Microsoft: Don't Be Fooled by Fake Security Suite

Microsoft: Don't Be Fooled by Fake Security Suite

By now you've certainly heard of Microsoft Security Essentials (MSE), the free antivirus program hailing from Redmond and intended to replace Windows Live OneCare. Looking to capitalize on MSE's brand recognition, there's a rogue program making the rounds called "Security Essentials 2010."



If the screenshot above looks at all familiar to you, then your system has been infected with a trojan called TrojanDownloader:Win32/Fakeinit. Microsoft describes this as a "fake scanner that informs the user that they need to pay money to register the software and remove these non-existent threats," but that's not all it does. It also terminates certain processes, alters the registry to cut off access to the Task Manager (among other things), lowers your security settings, redirects your Web browser, and changes your background image to one of an ominous spyware warning.



We've seen this one ourselves and can tell you it's a particularly nasty strain designed to force you into submission, both by hampering your PC and hitting you with repeated pop-ups. You may also see this one masquerading under a different name, such as Internet Security 2010, though the main interface looks otherwise identical.

See here for an extensive list what this one does, as well as Microsoft's list of preventative measures.
0
+ -

I have dealt with this one my mother has gotten it twice and my daughter got it once on her mommies computer as well. Believe it or not she got it from a link on a Strawberry Shortcake website. All 3 times were the internet security one, and yes it is a real Bi7 to get rid of. I was able to kill it both times on my mom's easier starting with spybot S&D. If you have enough memory 3Gb or more ignore the pop-ups, because as long as there live it slows down the hack significantly it also does three pop-ups each with multiple screens. They show up in the same place in the task bar (there is often also a windows security pop-up there as well), unluckily I had to rebuild Sarah's with true image and disk director (Acronis), because it caused a boot loader error on about the third reboot.

0
+ -

useful post

0
+ -

Thanks for warning us : i haven't gotten much virus the few months... last year i had one that screwed my comp over :(...

0
+ -

I hate viruses like this. We have had many cases coming into work with many variation of this. Sometimes a wipe is the best solution to get around these pains in the butt. Everyone needs some malwarebytes, spybot, and nod32.

0
+ -

I love these types of viruses they prey on the weak

0
+ -

Keep in mind this one comes in a trojan package, otherwise spybot would not find it. Yes it finds adware to but this is not adware, in fact other than difficulty I do not know what they are looking to gain. One of the major difficulties in the one on Sarah's computer as well as the reason I finally redid her windows install is it has monitoring as well as attempts to get out of the network. Luckily the security I have in our home network and her desktop does not allow that without confirmation, so every time it tried to establish outbound connections I was asked for confirmation. I do believe that there are multiple versions of this same package. This is because the one my mother got twice was different both times. The first time it was simple to get rid of took me about 20 minutes, the second time it was a little more involved probably 45 minutes, the third time on Sarah's computer as I mentioned there were several additions to the package, and I finally had to re-install windows. I am sure I could have gotten away without the re-install. However; the system seemed compromised enough with the attempted out and in communications, that I felt it was the best path to take. I would imagine this 3rd copy had some kind of keylogger from the things I saw, as well as resetting the network page which was unchangeable, as mentioned in the article it disabled a lot of things. None of this happened the 1st time I saw it, a small percentage the second time I saw it, many things were enhance the 3rd time. SO it seems to be an evolving package and or being used by many different groups or individuals to me.

0
+ -

>We've seen this one ourselves and can tell you it's a particularly nasty strain designed to force you into submission, both by hampering your PC and hitting you with repeated pop-ups.

And in the meantime, the expiring Windows 7 RC install attempts to force me into submission by hampering my PC and hitting me with repeated pop-ups.

(Yes, I'm still using the RC. I have a perfectly good version bought from MicroCenter, but that goes on the new computer when I get it up and running, and Captain Clunker will go back to Vista, which is fitting in a way. I don't want to hear any finger-wagging and tongue-clucking from you people lauding jailbroken iPhones.)

0
+ -

www.ninite.com

Go there, select all of the free security programs you want, and get the installer. Use it.

'nuff said.

0
+ -

Great point realneil. I personally don't understand some of these security woes. If you install Vista or 7 and click the security tab, it will give you websites for about 12 capable security solutions. You can also get most of them for free, so why not have security, or go by Mcafee or Norton for that matter, as in general other providers offer better solutions for free. If you wanna spend some money upgrade the free ones to the pro versions, it is still considerably less than either of the standard providers.

0
+ -

I think my uncle has this virus, or at least a version of it. He opens up tons of adult themed emails and then likes to forward them to me 20 at a time. 

0
+ -

Haha, I have an uncle who does the same...no one talks to him though.

I was infected by this virus a few weeks ago. It would not let me open up any new programs. Had to restart computer in Safe Mode with Networking, download and run rkill.com to eliminate the process in the memory and install Malware Bytes to finally delete it.

Login or Register to Comment
Post a Comment
Username:   Password: