Detect Fake Antivirus software & Spyware Removal programs

virus   Detect Fake Antivirus software & Spyware Removal programsEventually getting hit by a nasty computer virus, trojan or severe Adware infection is bound to happen.¬†These problems strike both experienced as well as novice computer users, and the only indication that something is wrong might be that a strange ad window keeps automatically popping up whenever you’re browsing the Internet¬†or your computer slows down to an annoying crawl.¬† Many people who are faced with these issues automatically turn to the Internet for either free or paid antivirus software. There have been many MUO articles covering various free antivirus or antispyware tools, such as Mark’s review of AVG or Bill’s review of Spyware Terminator. However, since so many people turn to the Internet when such a tragedy strikes, I wanted to take a moment to list some of the fake antivirus and spyware removals that you should stay away from or you’ll find your computer infected even worse.

How Does Fake Antivirus Software Work?

The irony of these fake removal software packages are that while they advertise and promote themselves as product that will help you remove malicious software from your computer, the moment you download and install it, you’ve just been infected by one of the worst trojans you could have on your computer. The moment it’s installed, you start getting pop-up windows that say you’re horribly infected and to click on a particular link so you can download the full version of the antivirus software to thoroughly clean your computer. Another version presents itself as a legitimate antivirus software and fakes a “full system scan,” which results in a long list of horrible viruses and other assorted nasty-looking infections. However, when you click on “remove,” you’re informed that you only have the trial version and that you need to buy the full version to remove the viruses. Few people realize that the scan results themselves are fake.

The Top Antivirus and Spyware Removals to Avoid Like the Plague

At the end of 2008, ComputerWorld reported on how the latest version of Microsoft’s Malicious Software Removal Tool (MSRT) discovered and removed “Antivirus 2009,” from a reported 394,000 PCs in just the initial nine days after it was released. What this reveals is that the scammers who write this fake software are successfully taking advantage of the fear computer users have regarding computer infections, and also their lack of computer knowledge. Thousands of people click on the link to download fake antivirus software and essentially voluntarily infect their computer with a trojan.

1. The Infamous Antivirus 2009

These days, Antivirus 2009 (and Antivirus 10 or Antivirus 360) is so well-known as malware that you most likely will not find the scammers using legitimate websites to promote the product using its actual name, instead scammers are resorting to setting up sites to help people remove Antivirus 2009. If the user clicks on the link, and downloads and installs the software, they’ll find themselves infected with the malicious software.

antivirus2009b   Detect Fake Antivirus software & Spyware Removal programs

“Removing” the viruses from your computer entails signing up (and paying for) a full version of the software.¬†If you fall for this particular trap, all you end up with is a charge on your credit card and bogus software.¬†Fortunately, there are now a plethora of websites throughout the net that tell people how to remove this particular trojan. Unfortunately, there are also a variety of websites that the scammers are producing, that portray themselves as an “Antivirus 2009 removal tool,” while they simply install and run the same sort of bogus software. How do you tell the difference between a legit site and a bogus one?¬† Check out listing number 7 on Aibek’s list of essential security downloads. The Web of Trust is a great tool to identify dangerous fake antivirus sites.

2. Conficker Worm Installs Spyware Protect 2009

Do you remember the recent Conficker worm fiasco that had IT folks around the country scrambling to patch PCs before they could get infected? Well, an April 10th, 2009 article on CNET reports that investigators finally have a clue behind the motives of the Conficker worm creators. Apparently the motive is to make money using fake antivirus software and they attempted to do so by having the Conficker worm install antivirus software called Spyware Protect 2009 on target computers.

conficker1   Detect Fake Antivirus software & Spyware Removal programs

The technique used is essentially the same as the other fake antivirus applications. The software provides users with a list of nasty infections that their computer allegedly has, and the only way to remove them is by visiting the website and submitting your credit card information in order to buy the full version. Apparently the whole point of the Conficker worm was yet another fake antivirus scam. Obviously, if your computer ever displays the window above, you’re likely infected with the Conficker worm.

3. PC AntiSpy Returns Fake Spyware Results

Another application that returns bogus results, listing some of the worst known spyware applications as infecting your computer is PC AntiSpy, a bogus spyware-fighting application that is nothing of the sort. Instead of helping you keep your computer clean, this application uses scare tactics to get users to click on a link to pay for a version of PC AntiSpy that can remove the nasty Spyware that supposedly exists on the computer.

antispyware   Detect Fake Antivirus software & Spyware Removal programs

As you can see, some of these software packages appear pretty authoritative and legit. Unfortunately the only real functionality they have is acting as a trojan.¬†Like many other fake applications like this one, a multitude of helpful websites and forums post instructions on how to remove it. Scammers are becoming sneakier — they too start their own “how to” web page in order to target people who are already infected and looking for help.

4. WinDefender – The Copycat Class of Fake Antivirus and Spyware Removals

Another significant group of antivirus applications are those that attempt to copy the names of legitimate, well known applications. For example, SpyWareBot and TheSpyBot both attempt to copy SpyBot Search and Destroy. These applications depend upon computer users who aren’t technically savvy and aren’t sure exactly what the legitimate software is called. Another example of this is WinDefender, which attempts to copy Windows Defender.

windefender   Detect Fake Antivirus software & Spyware Removal programs

The success of these applications comes from the fact that so many people are, in fact, fooled by the similarity of the application names to legitimate antivirus software. The most important rule of thumb to follow when you’re looking for good antivirus or anti-spyware software is to only shop at websites that you know are reputable. Whenever an antivirus ad automatically pops up unexpectedly on your computer screen, under no circumstances should you ever click the link to “run a scan.”

Final Words – Use Caution and Common Sense

Nothing says that you need to use only Norton or Symantec for your antivirus needs, but if you’re going to branch out and try other software companies, it’s important that you understand the legitimacy and integrity of that company.¬† The examples above are only four of the hundreds of fake antivirus and anti-spyware applications out there – and their names change just as fast as people can figure out that they’re fake. If you need some advice for legitimate antivirus software, check out Aibek’s 2008 poll where MUO users chose the best antivirus software available.

Have you ever been infected by any fake antivirus trojans? Which one was it, and how hard was it to clean it off your computer? Share your experiences in the comments section below.

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

16 Comments -

Cheezwhiz

I remember Antivirus 2008! I was cleaning out my older sister’s computer because she bought a new laptop and I was going to inherit her desktop. Antivirus 2008 told me I had 49 infections, and I got so mad when it kept reappearing after I supposedly uninstalled it. And I was even madder when it told me I had to register, because I can’t stand using paid software. It didn’t go away until I ran a bunch of scans with my trusted AVG. After that, I settled down to get rid of Purityscan. Now that I think about it, I should probably give my sister a lesson about computer care — she’s on her third laptop since the first had a defective part and the second just broke down.

ItsFakeDude

Today I just removed some fake antivirus for a client called “Personal Antivirus”. The interface for it looked exactly like the popular free program AVG.

School Computer

Out of interest, how did you remove it? I work in a school and one of the computers has been infected and every time I try to change website onto something else(for example this website) from that computer, it reverts to a website called ‘spywareremoval.com’ or something similar. Also, being a school computer, it isnt possible to access task manager or add/remove programs on XP. Is it possible to download a removal program and install it through a usb stick? Any info would be very useful, thank you

Neil

I removed PAV using ” Malwarebytes anti-malware ” free edition. It did a great job of removing all traces of this nasty rogue antivirus.

Ryan Dube

Yeah, Malwarebytes does a great job removing a lot of these fake antivirus programs.

Gerry – Small Laptop Computers

Thanks for the very useful information. It is tempting to try some of the so called “free offers” that are out here that sound too good to be true. One tip that I use is to always do a Google search on the name of the product in question using a search ” product name + trojan” which will usually bring up information on the viability of the product.

clinton oreb

i got the pav virus from facebook

hemsteinmay81

I got Cyberdefender antivirus software and liked the free scanner and spyware remover. I bought the upgrade and it really has saved my computer because it has blocked a bunch of virus attacks I got from various websites.

I found out that they are a NASDAQ company, which means there is some accountability and that they sell a valid product. I will try the registry cleaner, since I had such a positive experience from Cyberdefender anti-virus.

Bryan

Just wanted to say Thanks for the Info. I’ll be teaching a class next week on Internet Threats and wanted to have examples of Fake Antivirus / Anti Spyware problems as a potential threat as well. This is perfect for what I needed. Appreciate you taking the time to help people be informed.

Thx!

Iman Diaz

What I have found EXTREMELY effective against fake security software is MalwareBytes Anti-Malware… So far to date it does the trick every time. What I love about it is that it has real time protection which many apps do but not very well…

Doug

I’ve worked on several computers for friends recently that have been infected; they appear to have been triggered by a program that looks like Windows Defender, but they didn’t have any toolbar that could minimize or close the window, so they only had the option to click download or install. I’ve seen something like this on my computer, and the only way to get past it is the 3 finger salute (Ctrl, Alt, Del) and close the application.

They seem to have a commonality of turning off updates to your OS, Windows firewall, and antivirus or spam software. Some programs (Avast, AVG, and Spybot) couldn’t even be opened to run.

Like other posters, the only way that I could get rid of it was with Malwarebytes, but it would only do this in Safe Mode.

Nasty people who propagate this stuff.

Thanks to the above posters and the author for helping us stay as clean as possible.

Denis

Trying any of your defences like your legit AV, Malwarebytes and hijackthis will result in the trojan telling you that these programs are infected too. If so, disconnect your internet connection and then ctrl/alt/delete to stop the process in your task manager. you can then run malwarebytes to remove the nasty ‘orrid. clean up with your own AV, run hijackthis and restart your computer. reconnect the internet. I used this method to remove Antivirus 2009 from my PC tonight.

RobTodd

I’ve found that combofix will remove these and other nasty infections 99% of the time. Just be carefull where you get combofix from, as there are fakes for it. most reliable is bleepingcomputer.com