Detect Fake Antivirus software & Spyware Removal programs

Ads by Google

virusEventually getting hit by a nasty computer virus, trojan or severe Adware infection is bound to happen. These problems strike both experienced as well as novice computer users, and the only indication that something is wrong might be that a strange ad window keeps automatically popping up whenever you’re browsing the Internet or your computer slows down to an annoying crawl.  Many people who are faced with these issues automatically turn to the Internet for either free or paid antivirus software. There have been many MUO articles covering various free antivirus or antispyware tools, such as Mark’s review of AVG or Bill’s review of Spyware Terminator. However, since so many people turn to the Internet when such a tragedy strikes, I wanted to take a moment to list some of the fake antivirus and spyware removals that you should stay away from or you’ll find your computer infected even worse.

How Does Fake Antivirus Software Work?

The irony of these fake removal software packages are that while they advertise and promote themselves as product that will help you remove malicious software from your computer, the moment you download and install it, you’ve just been infected by one of the worst trojans you could have on your computer. The moment it’s installed, you start getting pop-up windows that say you’re horribly infected and to click on a particular link so you can download the full version of the antivirus software to thoroughly clean your computer. Another version presents itself as a legitimate antivirus software and fakes a “full system scan,” which results in a long list of horrible viruses and other assorted nasty-looking infections. However, when you click on “remove,” you’re informed that you only have the trial version and that you need to buy the full version to remove the viruses. Few people realize that the scan results themselves are fake.

The Top Antivirus and Spyware Removals to Avoid Like the Plague

At the end of 2008, ComputerWorld reported on how the latest version of Microsoft’s Malicious Software Removal Tool (MSRT) discovered and removed “Antivirus 2009,” from a reported 394,000 PCs in just the initial nine days after it was released. What this reveals is that the scammers who write this fake software are successfully taking advantage of the fear computer users have regarding computer infections, and also their lack of computer knowledge. Thousands of people click on the link to download fake antivirus software and essentially voluntarily infect their computer with a trojan.

1. The Infamous Antivirus 2009

These days, Antivirus 2009 (and Antivirus 10 or Antivirus 360) is so well-known as malware that you most likely will not find the scammers using legitimate websites to promote the product using its actual name, instead scammers are resorting to setting up sites to help people remove Antivirus 2009. If the user clicks on the link, and downloads and installs the software, they’ll find themselves infected with the malicious software.

Ads by Google

antivirus2009b

“Removing” the viruses from your computer entails signing up (and paying for) a full version of the software. If you fall for this particular trap, all you end up with is a charge on your credit card and bogus software. Fortunately, there are now a plethora of websites throughout the net that tell people how to remove this particular trojan. Unfortunately, there are also a variety of websites that the scammers are producing, that portray themselves as an “Antivirus 2009 removal tool,” while they simply install and run the same sort of bogus software. How do you tell the difference between a legit site and a bogus one?  Check out listing number 7 on Aibek’s list of essential security downloads. The Web of Trust is a great tool to identify dangerous fake antivirus sites.

2. Conficker Worm Installs Spyware Protect 2009

Do you remember the recent Conficker worm fiasco that had IT folks around the country scrambling to patch PCs before they could get infected? Well, an April 10th, 2009 article on CNET reports that investigators finally have a clue behind the motives of the Conficker worm creators. Apparently the motive is to make money using fake antivirus software and they attempted to do so by having the Conficker worm install antivirus software called Spyware Protect 2009 on target computers.

conficker1

The technique used is essentially the same as the other fake antivirus applications. The software provides users with a list of nasty infections that their computer allegedly has, and the only way to remove them is by visiting the website and submitting your credit card information in order to buy the full version. Apparently the whole point of the Conficker worm was yet another fake antivirus scam. Obviously, if your computer ever displays the window above, you’re likely infected with the Conficker worm.

3. PC AntiSpy Returns Fake Spyware Results

Another application that returns bogus results, listing some of the worst known spyware applications as infecting your computer is PC AntiSpy, a bogus spyware-fighting application that is nothing of the sort. Instead of helping you keep your computer clean, this application uses scare tactics to get users to click on a link to pay for a version of PC AntiSpy that can remove the nasty Spyware that supposedly exists on the computer.

antispyware

As you can see, some of these software packages appear pretty authoritative and legit. Unfortunately the only real functionality they have is acting as a trojan. Like many other fake applications like this one, a multitude of helpful websites and forums post instructions on how to remove it. Scammers are becoming sneakier — they too start their own “how to” web page in order to target people who are already infected and looking for help.

4. WinDefender – The Copycat Class of Fake Antivirus and Spyware Removals

Another significant group of antivirus applications are those that attempt to copy the names of legitimate, well known applications. For example, SpyWareBot and TheSpyBot both attempt to copy SpyBot Search and Destroy. These applications depend upon computer users who aren’t technically savvy and aren’t sure exactly what the legitimate software is called. Another example of this is WinDefender, which attempts to copy Windows Defender.

windefender

The success of these applications comes from the fact that so many people are, in fact, fooled by the similarity of the application names to legitimate antivirus software. The most important rule of thumb to follow when you’re looking for good antivirus or anti-spyware software is to only shop at websites that you know are reputable. Whenever an antivirus ad automatically pops up unexpectedly on your computer screen, under no circumstances should you ever click the link to “run a scan.”

Final Words – Use Caution and Common Sense

Nothing says that you need to use only Norton or Symantec for your antivirus needs, but if you’re going to branch out and try other software companies, it’s important that you understand the legitimacy and integrity of that company.  The examples above are only four of the hundreds of fake antivirus and anti-spyware applications out there – and their names change just as fast as people can figure out that they’re fake. If you need some advice for legitimate antivirus software, check out Aibek’s 2008 poll where MUO users chose the best antivirus software available.

Have you ever been infected by any fake antivirus trojans? Which one was it, and how hard was it to clean it off your computer? Share your experiences in the comments section below.

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Windows Troubleshooting
Windows Troubleshooting
10 Members
Windows_10
Windows_10
9 Members
Windows Hacks & Customization
Windows Hacks & Customization
22 Members
Best Windows Software
Best Windows Software
14 Members
Ads by Google
Comments (16)
  • RobTodd

    I’ve found that combofix will remove these and other nasty infections 99% of the time. Just be carefull where you get combofix from, as there are fakes for it. most reliable is bleepingcomputer.com

  • Denis

    Trying any of your defences like your legit AV, Malwarebytes and hijackthis will result in the trojan telling you that these programs are infected too. If so, disconnect your internet connection and then ctrl/alt/delete to stop the process in your task manager. you can then run malwarebytes to remove the nasty ‘orrid. clean up with your own AV, run hijackthis and restart your computer. reconnect the internet. I used this method to remove Antivirus 2009 from my PC tonight.

  • Doug

    I’ve worked on several computers for friends recently that have been infected; they appear to have been triggered by a program that looks like Windows Defender, but they didn’t have any toolbar that could minimize or close the window, so they only had the option to click download or install. I’ve seen something like this on my computer, and the only way to get past it is the 3 finger salute (Ctrl, Alt, Del) and close the application.

    They seem to have a commonality of turning off updates to your OS, Windows firewall, and antivirus or spam software. Some programs (Avast, AVG, and Spybot) couldn’t even be opened to run.

    Like other posters, the only way that I could get rid of it was with Malwarebytes, but it would only do this in Safe Mode.

    Nasty people who propagate this stuff.

    Thanks to the above posters and the author for helping us stay as clean as possible.

  • Iman Diaz

    What I have found EXTREMELY effective against fake security software is MalwareBytes Anti-Malware… So far to date it does the trick every time. What I love about it is that it has real time protection which many apps do but not very well…

  • Bryan

    Just wanted to say Thanks for the Info. I’ll be teaching a class next week on Internet Threats and wanted to have examples of Fake Antivirus / Anti Spyware problems as a potential threat as well. This is perfect for what I needed. Appreciate you taking the time to help people be informed.

    Thx!

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.