Malware Alert: Don’t fall for antivirus scam posing as legitimate Microsoft product

By JIM BROOKS
Nelson County Gazette

Friday, Nov. 12, 2010 – Microsoft Security Essentials is a free anti-virus download that is useful to users hoping to keep their PC’s virus-free. But a rogue malware program is circulating now that impersonates the Microsoft program in order to trick computer users into spending money to get rid of “viruses” it has detected.

This type of rogue antivirus malware isn’t new; but what is new is that this software uses alerts that are identical to the Microsoft Security Essentials interface.

The rogue software, dubbed FakePAV, will display a dialog box warning when users try to use certain applications. In my case, it shut down my all of the PC’s web browsers (Google Chrome, Firefox and Internet Explorer). The program will also disable the Task Manager, so you use it as a tool to see what processes are running so you can disable the rogue. FakePAV will disable a long list of applications, including Microsoft applications and all antivirus software.

When users attempt to use an application, a dialog box pops up, claiming that the application file is infected. Users are prompted to “Apply Actions,” “Clean Computer,” or “Close.” Additional attempts to start “infected” programs will result in a new dialog box warning of the “infection.”

If the user clicks “Clean Computer,” a fake scan takes place that fails to remove the “infections.” The user is prompted to complete an “online scan,” giving the user a choice of five phony but legitimate-sounding antivirus software programs. The list includes Major Defense Kit, Red Cross Antivirus, Peak Protection 2010, Pest Detector 4.1 and AntiSpy SafeGuard.

Some versions of FakePAV will display an array of 35 antivirus programs, with only five of those listed above as being shown to be able to remove the alleged infection. The five are different versions of the same program.

FakePAV shuts down most PC’s applications, in turn making the machine nearly unusable in order to prompt the user to agree to pay for the “full” version of one of the five phony antivirus programs.

To find out how to cure a PC suffering from FakePAV, click here to read the related story on The Nelson County Gazette.

PREVENTING INFECTION. Here are some tips to avoid being infected by malware like FakePAV:

Use your firewall. Know how to check your computer’s security software to insure you have a firewall in place. Windows XP, Windows Vista and Windows 7 all have a firewall. The firewall will help protect your computer against malware.

Use antivirus software and keep it updated. This writer’s recent bout with the FakePAV was partly the result of my failure to keep my antivirus software updated. It is important to keep your software updated and to have it run regular scans of your computer.

Enable User Account Control if you are running Windows Vista or Windows 7. This writer had UAC turned off because it will ask permission every time there are changes to your computer; as such, no changes will take place without your approval. While the “nag notices” get old, they’re there for a reason. To turn UAC on, click the “Start” button and go to the Control Panel. Click “User Accounts” and if UAC is off, turn it back on and click “OK.”

Be wary of website links that you receive via e-mail, instant message, or via Facebook, MySpace, Twitter, etc. Never click on an e-mail attachment unless you’re certain someone you trust sent it. If you have doubts about the attachment, contact the sender to confirm it is a file you should open.

Be careful when downloading files off the Internet. Nearly any type file – including Word documents and Adobe pdf files – can contain hidden malware.

Avoid file-sharing applications like Bit Torrent and any similar download files. These types of file applications are nearly guaranteed to be filled with infected files.

-30-