Brian St. Marie - Sr. Systems Engineer
Although I don't normally focus on malware removal, this particular malware has been coming around a lot lately. Several customers have asked me about it, as it's quite convincing.
Ever since Windows XP Service Pack 2, security measures in Windows have become much more visible. Users are now used to seeing pop-ups and other notifications from Windows when their system may be at risk or is infected with something. Unfortunately, virus and trojan writers have jumped on this opportunity, creating malware programs which try to look like they are actually security components of Windows.
The scenario goes something like this:
1) User becomes infected with malware.
2) The malware begins popping up fake notifications warning that the user's system is infected, usually claiming many, many different viruses and trojans.
3) These fake security messages usually indicate that all the bad programs can be removed, if the user is willing to buy the "full version" of the software.
Essentially, these programs are a big money scam. They sneak onto the user's computer, then claim to detect hundreds and hundreds of viruses, which the software can remove if the user is willing to pay. Of course, if the user does pay, the program simply removes itself, which was the whole problem to begin with!
Usually, these programs are easy to spot, because there are clear typos or nonsense English in the messages that tip users off that something is not right. However, the newest of these I've seen, called "Internet Security 2011", is very good at looking like a real part of Windows. Thankfully, many users know better than to spend money on software before consulting with their IT help, which gives us a chance to get onto the system and remove the root of the problem.
The process for removal is actually quite simple, but should only be done by a qualified IT person as the programs used can cause serious damage to your system if not used correctly. The simplest process for removal involves running ComboFix, which essentially removes all traces of the rogue malware. I think typically it will install and run the latest version of Malware Bytes, just to ensure the system is completely clean. A very easy process, but a very nasty malware program nonetheless, simply due to its convincing nature.
Don't let yourself be tricked by malware writers into buying their supposed security products. If you're getting odd pop-ups or being told you need to "register" your software to be fully protected, Contact Us today to make sure you aren't being tricked and that your system really is fully secure.