Filed under: Security, Windows, Troubleshooting, DLS 101
DLS 101 - How to spot a fake Windows antivirus program
by Lee Mathews Jul 20th 2009 at 10:00AM
Unlike Avast, AVG, Kaspersky, Norton, or any of the other real antivirus options out there, a rogue will do nothing to protect you. Rather, it's going to try to deceive you into paying for a full version or removal tool. It may even open a backdoor to your system and start downloading other annoying, nasty programs.
How do these programs get on people's computers in the first place? Usually through deceptive pop-ups on web. Often these "alerts" will try to trick you into thinking:
- porn and illegal files have been found on your computer
- a scan has found virus and malware infections on your system
- your system is totally unprotected
Here are some things to look for:
- cheesey names - never mind the old adage, with these programs you usually CAN judge the book by its cover. Rogue antivirus programs typically use names like Antivirus 360, WinAntivirus 2009, Spyware Police, SpywareProtect, etc.
Wikipedia has a huge list of known fake programs. It also helps to get familiar with big-name, legitimate software (like these free antivirus programs for Windows).
Remind yourself that if you don't recognize the name, don't click. - alerts that just don't belong - Windows will tell you if you're not running antivirus software or the definitions are out of date, but it won't tell you that an infection has been found. Windows Defender will pop up alerts, but not Windows itself or the Windows Security Center. Alerts that claim Windows has found infected files are pulling your leg.
- poor grammar - Windows has its weak points, but real system messages are usually very well written and clear. Alerts from rogue apps don't have the same attention to detail.
- bogus scanning - lots of these apps pretend to scan your system and find all kinds of infected files. Watch what folders and files are being scanned and see if they match the infected files being found.
If the scan is going through c:\windows\ and infected items in folders like c:\temp or c:\documents and settings\ are popping up, it's bogus. Real virus scanners will display infected items as soon as they find them in the folder that's currently being scanned - not random stuff from who knows where.
- your wallpaper has been changed and the image says something about being infected
- every time you reboot a scan window pops up
- whenever the scan completes, you're asked to register or pay in order to remove the infections
Get a WordPress.com Blog
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 2)
216 said 10:47AM on 7-20-2009
The thing is, no matter what steps you take to advise people, the average person who actually gets duped by these fake antivirus programs dont know enough about their own system to keep themselves protected.
Again, the problem in this situation is the user, not the malware. Although I'll admit some of the fake AVs I've heard of do a pretty good job at fooling people. I predict that once MS Security Essentials takes off in popularity (which it will) scammers will start using that as a base for their fake software, making it even harder to detect.
Reply
Drew Green said 10:51AM on 7-20-2009
lol, how to spot it: if it's there without you intentionally installing it...
Reply
Drew Green said 10:59AM on 7-20-2009
also, i like the part where it says "Often these "alerts" will try to trick you into thinking:
* porn and illegal files have been found on your computer"
Heh, that's not trickery. That's fact.
Reply
Mike said 11:05AM on 7-20-2009
The REAL problem is that that are far too many people that just punch the OK button to "make the thing [dialog] go away".
I've seen people do it. I've asked them what the dialog said and why they clicked ok. Their reply: "I don't know, I just wanted it to go away."
You can't fix stupid.
Reply
Rocketboy said 11:58AM on 7-20-2009
Is it stupid when someone sees a window that looks just like any other window that you click on "OK" to bypass?
Ignorance of what's going on, yes.
Stupidity? No.
Mike said 12:32PM on 7-20-2009
Most of the time, they don't even bother to READ what the window says, that makes them stupid.
Rocketboy said 2:36PM on 7-20-2009
No, that's the fault of the GUI designers for throwing up so many messages that nobody cares about, that people do not bother to read them.
Wow great, I need to reboot?
Wow great, I need to reboot?
Wow great, I need to reboot?
freaktech said 11:14AM on 7-20-2009
How funny, I am currently removing AntiVirus2009 from a users machine.
Reply
ZeRo said 11:57AM on 7-20-2009
The funniest thing was having a warning your computer has been infected , please use AntivirusXP or something like that to remove the infection. Come on now, if your on a *nix platform and you see a windows interface saying your infected, u got to know its a fake.
Reply
MarkyB86 said 12:53PM on 7-20-2009
I've seen too much of this "Anti Virus 2009" crap this year! A lot of my customers get it, because they believe what they read. They do read, and there not stupid, they are just not computer literate. When I get rid of the viruses, I give them a HOSTS file to block all of the advertisements it can, and install Firefox and adblock plus, and try to talk them into using it.
Reply
BioBella said 8:17PM on 8-09-2009
Do yourself a favor. Get a mac. It will be the best decision you ever made as far as computers go. End of headaches...seriously. I had one of these pop up (ironically, from a AOL story) and it was specifically for a PC computer, which has a completely different layout than a Mac. It was pretty convincing, and if you were someone who didn't know any better or not paying attention, you'd have an infected computer.
Yes, they may cost more $ upfront (not much more these days - and lets be honest, everything is overpriced anyway), but you don't have to worry about buying extra crap for spyware or virus protection etc... Windows knew what they were doing when they designed their faulty system...think of the thousands of $$$ spent trying to fix computers from a little attack! They wouldn't let that opportunity for more $$$$ slip away... no way.
I've had my Mac for 5 years and (knock on wood) it would still out-compete any Dell or HP. :-)
Reply
Lee Mathews said 9:46PM on 8-09-2009
I usually ignore this comment, but it needs to be addressed.
Advising someone "end their virus woes" by running out and blowing $1,000 on a new computer is not good advice. Some people may have that option, and they may want a Mac. Fine.
For the average Windows user? No way. That's a ton of money to most people.
Take some time, read up, and get your hands on some free tools. All it costs is your time.
Free is good.
BioBella said 1:20AM on 8-10-2009
I am just speaking from personal experience. I have had Dells, HP, and Toshiba computers - all lasting about 2 years each, so my Mac has done the best so far.
I'm not saying blow $1,000 on a Mac or anything. There is the Mac mini which starts at about $500. It doesn't come with a monitor or keyboard, but most people have that anyway if they are looking to upgrade (and it will all work with the Mac mini). So all the benefits of a Mac, with a PC cost.
And as for the average Windows user, I think the biggest issue is that most don't know what "Free" applications can be trusted and which ones can't be trusted. I would imagine that you would already know this, but most "free" software comes with malware, so you really have to be careful.
And for future reference, quit rolling your eyes & don't make it sound as if having a PC means you are so much superior or better than everyone else (you're "I usually ignore this" blah blah blah comment). It really all is a matter of preference, and I was simply suggesting that people who are seriously fed up with their computers to look at Mac...It really is simple to use...geez, it's not like I get commission for every "convert" or something. So please, lighten up! :-)
TONYAUNICORN69 said 11:06PM on 8-09-2009
I felt so stupid when I came across "how to spot a fake windows antivirus program"--because I just finished dealing with "personal antispyware". I was actually running a virus scan with super antispyware when I got this pop up message saying that my system was severely infected. And since I was not on line at the time I thought that this had to be legit. Now that I think about it how did this site come up if I was not on line? when I realized what was going on I tried to delete the program, but couldn't find it in the programs. I even tried the link that was on thier web site to uninstall-didn't work. So I sent them an e-mail.
In the meantime while waiting on a response I tried to get on the internet-i had to do it by clicking on "run as administrator" but them about 30 seconds after my aol home page came up again there was a thing that came up telling me that this site was infected and needed to activate the program-which meant paying $59.00 I couldn't access anything.
I ended up doing a system restore back to a couple days ago, when it was done it was gone from my desktop and no more pop ups, so I hope it is gone.
If anyone reads this and knows of anything else I should do please let me know
Reply
Kathleen said 10:10PM on 8-09-2009
I went through the exact same steps you did when I received the "personal anti-virus" pop ups, right down to sending an email to the site. I actually received an email back from them, but I have a McAfee security system and by the time I got the reply email from the bogus site, my McAfee caught the virus and got rid of it. We actually got it a second time a few days later (both times this thing popped up, my daughter was on Facebook, and my sister got it while she was on Facebook too) and I just shut down the computer... didn't try closing out the pop-up boxes that kept coming up or anything.... just shut the thing off. When I started it back up a short while later, there were no icons on my desktop or anymore pop-ups. All I can say is if you get it again, do NOT click on anything!!! Not even to try and close it out.... just shut down... reboot.
Leonard Robinson said 11:00PM on 8-09-2009
You may want to turn off your system restore in order to delete previous restore points, so you don't accidentally reinstall the virus at a later date. After a reboot you can turn it back on and then create a new restore point, so that you have a good place to restore from if anything else happens.
wolfyou5 said 11:45PM on 8-09-2009
Funny these things seem to always spring up through AOL.
wolfyou5 said 11:53PM on 8-09-2009
Funny these things seem to always spring up through AOL..
ashleyblew said 10:04PM on 8-09-2009
I am NOT computer literate and smart enough to know it. However, some of those pop-up sites look so legitimate. I have Avast installed on my desktop, running XP Pro, and when it stops a virus the computer goes berserk. It starts howling like a siren. I immediately shut everything down and run an Avast scan. Not always convenient to do but I do it anyway. Also, if another installed anti-virus software stops something and asks to "allow or block" I check to see what is already installed on my computer. If it's not already there, it gets blocked. So far I've been pretty successful keeping the bad guys out. That's not to say I won't always be successful but that's what I presently do to protect my computer. On my laptop I have McAfee and Defender.
Reply
Dave said 10:26PM on 8-09-2009
What about "stopsign"? Is it legit or rogue?
Reply