Fake AV gets Deep into System

Friday, July 19, 2013 @ 05:07 PM gHale


Similar to other fake security apps, a new antivirus program pretends to scan the computer and informs the user it found several threats. In order to clean them up, the application must be registered, a process which costs a certain amount of money.

However, unlike other similar threats, the program, called Antivirus System, scans files that actually exist on the victim’s device. Despite the fact it doesn’t do anything useful, the victim might believe it does after seeing his/her files appear in the list of infections.

RELATED STORIES
Fake Antivirus: ‘System Doctor 2014’
Malware Programs Feed Off Each Other
Win 8 CAPTCHA Malware
Trojan Speaks Local Languages

In addition, the Fake AV also sports some features that are common for legitimate security solutions.

Usually, such threats can easily end up removed by booting up the computer in safe mode and scanning the device with a legitimate antivirus or Internet security product.

Antivirus System is not that easy to remove. That’s because the malware injects itself into the explorer shell, which is in safe mode as well.

This allows the threat to prevent the victim from launching any executable.

If the malware does manage to infect a device, here are a few tips: Start your computer in safe mode with command prompt. This mode doesn’t launch explorer shell, so the Fake AV will be inactive. Then, create a new administrator account by typing “control nusrmgr.cpl.” Once you created the account, reboot the computer and log in to the new account.

This new account will not have the virus, so you’ll be able to launch a legitimate security product and remove the malicious application.



Leave a Reply

You must be logged in to post a comment.