti-malware solution to solve the
problems it claims to have detected, and invites them to purchase the software using their credit cards.  This way, in addition to stealing users’ money, it also obtains their credit card details.

image

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

The computer security software industry has formed an organization called the Common Computing Security Standards Forum, to combat the rise of Rogue Anti-Virus. Among other things, it publishes a list of legitimate Computer Security Software Companies.

The following free resources can provide tools and the advice you will need to attempt removal of these parasites.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, internet scams, Internet Security Alerts, Malware Reports, Manual Malware Removal, Panda Security, PandaLabs, Recommended Web Sites, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, Software, Windows Tips and Tools

PC Live Guard and GreatDefender – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at two fake antiviruses: PC Live Guard, and GreatDefender.

This type of malware passes itself off as legitimate software applications in order to steal users’ money, by tricking them into believing that they will eliminate threats on their computers.

PC Live Guard’s icon resembles a legitimate antivirus icon. When run, a typical screen is displayed, asking users if they want to scan their PCs.

image

Regardless of whether users accept or not, it will indicate their computer is infected. Here is the image that will be displayed if users scan their PC

image

If users do not scan their PC with the fake antivirus, infection warnings are still displayed to scare them into purchasing the product.

GreatDefender is a fake antivirus which informs about potentially dangerous software on the computer, due to it not being correctly protected. It tries to get users to pay with their credit cards in order to install the solution.

The objective of the antivirus is to collect personal and bank details provided by users on purchasing it. As this type of malware cannot reproduce itself, it requires user interaction to infect the PC. To do so, it uses its own websites on which it is advertised as one of the best anti-spyware solutions in the market.

image

When users access the website, they are given the option to download the antivirus, but when they try, the trial version is unavailable and they are redirected to the pay version.

The installation process is similar to that of any antivirus, allowing users to select the language and location of the files. Once the installation ends, the fake antivirus carries out a full system scan.

It then falsely ensures users that their computers are free from any infections. To make users believe they are protected, an icon is displayed in the Windows desktop, the quick taskbar and the Windows start menu, to make it look as authentic as possible.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

GreatDefender and PC Live Guard removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Firefox Add-ons, Free Security Programs, Freeware, Internet Explorer Add-ons, internet scams, Internet Security Alerts, Malware Advisories, Manual Malware Removal, Panda Security, PandaLabs, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, Software, Windows Tips and Tools, WOT (Web of Trust)

Safety Antispyware and Internet Security 2010 – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at two new fake antiviruses and a Trojan.

Safety Antispyware and Internet Security 2010 are malicious programs that try to pass themselves off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate threats that actually do not exist.

Safety Antispyware: Safety Antispyware tricks users by warning them their computers are infected by (non-existent) threats, prompting them to buy a program to remove them.

This program can be downloaded from the vendor’s site. The link can also reach users through spam messages, fraudulent Web pages, etc. The fake antivirus shows an icon similar to that of real antivirus programs. Once installed, the program interface opens and runs a full system scan looking for malware.

image

Then, it shows a series of messages prompting the targeted user to buy the product. If the user decides to follow the program instructions to get rid of the
‘threats’, they will be asked to enter an activation code and be redirected to a website to buy the product.

image

Internet Security 2010: Once run, Internet Security 2010 scans the computer for malware. However, this is a fake scan that always reports that the computer is infected. Then, it offers users the possibility of disinfecting the computer.

image

As the fake antivirus version is supposedly a trial version, users are first requested to buy the antivirus license. To this end, the malware opens the user’s Internet browser on the fake antivirus purchase page.

To reassure users that the purchase is safe and the antivirus is legitimate, it shows certificates of authenticity and claims to have been tested by McAfee. It even offers the antivirus license for a long time, apparently at a good price.

image

If the user decides not to purchase the antivirus, it will keep running and displaying warnings about the threats the user is exposed to if they remain infected and do not update the antivirus. These warnings are displayed in two ways: through warnings on the toolbar or on-screen pop-up messages.

For more information about this type of malware read “The Business of Rogueware“, a report on fake antivirus programs written by Luis Corrons and Sean-Paul Correll, PandaLabs researchers.

Banker.MAI: Banker.MAI is banker malware aimed at stealing banking data, credentials and/or credit card details when users try to log in to their online banking services.

This malware goes memory resident and does not show any symptoms that warn of its presence on the affected computer. The malware works in the background, waiting to be run, and send or receive data.

Banker.MAI arrives as a self-extracting RAR file attached to an email message, usually with the subject “Comprovante Deposito-29092009”. This email message appears to come from a legitimate banking institution, and asks the user to open the attached file to enter some necessary data. If the user opens the file they will become infected. The malware creator is notified via email whenever a computer is successfully infected.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

Safety Antispyware and Internet Security 2010 removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, email scams, Free Anti-malware Software, Freeware, Internet Security Alerts, Malware Advisories, Malware Removal, Manual Malware Removal, Panda Security, PandaLabs, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, Software, trojans, Windows Tips and Tools, WOT (Web of Trust)

AntiTroy Fake Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at a new fake antivirus and two Trojans.

Removal help for AntiTroy fake antivirus, follows later in this article.

AntiTroy is a new fake antivirus. This type of malware passes itself off as legitimate security applications in order to steal users’ money, by tricking them into believing that they will eliminate threats – that in reality do not exist.

image

As soon as AntiTroy is installed, a warning is displayed, indicating the
computer is in danger. It then simulates a system scan reporting a series of infections to scare users into buying the fake  antivirus solution.

When the scan ends, AntiTroy displays a window offering a solution which requires activating the fake antivirus. However, to activate the product, users must pay a fee to the supposed anti-malware vendor.

image

After this, users receive a code they must enter in the program. Once they do this, the malicious code stops displaying warnings about threats. This aims to
make users believe they have actually bought an antivirus product, whereas, in reality no infection has been removed and users are no more protected than they were before.

Apart from paying for a non-existing solution, the bank details entered could be stolen by cyber-crooks.

Banbra.GMH is a banker Trojan. It is usually inserted in an email that claims to contain photos of a party.

image

On downloading, the supposed photo, a file called “convite.zip” is downloaded, which contains an executable with the same name.

When run, it simulates an error claiming the program to view the photo must be closed, and it then stops running. Before doing so however, it releases another executable and a DLL.

This second executable will be started in each user session and will register the DLL as an Internet Explorer plug-in, creating two files from which it collects  bank details entered by the user in the browser, to be sent to cyber-crooks later on.

Finally, Kates.D is a Trojan that modifies the Windows settings. It blocks access to websites, redirecting users to another site and monitors network traffic. Additionally, it searches for and ends processes related to antiviruses and computer security programs.

Kates.D is difficult to recognize, as it does not display any messages, or warnings, that indicate it has infected the computer.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

AntiTroy Removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Anti-Malware Tools, Browser add-ons, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Firefox Add-ons, Free Anti-malware Software, Internet Explorer Add-ons, internet scams, Malware Advisories, Malware Removal, Manual Malware Removal, Panda Security, PandaLabs, Rogue Software, Rogue Software Removal Tips, Safari add-ons, scareware, Scareware Removal Tips, Software, trojans, Viruses, Windows Tips and Tools, WOT (Web of Trust)

Straight From PandaLabs – Malware to Watch for in 2010

image Button up your overcoat and get your rain gear ready; it’s going to get stormy! PandaLabs has released its 2010 forecast of computer threat trends for 2010.

Cybercriminals are increasingly more knowledgeable, quicker to respond to opportunities, and more relentless than ever in their attempts to separate surfers from their money.

Being aware of Internet threats is critical to your security on the Internet, so that you can protect yourself and stay ahead of the curve. Knowledge truly is a critical necessity to ensure your personal safety on the Internet.

The following PandaLabs forecast can help you get ready for the malware threats expected in 2010.

Courtesy of Panda – PandaLabs Forecast: 2010 Computer Threat Trends

  • Fake antivirus, bots and banker Trojans will continue to increase
  • Cyber-criminals will keep fine-tuning their social engineering skills to trick victims
  • More malware will be created for Windows 7 and Mac operating systems
  • The term ‘cyber war’ will become more familiar as politically-motivated attacks across the Internet increase

PandaLabs, Panda Security’s malware analysis and detection laboratory, has released its forecast of computer threat trends for 2010. PandaLabs predicts that in 2010, the amount of malware in circulation will continue to grow exponentially as it has in 2009.

As anti-malware technologies are able to respond closer to real-time through cloud-based innovations such as Panda’s Collective Intelligence, malware creators will respond by generating even more diverse threats to evade detection and elimination.

Once again malware will be designed almost exclusively for financial gain, and we can expect to see many new fake antivirus (rogueware), bots and banker Trojans.

Social Engineering Continues to Rise
Cyber-criminals will again be focusing on social engineering techniques to infect computers, particularly those targeting search engines (BlackHat SEO) and social networks, along with ‘drive-by-download’ infections from Web pages.

As the football World Cup takes place in South Africa, we can also expect to see significant amounts of malware related to this event: false ticket offers, junk mail, etc.  It is always a good idea to be suspicious any messages related with current affairs and large events such as this.

In the case of social networks, there have already been many examples of worms and Trojans targeting Twitter and Facebook. Malware creators will continue to be drawn to these types of platforms that are used by millions of people.

Watch Out Windows 7
Windows 7 will have a major impact on malware development: where Windows Vista hardly caused a ripple, Windows 7 will make waves. One of the main reasons is the widespread market acceptance of this new operating system, and since practically every new computer comes loaded with Windows 7 64-bit, criminals will be busy adapting malware to the new environment. It may take time, but we expect to see a major shift towards this platform over the next two years.

Mobile Phone Attacks – Not Yet!
Several security companies have been warning for some time that malware is soon to affect cell phones in much the same way as it affects PCs. Well, we hate to rain on their parade, but 2010 will not be the year of malware for cell phones.

The PC is a homogenous platform, with 90 percent of the world’s computers running Windows on Intel, meaning that any new Trojan, or worm has a potential victim pool of 90 percent of the world’s computers. The mobile phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems.

Applications continue to be incompatible from one operating system to another. Therefore it is unlikely that 2010 will see widespread targeting of cell phones by malware. In any event, this year will witness many changes in the world of mobile telephony with more smartphones offering practically the same features as a PC; the emergence of Google Phone – the first phone sold directly by Google without tying users to specific operators; the increasing popularity of Android, and of course the iPhone. If in the next couple of years there are only two or three popular platforms, and if people make significantly more financial transactions from their phones, then the potential breeding ground for cyber-crime will be significant enough to be concerned.

Mac Becoming Increasingly Attractive to Cyber-Criminals
Mac’s market share has increased in recent years. Although the number of users has yet to reach the critical mass required to make it as profitable as PCs for cyber-criminals, it is nevertheless becoming more attractive.

Mac is used just as PCs are to access social networks, email, and the Internet: the main malware distribution systems used by cyber-criminals. Consequently, Mac is no longer a safe haven against malware.

These criminals can easily distinguish whether a system is Mac, and they are creating malware designed especially to target this OS. In 2009 we have already seen some attacks, and predict there are more to come in 2010.

Cyber war
Throughout 2009, governments around the world including the United States, the UK and Spain, have expressed concern about the potential for cyber-attacks to affect economies or critical infrastructure. We also saw this year how several Web pages in the United States and South Korea were the subject of attacks, with suspicion –as yet unapproved- pointing at North Korea. In 2010 we can expect to see similar politically-motivated attacks.

Securing the Cloud
Cloud-based services will continue to grow in popularity among consumers and business users alike. As this happens, the security industry must be acutely aware of cybercriminals’ moves to take advantage of this new platform.

Cloud Antivirus Technology on the Rise
2010 will be the year in which all anti-malware companies will innovate to remain competitive as cloud-based security becomes the most effective way to fight today’s malware.

In 2007, Panda Security launched its first product which took advantage of the cloud. Now in 2009, all the company’s products use it and we have launched the first 100 percent cloud-based free antivirus: Panda Cloud Antivirus (www.cloudantivirus.com), and Panda has noticed that the rest of the marketplace is beginning to follow suit.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Panda Security, PandaLabs, Safe Surfing, Windows 7, Windows Tips and Tools

Ransom.K, Bifrost.GEN and Safety Center Fake Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report looks at two Trojans and a new fake antivirus.

Bifrost.GEN is a backdoor-type Trojan whose objective is to go resident, concealing its presence and displaying no visible symptoms. The malware inserts its code into Internet Explorer and runs it in the background, leaving an open connection to await instructions from the attacker to access the infected computer.

The second Trojan we are looking at today is Ransom.K. It reaches computers with an icon that resembles an application Help file and encrypts the code of the .TXT, .DOC, .XLS and .JPG files detected on the computer, using a file it downloads called CryptLogFile.txt. Additionally, it replaces the desktop wallpaper with a message asking users to pay for the credentials for decrypting the code.

image

This type of extortion is known as “ransomware”. The solution to this problem
is simple, and involves deleting the CryptLogFile.txt file from C:\Windows and re-running the Trojan. When it can’t find the file with the list of documents, it will automatically return the files it encrypted to their original status.

Finally, Safety Center is a new fake antivirus. It is presented as an unregistered multi-tool product.

image

It asks users to purchase the license by registering online in order to use or update all the tools. On reaching computers it carries out a fake hard-disk scan, displaying false infections to trick users. If victims fall for the trap and pay, they will not only be paying for a fraudulent product, but will also have their bank details exposed.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

Safety Center Removal:

If you have become infected by Safety Center, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Anti-Malware Tools, Browser add-ons, Don't Get Scammed, Don't Get Hacked, downloads, Encryption, Free Anti-malware Software, Free Security Programs, Freeware, Internet Safety Tools, internet scams, Internet Security Alerts, Malware Advisories, Panda Security, PandaLabs, Ransomware, Rogue Software, Rogue Software Removal Tips, Scareware Removal Tips, Software, trojans, Windows Tips and Tools