1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Where do these rogue antispyware programs come from??!?

Discussion in 'General Security' started by HOBOcs, Apr 3, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. HOBOcs

    HOBOcs Thread Starter

    Joined:
    Jan 5, 2004
    Messages:
    8,699
    First Name:
    Jim
    Over the past 3 weeks I've been inundated with laptops/computers that have these "Rogue" anti-spyware programs on them (three new laptops this weekend). "Security Tool, XP 2010, Vista Security tool and the likes...."

    I've been successful using "my experience" and Malwarebytes and a few other tools to get these off. But it is taking it's toll on me and I'm getting frustrated. Note: I am an experience "Malware Fighter/Anti-Crusader" or whatever - but not actually certified by TSG. I probably should be.

    What's bugging me is I'm not able to pinpoint the source of these so I can tell my customers "where to be aware".
    I can't even recommend a proper tool like AVG, Norton or McAfee and be confident that they will have it covered.

    I assume that a lot are sourced from Facebook users passing things around or the "latest trick" - like a "Youtube like" weblink asking you to download a new version of "Flash" or some other utility whne it is fact a dummy rogue piece of crap.
    I
    f I every get hold of one of these guys...
    I'd drop kick'em through "the goal post of Life" ... and as the old saying goes..."to the moon alice!!!

    Not looking for a specific answer here ... just frustrated.
    If you have some ideas on how I can message my customers for better protection - add your feed back here.
    If you are aware oftrue antivirus tools that will offer protection from these rogues let me know.
     
  2. jiml8

    jiml8 Guest

    Joined:
    Jul 2, 2005
    Messages:
    2,634
    does spywareblaster have any effect on preventing these things from installing?

    I've had to clean up my share of Windows systems in the past (never mine) but mine NEVER get infected due to my policies, procedures, and maintenance. Therefore I can't claim to be current on the state of malware in the Windows World.

    Mostly I browse using Linux, and I do all downloads using Linux, and if I am suspicious I disassemble it and look at it before letting Windows anywhere near it.
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    In my experience, it happens from "drive-by downloads" or an infected email attachment.

    I think it may be difficult to point to a specific source. There are many sources.

    A user may choose to Google something specific. They'll get many results and just happen to click on the wrong one that appeared safe. Then boom. You're told you're infected and use this software to remove it.
     
  4. HOBOcs

    HOBOcs Thread Starter

    Joined:
    Jan 5, 2004
    Messages:
    8,699
    First Name:
    Jim
    Hey CB
    Yes the email attachments are the killer and it's the self discipline that is required not to open them if you can.

    One user mentioned they opened an attachment from "Fed Ex", the other was in facebook and clicked on a sent link to youtube.
     
  5. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Unfortunately we cannot teach common sense :)
     
  6. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    When using Google, you may find WOT very useful.
     
  7. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Looks like i am the kid here! What the previous posts in reply, hold good waters, i especially use and recommend three tools in your right-click context menu, 1)WOT (as phantom said) ,2)LinkExtend (an add-on in FF) and those folks who have Kaspersky A-V or KIS 2010, get the benefit of a Kaspersky URL Advisor.

    I personally like and recommend Link Extend,because various parameters are examined and UNLIKE WOT, EIGHT SOURCES ARE USED(AS THEY CLAIM--SORRY FOR THE BOLD TYPE), to "evaluate" a site's safety! Click a link and sink or use these tools and swim!

    I have been advised many a times that one should be absolutely(?) on the button with MS/IE updates!

    I request you to scan this site, which may prove helpful. : http://spywarewarrior.com/rogue_anti-spyware.htm

    The forbidden apple is very tempting,as i personally found out! When i was a very naughty boy of Eight,slightly pampered (juvenile Diabetes), with my maternal uncle sitting with me and taught me how to use a computer.So, i naturally mis-used it--->torrent downloaded so many mp3 songs and albums on the sly, that the Viruses and self were co-existing on the same IBM machine! Now i have mended my ways (thanks to cookiegal)! Easter was gloomy at Home, with nobody eating the eggs,more because i am gonna go off to Medical school and mom's dead worried about how i'll cope up with all the stress! I told her that i'll befriend a nice and friendly girl from my class of 45 students and make her sympathize with my lot (sure fire way to fall in love,i guess)! Hey,phantom, the chocolates ,i will pay!
    You may actually introduce the concept of "Sandboxie" to your customers and let them see what they want! I am saying this because neither you nor i are preaching from the pulpit! As Cheeseball correctly said"it's difficult to teach good ways(?), while computing.

    "Virtual computing" is another way. I am not very sure how good it turns out in the end for your customers. i will suggest a website, but i am sure there are better ones! Site : http://www.vmware.com/products/player/

    WOT can also be used with Google Chrome browser and IE (for those who use IE) .Website : http://www.mywot.com/

    Kindly view this snap:
     

    Attached Files:

  8. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Dr.Web LinkChecker was another useful tool that used to work with the right-click context menu. For an obscur reason, the service is not working anymore... :confused:
     
  9. Snagglegaster

    Snagglegaster Banned

    Joined:
    Sep 12, 2006
    Messages:
    1,906
    I don't believe that email is the principal channel for disseminating malware these days. I'd say the most common method is websites that are either malicious by design, or have been compromised. By compromised sites I mean not only those that have been actively hacked, but also sites which inadequately screen advertisers and thus host ads that link to malicious sites.

    Not that I intend to pick on Neopets, but it's a perfect example of what I mean. A couple of years ago, I had to block Neopets on the home computers because, over a period of three months or so, my kids twice clicked game links that opened windows which prompted them to download fake AV software. At roughly the same time, they were treated to ads on the site for Adult Friend Finder. Neopets wasn't unblocked until I was satisfied that they had addressed their security lapses.

    I'm sure I'm going to be raked over the coals for this, but I would say that a good AV program such as NOD32, Avast!, or Norton is as likely to block malware in realtime as Superantispyware, the paid version of Malwarebytes Antimalware, Spysweeper, Spyware Doctor, or any other program out there. Unfortunately, my confidence in realtime blockers is pretty low.

    I try to instill a healthy sense of paranoia in all my customers, and I actively promote security solutions that implement a white list for Internet access in all my business accounts.
     
  10. HOBOcs

    HOBOcs Thread Starter

    Joined:
    Jan 5, 2004
    Messages:
    8,699
    First Name:
    Jim
    Getting more frustrating - I've had to fix about 20 "Security Tool" Rogue in the last three weeks. I have some careful users out there and there does not appear to be any consitency with how they are infected. I agree with Snaglegaster that email is not the principle carrier, as people (infected) I talk to appear to be genuinely cautous about what they open. I tend to agree that adverts imbedded in websites ads or automatic downloads ie Adobe Acrobate or programs like Real Player seem to be the mostly likely the source... Aaaaggghhh!! If I ever catch one guys.....
     
  11. perfume

    perfume Banned

    Joined:
    Sep 12, 2008
    Messages:
    2,011
    Dear ucurl,
    Considering that your customers are honest about their computing habits, let me show you a real-life scenario! This happened to me first with KIS2010, giving me no alternative but to completely block the program and today(for the sake of demo') Safe'n'secure Pro thudded into action as i unravel!

    1)www.majorgeeks.com is a trusted site. Don't take my word for it. kindly view the first thumbnail.

    2) Let us check out an Anti-spyware software considered "HOT" by the Editors of MG! second thumbnail.

    3) I downloaded the program in my sandboxed FF and ran the program to installation! Boom, Boom--sounded the Safe'n Secure Pro and gave me this warning. thumbnail view please.

    4) This software is a nicely PACKED MALWARE WHICH COULD HOODWINK EVEN MAJORGEEKS! SO, AS CHEESEBALL81 AND SELF(IN MY PREVIOUS POST) SAID, "RIGHT-CLICK ON LINKS AND SWIM TO LIVE" OR JUST GIVE UP THE GHOST!( sorry for the bold type) :mad::eek:


     

    Attached Files:

  12. Snagglegaster

    Snagglegaster Banned

    Joined:
    Sep 12, 2006
    Messages:
    1,906
    It's worth thinking some more about the value of real-time protection. I said in a previous post in this thread (and in lots of other threads) that I don't think much of real-time protection. This test is pretty old news, but I don't think the situation has changed much since November of last year. If you look at the Proactive Test results, Avira caught 74% of unknown nasties, and it went downhill from there. In fact, any product that got a 50% or better score got an Advanced Plus rating.

    Charlotte Dunlap's paper for TrendMicro (page 3) suggests that there are about 50 thousand new malware threats created daily. So, if your antimalware software is 74% effective, you're still exposed to 12 thousand new nasties every day. Heck, if it's 95% effective, you are only exposed to 2500 new pieces of malware daily.

    I guess most regulars here are familiar with the Aurora Exploit? Or use this link for the less technically oriented. How are some common security products performing against this threat? Check out page 12 of this report from NSS Labs. For all you AVG partisans, read this blog.

    Feeling lucky today?
     
  13. HOBOcs

    HOBOcs Thread Starter

    Joined:
    Jan 5, 2004
    Messages:
    8,699
    First Name:
    Jim
    Thanks Perfume (Will try Wot and test) & Sangglegaster (interesting read)
    I got 4 more Security tool infected units this week. Still questioning people as to what they were doing. I have no better idea as to where they are coming from - some say they used Youtube [email protected]#$#
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/914574

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice