The group behind “live-windowsantivirus. com” is having a very busy morning distributing Rogueware XP Internet Security 2010. We grabbed some snapshots for you of the current incarnation of the malware, since users appear to be falling for it in large numbers. The full window and the balloon popup stating “System Danger! Your system security is in danger” must be convincing…
Fake scan results are presented immediately…
As we have been presenting for the past several years, the user is tipped off that something is amiss when their software claims it is “unregistred”, see the window’s title bar.
Following the “Attention: DANGER!” message, the Windows user may attempt to open Internet Explorer. The FakeAv has modified the browser and instead pops up a window, claiming the system is infected with Trojan-BNK.Win32.Keylogger.gen, recommending activation of XP Internet Security 2010…
When the user attempts to activate the phony product, a purchase window for “Windows Defender 2010″ appears…
Running down the side of the page, they make fraudulent claims to have won awards from West Coast Labs and Virus Bulletin:
Entering personal information into the form POSTS the information to “live-windowsantivirus. com” (the domain is registered in Turkey, while the site is hosted in the US at 206.217.211 .243). We recommend you avoid entering any personal information and clean up the infection instead:
ThreatFire prevents it from running on users’ systems as “Trojan.FakeAv”.
Yes I have some trouble with a hackers,but treatfire is excellent!
OMG! This malicious Trojan attacked my computer, infiltrating AVG anti-virus. Threatfire removed the Trojan quickly! I’m so grateful to you Threatfire!
ThreatFire has been protecting my windows xp and now I’ve installed it on my Vista notebook .
I also have PC Tools Firewall Plus protecting my computers ….thank you for keeping me safe !
PC Tools (T-Fire) is the best for average person just looking to protect their investment. THANKS!
My laptop was attacked by this virus and, although I was able with several programs to remove most instances, it had already managed to hide itself in my registry. After a nightmare week, during which I had to actually ship my laptop back to HP for repairs, during which they did less than nothing and returned my laptop in worse condition then when they got it, I was finally able to reinstall my OS and all of my needed programs.
Happily I have now found Threatfire, so hopefully this type of attack is in my past. My boyfriend’s computer received a similar attack last night, so the first thing we are doing is to install Threatfire, and hopefully that will take care of the problem.
FYI – **Most** FakeAV programs like XP/Vista/Windows 7 Antivirus/Internet Security 2010 will NOT allow you to install an antivirus or malware removal program to remove the infection AFTER the infection has already gotten into your computer.
I got hit with this last month while browsing deviantART. My mom was able to get rid of it by stopping it from running at startup and doing a System Restore.
If this thing’s coming from Turkey, it might be funding terrorism.
My laptop was invaded and the result was that everytime I try to log on, it goes in a circle and closes. Has anyone else had this problem? Where did it come from?
Actually, it happened immediately after I looked at a game on Facebook.
I’m always looking into stuff on information that I do not know about. It is tough to search things that you don’t know of, because what do you search for?
Your blog is the type of thing I love to read about regarding something new to me. Great post! Thanks.