NAS Technology Consulting

AntiVirus and AntiMalware

April 27th, 2011

You do not want an infected computer!  That is the fear that this particular crap ware variant plays upon.  By mimicking what looks to be an official security scanner, the software informs you of fake infections and asks for your credit card to unlock the full version features to clean your PC.  Do not enter your c.c. numbers anywhere!  That is the SCAM.

http://www.precisesecurity.com/rogue/xp-total-security-2011/

“XP Total Security 2011 is a deceiving security program that will pop-up excessive alerts and warning messages aiming to persuade computer users into obtaining the licensed version of the program. XP Total Security 2011 virus usually spread by means of a Trojan that is able to invade a computer by means of rootkit technique. With this method, Trojan or virus will be able to install itself on the target computer without being detected by any legitimate anti-virus application. Other variants of this applications includesWin 7 Total Security 2011 and Vista Total Security 2011. Their existence will provide several annoyances including browser redirection where-in requested web pages will be re-routed to a different server. As expected these web sites will able to download more threats on the already infected PC… Also, XP Total Security 2011 will block any applications to be executed. It will state the the opened program contains viruses and must be immediately remove with the full version of XP Total Security 2011. This deceptive method to promote a rogue program is always been a tactic by rogue developer. They will earn enormous profits from this online fraudulent activity so be careful with it.”

The removal of such nefarious software can be done for free.

xpsecurity2011

Step one to remove the “popular” XP Security 2011 and other variants is to use RKill before attempting to run any AV.  To note:  “RKill only terminates a program’s running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again”.  Then run through the following cocktail of six security scanners to remove and verify removal of the crap ware.

RKill:

http://www.bleepingcomputer.com/download/anti-virus/rkill

Malwarebytes:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

“manually copy the database from a working computer – database file is stored in the following locations.
* Windows XP and 2000:
C:Documents and SettingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malwarerules.ref
* Windows Vista and Windows 7:
C:ProgramDataMalwarebytesMalwarebytes’ Anti-Malwarerules.ref”

Microsoft Malicious Software Removal Tool:

http://www.microsoft.com/DOWNLOADS/en/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

SuperAntiSpyware Portable Scanner:

http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE

Microsoft Safety Scanner:

http://www.microsoft.com/security/scanner/en-sg/default.aspx

TDSSKiller (rootkit remover):

http://www.bleepingcomputer.com/download/anti-virus/tdsskiller

Finally, the last step is to install the free AntiVirus software from Microsoft called Security Essentials.  In addition, I typically also configure Spybot Search and Destroy to use it’s “Tea Timer” and IE Protection.

Microsoft Security Essentials:

http://www.microsoft.com/en-us/security_essentials/default.aspx

Spybot Search and Destroy:

http://www.safer-networking.org/en/index.html

How to keep from getting infected with crap ware.  I often times have people ask how to make sure this doesn’t happen again.  Many times the problem rides in on an unattended installer masquerading on a banner ad.  Hackers tend to target the largest base and infecting banner ad companies such as ad.doubleclick.net must return the biggest results.  I recommend running Firefox 4.0 with the AdBlock extension or Google Chrome 11 with AdBlock extension.

Firefox AdBlock Plus Extension:

https://addons.mozilla.org/en-us/firefox/addon/adblock-plus/

Google Chrome AdBlock Extension:

https://chrome.google.com/webstore/detail/gighmmpiobklfepjocnamgkkbiglidom

1 Comment

  • NAS Technology Consulting – Malware and Virus Removal for 2012
    July 30, 2012 at 11:56AM

    […] This is an updated round up of security tools used for Windows PC cleanup and virus removal.  The original post can be found here: http://www.nickshertzer.com/wordpress/?p=247 […]