Tag Archives: Antivirus

G Data Offers Free Fake Antivirus Removal Tool

May 16, 2011Security, Software, VirusAntivirus, G Data, SecurityAndrew

If you or a friend have been conned into installing one of the fake anti-virus tools that has been doing the round recently, you’ll be delighted to hear that G Data are offering a free tool to remove the most prevalent type of scareware, “System Tool”.

Many of us will have seen those pop-ups claiming that our PCs have been infected and most of us will have dismissed them for the scams that they are. However, some people are taken in and G Data has seen an increase of 35% over the past 15 months in this type of fake AV. And if you are taken in, it’s a double whammy, with the criminals getting your credit card details while your PC remains under their control for further malicious activity.

“The development and deployment of scareware has become a highly profitable business. Fake antivirus programs have a double benefit for cyber criminals: they receive money from users who purchased a ‘full version’ of their useless tools and they get hold of the victims’ credit card data. To make matters worse: the fake AV programs often also put online criminals in a position that allows them to download additional malware onto their victims’ computers”, explains Eddy Willems, Security Evangelist at G Data.

The instructions for running the cleaner program is:
1. Download G Data FakeAV Cleaner from the G Data website: http://www.gdatasoftware.co.uk/support/downloads/tools.html. It’s down at the bottom of the page.
2. Run the G Data FakeAV Cleaner setup file. The G Data FakeAVCleaner “System Tool” has to be executed with the Windows user account that is infected. As the FakeAV “System Tool” shuts down all user initiated programs which do not have any kind of reserved name, like explorer.exe, winlogon.exe or svchost.exe and many more, the file name for the G Data FakeAVCleaner is svchost.exe
3. Reboot the computer to finalise the installation.

If you are interested in the background to this kind of threat, G Data have a complementary blog post discussing some of the issues and demonstrates a scareware infection.

The Helpdesk is Closed…Until Next Christmas

January 4, 2010VirusAnti-Virus, Antivirus, trojan, virus scannerAndrew

Regrettably, I don’t get to see my folks as much as I’d like….there’s 500-odd miles and a sea between us, so it was a rare pleasure for my parents to visit me over Christmas for a few days.

After a day or so, my dad says to me, “Could you have a look at my laptop? Every now and then a strange Asian website keeps popping up. I thought I had a virus but the virus scanner says all is well.”

So I had a look….and yup, he had a trojan. Not a particularly nasty one and easily removed armed with instructions from the web. It was a variant of W32/Autorun-TR or Win32.Worm.Agent.QAL depending on your nomenclature. I have to recommend Avira’s Antivir Rescue System which is a bootable CD that will scan the hard disk for infection – download from here. It’s an essential item for every geek – the Rescue System picked up the virus straight away.

However, what was more interesting was (a) how did he get the virus and (b) why didn’t his (corporate) anti-virus software pick the virus up?

Dad’s an MD for a specialised engineering firm, so he travels a little. He’s reasonably technically-savvy but not an IT expert. It transpired that he’d been in China recently and had shared a USB memory stick with a local agent. This matched the modus operandi of the virus so that part of the mystery was solved.

What I couldn’t understand was, given the age of the virus (late 2008) and that the corporate antivirus software appeared to be working, why it hadn’t the trojan been picked up as soon as the USB stick was plugged in?

A little further digging revealed the problem….although the AV software was working, it hadn’t successfully installed new virus signatures in over a year – the last successful update was from mid-2008. The signatures seemed to download ok, but they never got installed into the AV engine properly. If I forced it to download updates, the activity bar would go to 100% and the window would close, so everything looked ok, but if I subsequently went to the dialog which showed the signature version, it was unchanged.

I’m not going to name which anti-virus software it was because I suspect part of the issue might be that my dad’s company hasn’t paid its annual licence and therefore isn’t entitled to updates. However, I think it’s very poor that there isn’t a warning on startup clearly saying, “Virus signatures are now 18 months out of date – system at risk”. If Dad had seen that 17 months ago, he would have been on to his IT dept straightaway to get the licences paid (or whatever remedial treatment is needed). A severe virus outbreak could literally put the company out of business, so I suspect someone will be starting 2010 with an important task from the MD.

As geeks, we often get asked to provide a little free support at Christmas and other holidays. While it may sometimes take us away from the drinks and the mince pies, it has to be our way of returning the favours that our friends and family do for us the rest of the time.

See you next year, Dad.

Panda Names Downloader.GK Worst Virus of 2004

January 2, 2005Crime, Dave's Muse, Information, Operating Systems, Security, Services, Software, Technicalactivescan, adware, Antivirus, downloader.gk, malware, panda, spyware, trojan, Virus, WormTodd Cochrane

Panda Software, a respected vendor of antivirus software applications within the technical community, has named a Trojan, Downloader.GK, as the most malicious virus of 2004. Even though Downloader.GK isn’t technically a virus, an application that independently distributes itself, the program has caused the most damage to users’ computers, according to data collected by Panda Software’s ActiveScan process.

Continue reading Panda Names Downloader.GK Worst Virus of 2004 →

Bofra Worm Gets Past Antivirus Software

November 26, 2004Commerce, Crime, Dave's Muse, Information, Operating Systems, Security, Services, Software, TechnicalAntivirus, Bofra, Firefox, Internet Explorer, Microsoft, Opera, Popup, Security, WormTodd Cochrane

Users of Microsoft Internet Explorer and Windows XP Service Pack 2 (SP2) are vulnerable to infection by the Bofra worm, downloaded through website banner ads.

The Bofra worm, previously described only as a variant of the MyDoom worm, takes advantage of the iFrame vulnerability in Microsoft Internet Explorer; Microsoft has not yet been able to release a patch that repairs this security hole. According to SANS Internet Storm Center, sites in the U.K., the Netherlands and Sweden have been infected, including The Register, tech website. The Register advises users who visited the site between 6:00 A.M. and 12:30 P.M. GMT on Saturday November 20, 2004, to check their machines for possible infection by the Bofra worm.

Bofra Skirts Antivirus Software
The more significant problem is that the Bofra worm, which is a spyware application cannot be detected by most antivirus software applications. Repairing the effects of this worm are difficult and costly. The effect of the worm is so many popups and unwanted software installations that the computer will slow to a crawl and be, effectively, useless. Many users will be forced to rebuild their drives from scratch, starting with a reformatting and reinstallation of Windows.

Dave’s Opinion
Affected users who are fortunate to not lose all of their data files will do well to rebuild their computer and stop using Microsoft’s integrated web browser. Until Microsoft is able to take security seriously and create a stable, secure browsing platform, Windows users should move to alternative web browsers such as Firefox or Opera.

Call for Comments
What do you think? Leave your comments below.

References
SANS Internet Storm Center
The Register
Firefox
Opera
Message Center