Tag Archives: Ramson.G worm

SaveSoldier Fake Antivirus – Panda Security Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report discusses the SaveSoldier fake antivirus and the Ramson.G worm.

The first malware we’re looking at this week is another example of malicious programs that pass themselves off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate (non-existent) threats.

This fake antivirus is designed to collect personal and bank details provided by users when they buy it. This malware scans the system searching for infected software –


and displays an interface which resembles the interface of a typical antivirus program –


It then asks users to buy and install certain software to resolve problems caused by the malicious software supposedly detected on the computer.

When the fake antivirus ‘detects’ infected files, it prompts the user to enter a code they will receive when they buy the antivirus pack.


To do so, users are redirected to a page where they can purchase the software using a credit card.


It also displays several warnings informing about malware problems, registry errors, etc.

The second example of malware in this report is the Ramson.G worm, which appears on screen with the icon of an executable file and constantly launches the Windows taskkill utility to eliminate processes, passing a series of commands.

When the computer is restarted, a message in Russian is displayed


and a code to access the system is requested. Once the code is entered, it displays another message and restarts the system.


It spreads through mapped, shared and removable drives. It uses its autorun.inf configuration file for malware to self execute through these drives.

More information about these and other malicious codes is available in the Panda Security Encyclopedia.

You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you become infected by this, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

When surfing the web: Stop. Think. Click

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all email attachments

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under Don't Get Scammed, Don't Get Hacked, Interconnectivity, Internet Safety, Internet Security Alerts, Malware Advisories, Online Safety, Panda Security, PandaLabs, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, System Security, Windows Tips and Tools