Fake AV (Security Tools and others) advice please

  wids001 10:24 28 Feb 11
Locked

I am seeing many threads regarding machines being infected with this type of malware and am looking for some advice on stopping this before it might happen on my machine.

I was under the impression that should something like this appear on my computer, not to click anything as once you do it then downloads the malware. Is this correct.

I am running W7 64bit running IE8 and have Norton 360 installed along with the free version of Malware Bytes. I have had a couple of warnings from N360 that it has blocked attacks from a fake AV in the past, so I am hoping that N360 is/should block anything like this again.

I also read that by installing the paid version of Malwarebytes this would give realtime protection against these attacks. Does not N360 do this?

Can anyone advise on the way to go forward on this please. Do I have enough protection at present? Is there anything else I could add? Are there any proven steps to avoid these rogue programs? Am I being too unduly concerned about this?

  wids001 10:27 28 Feb 11

One other point, my computer has Windows Defender on it but it is not activated. Can this be run with N360 and Malwarebytes, or would this cause problems?

  birdface 10:57 28 Feb 11

I think it is a one of payment for the pro version of malwarebytes so maybe invest on that and it should stop any drive by Trojan downloaders.
Shop around for coupon codes for it and you will normally get it a bit cheaper.
Not sure if there are any conflicts between Norton and malwarebytes best waiting for information from others.

  birdface 11:01 28 Feb 11

I should have added that I have always found Windows Defender to be a poor substitute for a Good Anti-Malware program.
Others use it and have no problems with it just not to my liking.

  birdface 12:12 01 Mar 11

I have been told that this works and if so will be an easy fix for those that get infected.

To remove false security programs


1. Turn off computer ,then turn on and start tapping F8
2. When the Advanced startup options appear Select Safe mode With Networking
3. Open internet explorer go to google.com ,download Hitman pro "32-bit or 64-bit depending on your Os"
4. Run Hitman pro ,let this scan the computer
5. Activate Free Licence
6. Reboot Pc

Infection Removed..!


But so far I have found no one to try it on to see if it works or not.

  Woolwell 12:29 01 Mar 11

I would not add to what you already have. Malwarebytes free should be sufficient. Norton already provides real-time protection as you have found. Malwarebytes is a backup and that is the way I use it.

The most important thing is not to click on these links which you are already aware of.

Don't bother with Windows Defender which IMO is not very good.

  c4rm0 12:48 01 Mar 11

The removal is quite easy for alot of these fake av tools like security tools ect

the first thing you need to do is stop the process from running. alot of these fake av's now stop your AV / Malware apps from working and block access to the task manager ect

If you look in C:\Documents and Settings\yourprofle\Application Data

There will be a folder with a odd name eg .. efogrgerg0g in there will be the Executable you wont be able to delete it as its running in memory so you need to rename it to .BAK and reboot the computer

Once the computer has been rebooted as the process cant start you wont be getting all the fake alerts and will have access to your AV/malware apps. At this stage i do a full cleanup

Run a full AV Scan
Run a full spyware/adware scan with Malwarebytes/superantispyware

Delete all left over reg keys , Folders,startup entries in msconfig

Job done

  c4rm0 13:24 01 Mar 11

with regards to prevention. Malwarebytes the licensed version has real time protection

but i had a machine that both had AV with latest devs and Malwarebytes licensed and still got on there. There getting very smart it got on my colleague's when he was browsing ebay and nothing prompted him to install anything so i think it was embedded into a image or AD on ebay

  esbe 23:07 01 Mar 11

Have a read here & 'Rogue Gallery' link on left.

click here

cheers.

  rdave13 23:29 01 Mar 11

Nearly happened again. Browsing Google images for a diagram of the human body, for my son's homework, I got a rather good skeleton off the BBC site. Looking for another one with a diagrm of the muscles, I clicked on an image and the usual warning came up. " Your computer is infected...blah.. blah.."
I open the task manager and stop the application.
This closes IE or whichever browser you use.
Remember that when you re-open the browser don't select the option to return to the pages you had open, because the browser closed unexpectedly, just select your homepage. It seems this is getting more frequent.

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

20 groundbreaking 3D animation techniques

How to mine Bitcoin on Mac