Can some of you post screenshots of what these fake prompts look like on your computer?
Well, none of the typical recommendations except
Using a non-Microsoft OS will give you a heck of a lot more protection against scumware than any combination of security programs running on Windows.
No very likely as most of us get rid as soon as possible.
There are a couple of examples here though.
On my Windows machines I like to use Spybot Search & Destroy along with Avast! and SuperAntiSpyware. The main reason for Spybot S&D is the advanced tools - the ‘Immunize’ function, together with the Safer Networking Hosts File that at least help to prevent you inadvertently landing on a known bad site, or being redirected there. Also the default IE page lock, again to reduce the risk of hijacking if you use IE.
Also the ‘Tea-Timer’ that prevents unauthorised programs from writing to the registry, thus preventing these rogue programs pretending to be AV program warnings from completing their installation.
I generally rely on my Linux machines though, nothing seems to get to them. Not everyone’s choice of course.
I’ve tried Avira Antivir out, too. The problem is that if you get the free version, you will get nag screens unless you do a little hack to disable them. Microsoft Security Essentials is free, never expires, and has no nag screen. I found the scanning performance between the two to be comparable. As for the ability to detect and clean out infections, I don’t really get any viruses/infections so it’s hard to say. But, LifeHacker, Cnet, etc… praise MSE’s detection and clean out rates.
My only critique of MSE is that Microsoft isn’t allowed to install it with Windows by default. If Microsoft did that, then I would have no complaints about it. However, anti-virus companies and the European Union would then complain like snobby kids that Microsoft is “abusing” it’s powers. And it’s clear that Microsoft wants to avoid these laughable lawsuits since it costs time and money.
I see many security enthusiasts run SandBoxie, but the main problem with it is that it does not run properly in 64-bit versions of Windows due to new security kernal patch security features in 64-bit Windows (even though the website says it has some functionality).
You could take this a step up and run a full virtual machine in Virtual Box (like I sometimes do), but this is overkill unless you know you are doing something bad.
Yep, money can be a factor.
As for SuRun, I don’t personally use it since I primarily use Windows 7 Professional, but I do see lots of other security enthusiasts use it. And the fact that the source code for SuRun is available is a big plus for me!
No, the best defense is to never connect your computer to the internet. Or maybe just don’t own a computer or a cable connection or a telephone. But these are unrealistic answers. They’re a cure that’s more extreme than the disease.
Personally, I downloaded a wicked computer virus last week on an architecture site. It wasn’t a website that most people would regard as suspicous. And I didn’t click any ads or links either. Sometimes malware gets you anyway.
So while a defense is good, you also need to have a counter-attack plan. I followed the xash’s sticky and it cleared up the problem. The only point I’d add is that it was necessary to use the restore feature to change my PC settings back to what they were before the virus struck.
Ah, yes, those screenshots clearly show that the user is prompted to download or run the executable and must allow the program to install first before getting “infected”.
Linux is very useful, but if a user is not able to protect him/herself from downloading and running a malicious program in Windows, I don’t expect their knowledge of Linux security to be any better. The primary protection you would get by switching a user to Linux is security through obscurity (with a highly fragmented marketshare that makes me cringe) and then you would lose access to many Windows specific programs. And as much propaganda as Linux enthusiasts try to spew out, I’m still finding myself going to the command line in Linux to install some programs that I need. A command line is a no go.
What browser were you using and what version? What OS were you using. Got a link for that site?
Xash’s sticky omits the most important thing, which is to not use an admin-level account for routine purposes, although I see that one of the replies to the sticky does recommend avoiding admin accounts, in capital letters no less.
This is the number one reason why Windows has a reputation for vulnerability. If everybody ran under limited accounts it would drastically reduced attackers’ options. Vista and Windows 7 go some way to enforcing this with UAC, although I’m still sceptical about UAC’s effectiveness and continue to use a limited account for my day-to-day surfing.
I agree this combo is about as safe as you’re gonna get. Remember you need to manually update each program every single day. If you don’t update them daily they won’t help much.
People have mocked the fact that I don’t update software. My practice is that I prefer the programs I know work and I’m familiar with - plus the programs where I’ve personalized the settings the way I want them. And I have no interest in constantly changing my software just for the sake of having whatever’s the new thing.
So I use Windows XP. My main browser is Netscape 7.2 but I also occasionally use Internet Explorer (I’m not sure which version but it’s an old one).
I can’t provide a link for the specific site. I was googling images of unusual architecture. If I recall correctly, I was at a site that had a collection of houses built on bridges when the virus downloaded.
Mozilla Firefoxwith the adblockplugin is a great start, especially as that fake antivirus is spread through ad networks.
All of which is true, but doesn’t help folks like the OP who are already infected. It’s like someone asking what to do about the brakes on their Prius not working and you chiming it to say “buy a Ford.”
I’m tech savvy and I run ubuntu on my home PC, but a linux OS isn’t the right solution for a lot of folks. If you’re not comfortable working on the command line (like my 68 year old father, for example), it’s going to be frustrating. And a lot of software won’t run on unix platforms – even using WINE or some other emulator.
Most folks who are savvy enough to run a unix OS are savvy enough to manage and understand a security suite. Folks who aren’t aren’t.
I didn’t actually say that Linux was the right solution for everyone, only that it is a way of avoiding viruses. Nor is Linux the only non-Windows OS: While you may be right that most people for whom Linux is a good option could protect themselves anyway, the same is not true of Mac OSX: It’s quite possible for someone without the technical savvy to manage a security suite to do fine with a Mac. And while you’re also correct that it’s not too useful a suggestion for someone who’s already infected, that’s also true for most of the security software people are suggesting. It is, however, valid advice for someone getting a new computer and wondering how to protect it.
Just writing in to say that I use Norton and it doesn’t slow my system down at all. I think they improved that a lot with the newest version.
I have been attacked by the fake AV malware twice. It is such a nightmare. I have searched for who is profiting from this and to find out why they aren’t slowly being roasted over a medium hot fire? They obviously have a commercial account set up to receive money from people who are trying to rid themselves of this program so they can’t be that hard to trace. Who are they?
For this PARTICULAR problem, a browser with an ad-blocker and a popup blocker pretty much take care of it. I use firefox, with adblock plus and NoScript.
For other possible situations, I also run AVG (I hear others are better now, but I’ve been using AVG for a while), and Spybot Search and Destroy/TeaTimer. TeaTimer is a bit of a memory hog on an old system, but it prevents registry changes. There are other ways to do that (including not running as Admin). I prefer TeaTimer.
Brian Krebs has investigated this. One fake AV was run as a franchise business without dozens of hackers trying to get the most installs.
Another rogue AV seemed linked to a group of shady, potentially government protected, businesses collectively known as the Russian Business Network. Its interesting to know that some of these trojans and viruses have exemptions to not run if the computer has a russian IP address.
There are a lot of players out there and considering the difficultly of arresting foreign hackers, most of them will not get into any trouble. They also dont seem to have a problem finding credit card processors for their scams. As long as this stuff is profitable, it will continue to happen.
Some links worth reading: