AntiVirus 2009 Virus Getting Harder to Clean

I’ve just completed the cleanup of another client’s computer that was attacked by one of the latest insidious Trojan/Scareware versions of AntiVirus 2009. This is the fourth client who has had this attack in the last few weeks. Each of these users is a remote user on a home PC, and each instance seems to be getting more and more difficult to get rid of. (I guess that this just proves that the bad guys are committed to their craft. They are working hard to stay ahead of the good guys.) This time it took me a good 3 hours to completely eradicate the virus.

Social Hacking at its Best

The first question I was asked each time was, “How did this happen?” These clients were simply surfing the web and checking out their favorite web sites when, suddenly there is this frightening Pop-Up message… “Warning! Spyware detected on your computer!”

The majority of computer users are scared silly (which is the objective, of course), and they immediately succumb to the temptation to click on the button provided, hoping that this will stop whatever has taken over their session.

This is when the real trouble begins. The message is fake, and they aren’t really infected… yet. Once they click on the message, however, a Pandora’s Box will open and all sorts of really nasty stuff is released into all sorts of nooks and crannies within their system.

Don’t Give them Money!

To make matters worse, by clicking the ad, a “registration” screen presents itself . Once victims click on that, they are taken to a web site where the crooks try to sell an anti-spyware solution. This “solution” does nothing, and potentialy can do even more damage to the computer. If average PC users have gotten this far, they are at the point where they whip out their credit cards and pay the fee (anywhere from $29.95 to maybe $69.95) for the proposed, but useless, “solution”.

Even worse is the fact that thieves, who set up this type of scam, now have access to the user’s credit card or banking information. There is the potential for the scammers to empty bank accounts or max out the credit cards. Even worse,  they can use the information for full identity theft scams.

Keep an Eye Out for These Scams

The only defense against these scams are knowledge, research and being aware that these scams exist. Following, is a short list of some of the worst of these scams:
•    AntiVirus 2008/2009/2010:  These look like anti-virus ads,  but will completely infect a system and hijack your browser.
•    AntiVirus Plus:  This one looks like a Microsoft Security Center page to make the user think that this is an update or Microsoft generated/approved piece of software.
•    AntispywareXP 2009 or XPAntispyware 2009:  This one continually generates false alerts and scan results that will overload your system and slow it down. The effect worsens very quickly as it digs deeper into your system.
•    WinDefender 2009:  This program looks like a legitimate spyware program and will always find malware on the system. Unfortunately, everything it finds is bogus and is merely an attempt to frighten the victim enough to get him to buy the software.
•    AntiVirus Sentry:  This virus often downloads itself without any click by the user.
•    Security 2009 and ProAntispyware 2009:  These packages even advertise themselves on the web as a legitimate applications.
•    RapidAntiVirus:  This package is one of the most overtly malicious. When it runs on your system, it identifies legitimate system files as malware convincing the user to remove the files, which results in a complete crash of your PC.

The Bottom Line

The bottom line is this. Cleanup has taken hours of my time and caused lost productivity for my clients. In addition, they have had to pay for the hours, or have had the time deducted from their available support hours, for something very avoidable. Be careful where you surf and what you click.

While much of this information comes from personal experience working to cleanup client computers, some of it has been culled from research on the web, including Computer World and Download.com.