Eventually getting hit by a nasty computer virus, trojan or severe Adware infection is bound to happen. These problems strike both experienced as well as novice computer users, and the only indication that something is wrong might be that a strange ad window keeps automatically popping up whenever you’re browsing the Internet or your computer slows down to an annoying crawl. Many people who are faced with these issues automatically turn to the Internet for either free or paid antivirus software. There have been many MUO articles covering various free antivirus or antispyware tools, such as Mark’s review of AVG or Bill’s review of Spyware Terminator. However, since so many people turn to the Internet when such a tragedy strikes, I wanted to take a moment to list some of the fake antivirus and spyware removals that you should stay away from or you’ll find your computer infected even worse.
How Does Fake Antivirus Software Work?
The irony of these fake removal software packages are that while they advertise and promote themselves as product that will help you remove malicious software from your computer, the moment you download and install it, you’ve just been infected by one of the worst trojans you could have on your computer. The moment it’s installed, you start getting pop-up windows that say you’re horribly infected and to click on a particular link so you can download the full version of the antivirus software to thoroughly clean your computer. Another version presents itself as a legitimate antivirus software and fakes a “full system scan,” which results in a long list of horrible viruses and other assorted nasty-looking infections. However, when you click on “remove,” you’re informed that you only have the trial version and that you need to buy the full version to remove the viruses. Few people realize that the scan results themselves are fake.
The Top Antivirus and Spyware Removals to Avoid Like the Plague
At the end of 2008, ComputerWorld reported on how the latest version of Microsoft’s Malicious Software Removal Tool (MSRT) discovered and removed “Antivirus 2009,” from a reported 394,000 PCs in just the initial nine days after it was released. What this reveals is that the scammers who write this fake software are successfully taking advantage of the fear computer users have regarding computer infections, and also their lack of computer knowledge. Thousands of people click on the link to download fake antivirus software and essentially voluntarily infect their computer with a trojan.
1. The Infamous Antivirus 2009
These days, Antivirus 2009 (and Antivirus 10 or Antivirus 360) is so well-known as malware that you most likely will not find the scammers using legitimate websites to promote the product using its actual name, instead scammers are resorting to setting up sites to help people remove Antivirus 2009. If the user clicks on the link, and downloads and installs the software, they’ll find themselves infected with the malicious software.
“Removing” the viruses from your computer entails signing up (and paying for) a full version of the software. If you fall for this particular trap, all you end up with is a charge on your credit card and bogus software. Fortunately, there are now a plethora of websites throughout the net that tell people how to remove this particular trojan. Unfortunately, there are also a variety of websites that the scammers are producing, that portray themselves as an “Antivirus 2009 removal tool,” while they simply install and run the same sort of bogus software. How do you tell the difference between a legit site and a bogus one? Check out listing number 7 on Aibek’s list of essential security downloads. The Web of Trust is a great tool to identify dangerous fake antivirus sites.
2. Conficker Worm Installs Spyware Protect 2009
Do you remember the recent Conficker worm fiasco that had IT folks around the country scrambling to patch PCs before they could get infected? Well, an April 10th, 2009 article on CNET reports that investigators finally have a clue behind the motives of the Conficker worm creators. Apparently the motive is to make money using fake antivirus software and they attempted to do so by having the Conficker worm install antivirus software called Spyware Protect 2009 on target computers.
The technique used is essentially the same as the other fake antivirus applications. The software provides users with a list of nasty infections that their computer allegedly has, and the only way to remove them is by visiting the website and submitting your credit card information in order to buy the full version. Apparently the whole point of the Conficker worm was yet another fake antivirus scam. Obviously, if your computer ever displays the window above, you’re likely infected with the Conficker worm.
3. PC AntiSpy Returns Fake Spyware Results
Another application that returns bogus results, listing some of the worst known spyware applications as infecting your computer is PC AntiSpy, a bogus spyware-fighting application that is nothing of the sort. Instead of helping you keep your computer clean, this application uses scare tactics to get users to click on a link to pay for a version of PC AntiSpy that can remove the nasty Spyware that supposedly exists on the computer.
As you can see, some of these software packages appear pretty authoritative and legit. Unfortunately the only real functionality they have is acting as a trojan. Like many other fake applications like this one, a multitude of helpful websites and forums post instructions on how to remove it. Scammers are becoming sneakier — they too start their own “how to” web page in order to target people who are already infected and looking for help.
4. WinDefender – The Copycat Class of Fake Antivirus and Spyware Removals
Another significant group of antivirus applications are those that attempt to copy the names of legitimate, well known applications. For example, SpyWareBot and TheSpyBot both attempt to copy SpyBot Search and Destroy. These applications depend upon computer users who aren’t technically savvy and aren’t sure exactly what the legitimate software is called. Another example of this is WinDefender, which attempts to copy Windows Defender.
The success of these applications comes from the fact that so many people are, in fact, fooled by the similarity of the application names to legitimate antivirus software. The most important rule of thumb to follow when you’re looking for good antivirus or anti-spyware software is to only shop at websites that you know are reputable. Whenever an antivirus ad automatically pops up unexpectedly on your computer screen, under no circumstances should you ever click the link to “run a scan.”
Final Words – Use Caution and Common Sense
Nothing says that you need to use only Norton or Symantec for your antivirus needs, but if you’re going to branch out and try other software companies, it’s important that you understand the legitimacy and integrity of that company. The examples above are only four of the hundreds of fake antivirus and anti-spyware applications out there – and their names change just as fast as people can figure out that they’re fake. If you need some advice for legitimate antivirus software, check out Aibek’s 2008 poll where MUO users chose the best antivirus software available.
Have you ever been infected by any fake antivirus trojans? Which one was it, and how hard was it to clean it off your computer? Share your experiences in the comments section below.