Reading time: 6 – 9 minutes
I have mentioned on my post about rogueware attachments on Facebook support emails that I’ll be sharing to my readers how I was able to remove the fake antivirus in minutes without any complicated steps or registry editing involved so brace yourselves because this article answers that.
The rogueware or fake antivirus is most likely in this file format (as other files may vary), Facebook_details_348.exe, an executable file which when opened would initiate a fake scan in progress that is quicker than a legitimate antivirus scanning process which when completed normally shows a scan results popup screen showing non-existing threats on your system deceiving you to purchase a license in order to get rid of the malicious threats.
Once you fall into this trap, these scammers will then take your money as you pay or could be worse, steal your financial information like credit cards and even your identity.
Along side the fake scanning screen, you’ll be bombarded with endless dialogue boxes and pop-ups on your screen and if you’re a little panicky seeing these unrelenting messages bothering you that something horrible is happening on your computer, you’ll eventually fall into their scheme so you better calm down.
The known fake antivirus or anti-malware that I’ve encountered and was attached on two of my email accounts was the XP Smart Security 2010. How did I get rid of this rogueware?
Removing XP Smart Security 2010
In order to remove this threat, a Trojan to be exact, always make sure that your antivirus software is running on your system tray all the time and is activated at Windows startup. This will ensure that whenever a virus or malware may attack the system, you can immediately run a virus scan without any problem because if your antivirus is not running during your computer sessions, chances are high that when a fake antivirus software attacked, they will immediately take over the Windows Security Center settings of your PC thus deactivating your virus protection before you could even run it while at the same time holding your Windows Firewall helpless.
My personal antivirus software (AVG 9.0 Free version) was running at the system tray together with Spybot Search and Destroy when XP Smart Security 2010 initiated the unwanted attack. It immediately held hostage the Windows Firewall and the Virus Protection settings in Windows Security System by turning it off.
Turning them on will not be possible thus your only option is to get rid of the fake antivirus before everything goes back to normal.
I was able to do a quick search about XP Smart Security 2010 online before the virus has disabled all browsers on my computer. Many write-ups about it are available online but the presentation is vague and often times promotional with affiliate links to software vendors so what I did was to trust my instincts and my antivirus.
Since my AVG 9.0 is running at the background, although it wasn’t able to block the execution of the rogueware before it could even initiate changes in the registry which could have been better but I guess it was one of the drawbacks of having something for free when real-time protection is not guaranteed but nevertheless, I was able to run AVG while the malware is doing its dirty trick.
AVG was able to immediately track the threats however due to some power failure, my computer suddenly turned off and since I have no power supply backup on my desktop, I simply waited for the electricity to resume and when I rebooted the computer, the fake antivirus was gone as well as the annoying pop ups.
See the attached screenshot of the scanned threats (Trojan horse) from AVG and notice the “Reboot is required to finish the action” remark.
The file locations correspond to the registry entries being overridden during the attack based on my screenshot taken from Spybot Search and Destroy, my favorite anti-spyware.
There are definitely a lot of fake antivirus lurking on the web acting like predators waiting for their next prey so be vigilant and learn from this real life security tip.
Summary of the Tips to Keep your PC Protected from Fake Antivirus Attacks
- Keep your antivirus software running on the background at all times while your computer is on.
- Be mindful of everything you download online. Be it attachments from emails or any other files that would be stored on your hard drive. Scan these files whenever possible after every download since Firefox does it during the downloading process however in the case above, attachments usually zipped files are sometimes overlooked by Norton Antivirus on Yahoo mails or in any email providers including paid ones so be careful when extracting them on your folders if you’re not sure what it was especially executable files or filenames with .exe as extension, don’t open it.
- Choose the best antivirus software and spyware for solid protection. Free ones like AVG 9.0 and Spybot does a great job in protecting my PC for years. You might also want to try downloading Remove Fake Antivirus 1.63 here although I really cannot vouch for this one because I’ve never really tried using it unless I’d encounter another rougeware in the future.
- Finally, always check your antivirus for updates so if anything happens in the future, you know that your software can handle any trouble.
I hope that you’ll like this post and hopefully would love sharing it with your friends and family. If you have similar stories and tips, please share them here. I would appreciate it.