Fake Antivirus Programs – Can It Get Any Worse?

time January 28th, 2011 time Posted in Antispyware, Antivirus, Computer Repair, Free Software, Spyware Prevention
Fake Antivirus Programs

During the last few months, the bad guys on the internet have stepped-up their efforts to cash-in on the increased number of unwary internet surfers looking for holiday deals. I remember when it was mostly the “high-risk”  internet surfer who had to worry, but these days, you can also add “the naive” to the list. It was pretty normal to expect an infected computer from teenagers who click on anything, but even careful internet surfers are getting infected more than ever before. Aside from the increased the number of infected computers we check-in for repair, they have also gotten more difficult to repair. The bad guys are getting smarter, but we still manage to get the job done.

The Worst Kind of Infections

Virtually everyday, almost all I see are computers infected with Fake Antivirus Programs. But to make matters worse, they are increasingly being accompanied with rootkits (invisible trojans) and master boot record (mbr) viruses. I remember when a whole year could go by without seeing any rootkits or mbr viruses, but now I see them almost everyday. We do a pretty good job disinfecting these types of infections, but it can be more time-consuming than usual. Sometimes, it would just be easier to back-up the data, reformat the hard drive and do a fresh Windows installation.

Why I Don’t Always Like to Do Fresh Windows Installations

It is no big deal to do a fresh Windows install, and sometimes it is necessary anyway. But the big problem for me about fresh installs are the unrealistic expectations of the customer. When we reload Windows from scratch, we can’t replicate every program and customization you previously had and you will need to reinstall these missing programs with your own CDs, and install your printer again. We could do some of this for you, but you will need to make another trip to bring back your CDs, any product keys and printer, etc. But to prevent having any awkward post-repair situations like this, I prefer to repair the computer with all your stuff intact, minus the viruses. It’s an under-appreciated skill to be able to thoroughly remove infections, because “MOST” techs aren’t as good at virus removal as they think they are. I won’t elaborate about the details here. Sorry techs, but I have seen your work! Many shops prefer to run a System Recovery as a matter of policy if it isn’t something they can debug in an hour or so.

Watch Out For The Fake Antivirus Programs, aka Scareware

When you suddenly see a warning message “from a program you never saw before” informing you that your computer is infected, you probably have a Fake Antivirus program (see the screenshots below). Most people know the name of the security product installed on their computer (Norton, McAfee, etc), so anything else alerting you to an infection is probably fake. Sadly, a few people are duped into believing these fake alerts and purchase it in hopes that it will fix their problem, and then the problem gets worse. All I can say is to use extreme caution when purchasing new protection software online. “Don’t trust anyone who tries to scare you into downloading software to fix your PC that’s supposed to have a virus,” warns Robert Siciliano McAfee, a consultant and identity theft expert. “This is scareware, and it will mess up your operating system, and your card will be charged more than once.” You can at least get the name of the program and Google it, and if it is fake, you will probably see all sorts of results with removal instructions. But be wary of some of these sites as well, and always do your homework. I often see computers with multiple Fake Antivirus programs because the customer was looking for yet another program to fix their first problem.

When you get one of these types of infections, I have rarely seen a “regular joe” who was able to remove it themselves. There are online forums that can help you for free, but it may take several sessions over many, many days. Anyway, at the first sign of one of these types of infections, I would run what security software you already have installed, and if that doesn’t do it, just save yourself some time and headaches and pay a reputable tech to have it professionally removed. But if you want to battle it yourself, please back-up your data first. Just know that many of these infections inject entries into your registry that may prevent you from installing, running, or updating most main stream security software. My point is that if you purchase additional software to do it yourself, you may not be able to use it … yet. Of course, this isn’t always the case. It has taken me years to do what I do, and I do it everyday (except Sunday), so knowing what I know now, I wouldn’t want to attempt removing a Fake Antivirus program if I were a novice unless I was planning to become a PC Technician. You just can’t keep up with this scareware junk unless you do it on a regular basis.

System Tool is a Fake Antivirus Program I Have Seen Quite Often Lately

These programs go by many names and have many different layouts and colors, but they all seem to somewhat look alike to me. System Tool 2011 is a fake alert which lures users to unknowingly perform corrupt actions on a targeted computer. In other words, clicking Yes, No, Cancel, Close, or whatever all mean YES. System Tool creates a start-up registry entry and modifies the browser settings. It poses as an antispyware application that displays deceptive warnings and misleading scan results, after which it will prompt the user to purchase it once it is done scanning. Even if you manage to temporarily close the System Tool windows, it is very persistent and will keep coming back over and over. Superb programs like ESET Nod32, SUPERAntispyware Pro, or the full version of Malwarebytes Anti-Malware can usually protect you from these types of infections if you have them installed and updated already at the time you encounter the infection. If you are able to install them after getting infected, they can help, but may not be able to remove enough of the infected files to do the job. This is when you need to know advanced removal techniques, which will require manual procedures, as well as software you probably never heard of, don’t know how to get, and probably wouldn’t know how to use if you had it. I hope I got the point across by not sugar-coating anything. Prevention is the way to deal with these infections, because most any computer user can learn prevention, but dealing with them after getting infected is a whole different ball game.

System Tool 2011 Screenshots

Below are some screenshots of what System Tool looks like. As I said, these programs go by many names and have many different layouts and colors, but they all seem to somewhat look alike. Good luck if you have one on your computer now. If you have one of these programs already, there is a free tool that may be able to help you, but please use it with caution. Read on below after the screenshots for more information.

System Tool 2011

System Tool 2011

System Tool 2011

Powerful Help With a Powerful Warning

If you have one of these types of infections, and still want to try and remove it yourself, you may want to try ComboFix. If you have this tool, know that it is not a toy. If used the wrong way, you could trash your computer. Please use only under the direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

One important note is that you should ensure you have disabled all antivirus and antimalware software programs first so they won’t interfere with the running of ComboFix. Also do not run any programs once you start ComboFix. Besides that, I love this tool, and I can tell you that I have my best success when changing the name of the file and then running it in Safe Mode with Networking. If your internet connection still works, let ComboFix update when prompted. Also, if you have WinXP, let it install the Recovery Console. Be sure to keep a backup copy of ComboFix because if you have certain rootkits or mbr infections, they will usually detect when you try to run ComboFix and will automatically delete it.

Read the FULL ComboFix Instructions FIRST:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#intro#intro

Then Download ComboFix.exe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Want To Learn How You Can Get Unlimited 24/7 Remote Repairs?

Then check out this subscription based Remote Repair Service. Subscriptions start as low as $16.99/month. If your internet still works, you could get your first repair right away with your up front cost as low $16.99! At a minimum, you get:

  • Unlimited remote support for your computer and any device that interacts with your computer
  • Schedule your appointment with U.S.-based certified technicians – available 24/7/365

First, write down our “Representative Team ID“:  02122729 (you will need this should you decide to order)

Then go to: http://www.RemoteComputerRepairExperts.com

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply



XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>