I've had a fair share of experience with Fake AVs which inspired me to write about it here - http://softwarecritics.info/malware/remove-fake-antivirus-software/ which I'm sure many readers will benefit from.
Thank you Google for using your reach to help bring the dangers of this blight to more people. I have been on my soap box for almost daily on my web site and to my clients about this.
Thank you for your research on rogue security software. It's a big issue and one that we hear about from our readers all the time.
We put together an overview for the novice on how to spot - and stop - rogue security software that may be of help to the less-techie folks out there: http://www.techlicious.com/how-to/protect-yourself-from-fake-security-software/.
Colour me a cynic, but when I see an article about fake AV software with just three comments each promoting a blog with, presumably, links to 'recommended solutions' - I wonder whether the fox is already in this particular hen-house.
Your concern is valid. However, this Google post doesn't help you identify or remove rogue security software; we thought we'd provide some information on how to do so.
Most of our recommendations come from Symantec and other (real) security companies, and we echo Google's advice to only purchase software from known providers.
Our articles are written by professional tech journalists. Unfortunately, as your comment shows, it is very difficult in the Internet world to differenitate between real advice and scams.
The biggest problem I've found in dealing with and removing these types of malware is:
There are so many variants that it seems no blog post ever covers the particular variant you are dealing with.
Also, the blog posts are generally out of date by the time you need them. For the most part, if you are in the business of ridding computers of these sorts of nasties, you just need to grab as many tools as possible and hope that the variant you are dealing with can't block them all!
For instance, my father just got hit with one called "Anti-virus Suite". All the usual apps, autoruns, rootkit revealer, ComboFix (and many others) were unable to even see it. By complete luck, it didn't disable Microsoft Security Essentials, which was able to remove it in just a minute once I realized this.
If it was anyone else besides my father (or a well-paying customer), I would just do a clean install on the system and be done with it.
I am most interested in how they are able to get their malware sites so high in the Google search pages. Can you blog more on how and what you are doing to prevent them from appearing in your searches?
Thanks Google!!! This blog is very helpful to alot of people because more and more everyday computers are being attacked by FAKE anti-viruses. I hope that this reaches as many people as possible before it happens to them as well.
I had the same probelm not to long ago but finally decided to buy Norton AntiVirus and everything is back great now!
Like "Math" Post, my kids and I had many hits of these fake Anti-Virus programs during our browsing.
I also wrote a post to give details about my experiences. http://securedsearch.blogspot.com/2009/09/hackers-outsmart-google-in-search.html
I am glad that Google is trying to fight against these pesky malwares. But I think Google really needs to work on their search results to prevent those malware sites ranked so high.
I am a victim of the current fake Internet Security Tool pop-up virus which sabotages my browsing among other things. Interestingly, I think I have the IP address and the script for the pop-up part of the virus, which clearly includes a hosting URL/domain, which on searching WhoIs shows it was registered to an owner in the Bahamas. For your interest here is what I discovered - Domain:
WhoIs Lookup Details - http://pmpcolv.com
Domain pmpcolv.com
Date Registered: 2010-4-21 Date Modified: 2010-4-21 Expiry Date: 2011-4-21
DNS1: ns1.pmpcolv.com DNS2: ns2.pmpcolv.com
URL/IP address of (I believe) hosted source code: http://64.20.51.6/ie.en.js
I have sent an email to the registrar and hosting company of the above domain - Internet.bs Corp.
If you realy want to make sure you and your loved ones dont get hit by these sorts of programs again. Kill them from the source tell everyone you can contact to never under any circumstances pay these guys. The one thing I can see in common with all of these programs is they require you to pay with your credit card to remove them. If no one pays them their will be no incentive to hold peoples computer hostage anymore. Put this up on your myspace, facebook, hell even your twiter. If we spread the idea like a virus to dry these guys out no one will take the risk again to make these programs again.
I am personally grateful I recently even discovered another trick. I signed on to a website I thought was for socializing only to discover it was merely a means to gather e-mail adds for spamming campaigns. So that's another way they operate.
Thanks Google I followed your advice and will continue to do so..
Really there are many fake antivirus on the net and it is diffcult for the user who are using free virus protection software for their computer's and laptop. All we do is spend some dollar and buy a branded antivirus like kaspersky or McAfee.
14 comments :
I've had a fair share of experience with Fake AVs which inspired me to write about it here - http://softwarecritics.info/malware/remove-fake-antivirus-software/ which I'm sure many readers will benefit from.
Thank you Google for using your reach to help bring the dangers of this blight to more people. I have been on my soap box for almost daily on my web site and to my clients about this.
Thank you for your research on rogue security software. It's a big issue and one that we hear about from our readers all the time.
We put together an overview for the novice on how to spot - and stop - rogue security software that may be of help to the less-techie folks out there: http://www.techlicious.com/how-to/protect-yourself-from-fake-security-software/.
Colour me a cynic, but when I see an article about fake AV software with just three comments each promoting a blog with, presumably, links to 'recommended solutions' - I wonder whether the fox is already in this particular hen-house.
i have had similar pop-ups opened up before (as shown in this post), but is there a way we can report the sites (ip address, url) to someone?
Akinity,
Your concern is valid. However, this Google post doesn't help you identify or remove rogue security software; we thought we'd provide some information on how to do so.
Most of our recommendations come from Symantec and other (real) security companies, and we echo Google's advice to only purchase software from known providers.
Our articles are written by professional tech journalists.
Unfortunately, as your comment shows, it is very difficult in the Internet world to differenitate between real advice and scams.
Best,
Josh Kirschner
Founder, Techlicious.com
The biggest problem I've found in dealing with and removing these types of malware is:
There are so many variants that it seems no blog post ever covers the particular variant you are dealing with.
Also, the blog posts are generally out of date by the time you need them. For the most part, if you are in the business of ridding computers of these sorts of nasties, you just need to grab as many tools as possible and hope that the variant you are dealing with can't block them all!
For instance, my father just got hit with one called "Anti-virus Suite". All the usual apps, autoruns, rootkit revealer, ComboFix (and many others) were unable to even see it. By complete luck, it didn't disable Microsoft Security Essentials, which was able to remove it in just a minute once I realized this.
If it was anyone else besides my father (or a well-paying customer), I would just do a clean install on the system and be done with it.
I am most interested in how they are able to get their malware sites so high in the Google search pages. Can you blog more on how and what you are doing to prevent them from appearing in your searches?
Thanks Google!!! This blog is very helpful to alot of people because more and more everyday computers are being attacked by FAKE anti-viruses. I hope that this reaches as many people as possible before it happens to them as well.
I had the same probelm not to long ago but finally decided to buy Norton AntiVirus and everything is back great now!
Like "Math" Post, my kids and I had many hits of these fake Anti-Virus programs during our browsing.
I also wrote a post to give details about my experiences.
http://securedsearch.blogspot.com/2009/09/hackers-outsmart-google-in-search.html
I am glad that Google is trying to fight against these pesky malwares. But I think Google really needs to work on their search results to prevent those malware sites ranked so high.
I am a victim of the current fake Internet Security Tool pop-up virus which sabotages my browsing among other things.
Interestingly, I think I have the IP address and the script for the pop-up part of the virus, which clearly includes a hosting URL/domain, which on searching WhoIs shows it was registered to an owner in the Bahamas.
For your interest here is what I discovered -
Domain:
WhoIs Lookup Details -
http://pmpcolv.com
Domain pmpcolv.com
Date Registered: 2010-4-21
Date Modified: 2010-4-21
Expiry Date: 2011-4-21
DNS1: ns1.pmpcolv.com
DNS2: ns2.pmpcolv.com
URL/IP address of (I believe) hosted source code:
http://64.20.51.6/ie.en.js
I have sent an email to the registrar and hosting company of the above domain -
Internet.bs Corp.
any comments or feedback would be appreciated.
If you realy want to make sure you and your loved ones dont get hit by these sorts of programs again. Kill them from the source tell everyone you can contact to never under any circumstances pay these guys. The one thing I can see in common with all of these programs is they require you to pay with your credit card to remove them. If no one pays them their will be no incentive to hold peoples computer hostage anymore. Put this up on your myspace, facebook, hell even your twiter. If we spread the idea like a virus to dry these guys out no one will take the risk again to make these programs again.
I am personally grateful I recently even discovered another trick. I signed on to a website I thought was for socializing only to discover it was merely a means to gather e-mail adds for spamming campaigns. So that's another way they operate.
Thanks Google I followed your advice and will continue to do so..
George
Nigeria
Really there are many fake antivirus on the net and it is diffcult for the user who are using free virus protection software for their computer's and laptop.
All we do is spend some dollar and buy a branded antivirus like kaspersky or McAfee.
Post a Comment