Sunday, April 3, 2011

How to Spot a Fake Anti-virus Virus

Back when I was writing the blog posts on fake anti-virus, I attempted to find a corrupted website that would attempt to install a fake anti-virus; unfortunately, I never found one then; but I have now!
You can read the article on fake anti-virus programs here: http://computer-skills-online.blogspot.com/2011/02/scareware-be-very-scared.html.  Fake Anti-virus programs account for most of the viruses I end up removing, so this is a very real problem!
Now on to the good stuff (not really), the other day way while I was doing a Bing Image search I clicked on an image from the image search and rather than being greeted by the chosen image, I was prompted with the fact that my computer was infected by viruses!  Now, it is worth noting that this image search was actually from the image on Bing’s homepage (http://bing.com/); so, it should not have been bad!  As for the site that was hosting the virus, judging from the fact that Bing indexed the image on the website at one time; I am guessing this was a legitimate website that was most likely hacked!
fake-antivirus-warning-in-bing-image-search-with-download
Now, the theory is that most users would be worried that their computer is infected by viruses and would click the Clean Computer, and judging by how many customers I have with this problem, I would say that theory is quite true!  However, careful observation leads to several glaring problems with these supposed infections on my computer.
  1. Perhaps the most obvious in the screen shot above (for me) is the fact that the supposed anti-virus scan has the Windows XP look, I am running Windows 7.  Obviously if you running Windows XP, then the supposed anti-virus scan has the right look; with one minor exception, why is it appearing inside of Internet Explorer?
  2. Even if the supposed anti-virus scan had the right look, the screen shot of “My Computer” in the anti-virus scan does not look like my “My Computer.”  From the screenshot above, you can see there is only one hard drive (Hard drive C).  Below I have screenshot of my “My Computer,” and in my real screenshot there are 4 hard drives listed.
    My-Computer
  3. A third small but important difference is the fact that the hard drive in the supposed anti-virus screenshot is labeled “Hard drive C.”  I have never seen a hard disk labeled “Hard drive C” usually drive C is labeled “Local Disk C or with newer operating systems “OS C.”
  4. For the forth problem, we have a mathematics problem.  In the screen shot “Shared Documents” is infected with 5 viruses and “Hard drive C” is infected with 5 viruses; and according to the dialog box that lists all the viruses there are 10 viruses.  Sounds correct right?  There is one major problem, Shared Documents is inside of “Hard drive C,” (C:/Documents and Settings/All Users/Shared Documents).  Hence, there should only be 5 viruses!
  5. For the last nit-picking item, the location of the viruses is in “Shared Documents,” this location is a might fishy and would be more believable if the virus location was “My Documents.”
What should you do if you see this popup?  Immediately close your browser and restart the computer.  If you cannot close the browser window, just restart the computer or if need be kill it (press and hold the power button)!  Once your computer is restarted use your anti-virus program to perform a full system scan.  As long as you did not click on anything in the browser window, your computer should remain clean.  Something to remember with most malicious programs, they do not install themselves, usually some intervention on your part is required!
If your computer is infected, check out my posts here on how to remove them:
Part 1: http://computer-skills-online.blogspot.com/2011/03/cleaning-aftermath-of-virus-part-1.html
Part 2: http://computer-skills-online.blogspot.com/2011/03/cleaning-aftermath-of-virus-part-2.html
Now, it is suffice to say I did not follow my own directions and decided to be stupid, I clicked on the “Clean Computer.”  First thing that pops up is a download dialog box; so, being really stupid, I downloaded the file.  Now with Internet Explorer 9’s new downloader it warned me that this file could harm my computer.
fake-antivirus-warning-in-bing-image-search-download-dialog-box
I decided I was not stupid enough to try running the file and decided the delete option that the Internet Explorer downloader provided me with was the best option.  Sorry to the folks who wanted to see the next post on how reassemble an exploded laptop!
Unfortunately, even though I deleted the file, my laptop was still infected with a virus and it took a few full system scan with Microsoft Security Essentials before it was back to normal!

1 comment:

  1. Hi SA. This has been a great series of posts. I have tucked them away in favorites folders - just in case. Thanks. Have you been keeping up with you-know-who?

    ReplyDelete