Just recently, a customer brought a computer to me saying that they had a virus and wanted it removed. After taking a look at it, it became evident that the main problem was actually a piece of malware in a category called a "trojan horse". This particular trojan presented itself as a fake antivirus program and popped up frequent messages about various files being infected, and asked, "Would you like to run your antivirus program?" Yes, this unwanted software looked legit, and pretended to be their friend, but was really backstabbing them. This category of software is further defined as "rogue antivirus" and sometimes called "scareware."

What It Did, What Could It Have Done? 

antivirusscanThe particular rogue antivirus program that this customer ran in to was called, "Antivirus Scan". It behaved just like every other rogue antivirus program in that it popped up relentlessly warning the user that their computer was infected with a virus (actually several of them) and asked if they wanted to clean the computer or continue unprotected, even though their computer was actually otherwise clean. The typical behavior of these programs is to request payment to unlock the "full version" to allow the computer to be cleaned. This program was no different. It appears that this customer was cautious enough to NOT type in their credit card information, as doing so would most likely result in the theft of this card information and additional charges being added to their account.

What else might this software have done? There was strong evidence that this software was monitoring all their web traffic, and could have been stealing passwords and other personal information. Software in this category is also typically over-zealous about alerting you to a fake infection and convincing you to pay for a non-existent paid version of their software.

How Can You Get Rogue Software?

Many of us use Google or another search engine to search for things, and we trust that the results are things that we want. Most of the times, we find what we need, but there are other times when we may see flashing ads teling us that we are the 1,000,000th visitor and we won an iPod or something else. Occasionally, instead of an ad, you may see a popup doing the same thing. However, there are times that these popups can look like a pretty legit message telling us that our computer is out-of-date and needs some updates to keep it protected. These fake message are trying to trick us into downloading a program that we really don't need. Be cautious on-line!

Recognizing Fake Software

Many times fake software is uninvited, but you have to be cautious about what gets installed on your computer. Be careful of uneducated users, and especially teens that don't seem to be cautious about what they do on your computer. To help you recognize fraudulent software, consider this list:

  • Was it instlled without your knowledge?
  • Does its website look like a child build it?
  • Does the payment screen look thrown together?
  • Does the website lack basic information?
  • Does the program perform poorly?
  • Do you already have other antivirus?
  • Is your firewall disabled?
  • Are your updates disabled?

Consider all of this when deciding what to trust on your computer. When in doubt, consult a computer support expert.

The End Result

The customer's computer was successfully cleaned and began to run (almost) like new again. We removed a bunch of "hogware" programs, installed good antivirus/antispyware programs and scanned the computer for further infections. Things worked out well for the health of the computer, but it would have been better yet if it were caught befor it dug its nails into Windows and caused mischief. A fully-updated antivirus and anti-spyware program combined with an educated user works wonders.

Resources