FakeAV, Rogue AV, Rogue Antivirus, Fake Antivirus, Rogue Security Software, Scareware.
Different Security Vendors call them by different names. Simply put, these FAKEAV’s are malicious programs and software packages that mislead users by mimicking legitimate antivirus (AV) programs and giving false warnings (that the machine/ PC that they are using are infected by malware, viruses, spyware and lots of other bad stuffs).
AV Security Suite Image courtesy of Trend Micro Threat Encyclopedia and TrendLabs Malware Blog
And after running the supposedly antivirus scan, FakeAV offers some protective and removal solution if you buy and install their product. Beware: take note that this supposedly antivirus product will do more damage than good since it will do a lot of bad stuffs: it may download and install other malware or steal confidential information from your machine. FakeAV software package price ranges from 40 US dollars and above. And yes, definitely this is a lucrative moneymaking scheme for the bad guys. Read more in Trend Micro Report (PDF): The Business of Cybercrime: A complex business model
So what are my personal tips and suggestions for this Fake AV? How do I suggest dealing with this AV Security Suite Removal?
One good resource that I recommend is scanning your machine with Trend Micro HouseCall. This tool is Trend Micro’s free online malware scanner and cleaner and the new version (HouseCall 7) uses the Trend Micro Smart Protection Network technology that is both powerful and lightweight. If you are a techie-type of person you can try out other free tools like Hijackthis.
Ideally prevention is better than cure. So having a good antivirus/anti-malware/security product on your desktop is a basic and keeping it up to date is a must. Update it daily (at least) as there are tons of new malware coming out every day (read my old Malware Blog post on 1H 2009: Malware Threat Grows Ever Larger). Some personal suggestions is of course Trend Micro Internet Security Pro (PC-Cillin) or Trend Micro Titanium (cut and paste the links to your browser)
http://us.trendmicro.com/us/products/personal/internet-security-pro/index.html
http://us.trendmicro.com/us/products/personal/titanium-internet-security/index.html
But there are also a lot of other good, trustworthy and legitimate AV and Security products out there (I will not list them all since I worry that I might miss some AV/AV products and my AV’er friend/s from that company might get mad at me (in Filipino: baka magkaselosan lang sila) so stick with TM products only 🙂 )
It is also wise to make sure that your operating system (OS) and other critical programs are patched with the latest updates.
Awareness is the key. Be aware of the programs that you are installing and running in your machine. Trust only those legitimate software. If suddenly an unknown program tells you that your machine is infected with some malware: DO NOT PANIC. Check first if the notification came from your legitimate Antivirus/Anti-malware/Security product installed. If not then be paranoid and double-check by running a scan from your AV product. Check also if the product is similar to the known FakeAV/Rogue Antivirus program names (and do not trust them right away). Partial list of FakeAV as compiled by Wikipedia.
Advanced Cleaner, AKM Antivirus 2010 Pro, AlfaCleaner, Alpha AntiVirus, ANG Antivirus (knock-off of AVG Anti-virus), Antimalware Doctor, AntiSpyCheck 2.1, AntiSpyStorm, AntiSpyware 2009, Antispyware 2010, AntiSpyware Soft, Antivirus 7, Antivirus Soft, Antivirus Suite, Antivirus System PRO, AntiSpyware Bot from 2Squared Software, AntiSpywareExpert, AntiSpywareMaster, AntiSpywareSuite, AntiSpyware Shield, Antivermins, Antivirus 2008, Antivirus 2009, Antivirus XP 2010, Antivirus 2010 (also known as Anti-virus-1), Antivirus 360, Antivirus Pro 2009, AntiVirus Gold, Antivirus Live, Antivirus Master, Antivirus XP 2008, Antivirus Pro 2010, AV Security Suite, Avatod Antispyware 8.0, Awola, BestsellerAntivirus, ByteDefender also known as ByteDefender Security 2010, Cleanator, ContraVirus, Control Center, Cyber Security, Data Protection, Desktop Security 2010, Doctor Antivirus, Doctor Antivirus 2008, DriveCleaner, Dr Guard, EasySpywareCleaner, eco AntiVirus, Errorsafe, ErrorSmart, Flu Shot 4, Green Antivirus 2009, IE Antivirus (aka IE Antivirus 3.2), IEDefender, InfeStop, Internet Antivirus, Internet Antivirus Pro, Internet Security 2010, KVMSecure, Live PC Care, Live Security Suite, MacSweeper, MalwareCrush, MalwareCore, MalwareAlarm, Malware Bell (a.k.a. Malware Bell 3.2), Malware Defender (not to be confused with the HIPS firewall of the same name), Malware Defense, MS Antivirus (not to be confused with Microsoft Antivirus or Microsoft Security Essentials), MS AntiSpyware 2009 (not to be confused with Microsoft AntiSpyware, now Windows Defender), MaxAntiSpy, My Security Wall, My Security Engine, MxOne Antivirus, Netcom3 Cleaner, Paladin Antivirus, PCSecureSystem, PC Antispy, PC AntiSpyWare 2010, PC Clean Pro, PC Privacy Cleaner, PerfectCleaner, Perfect Defender 2009, PersonalAntiSpy Free, Personal Antivirus, Personal Security, PAL Spyware Remover, PCPrivacy Tools, PC Antispyware, Protection Center, PSGuard, Privacy Center, Rapid AntiVirus, Real AntiVirus,
Registry Great, Safety Alerter 2006, Safety Center, SafetyKeeper, SaliarAR, SecureFighter, SecurePCCleaner, SecureVeteran, Security Master AV, Security Scan 2009, Security Tool, Security Toolbar 7.1, SiteAdware, Security Essentials 2010 (not to be confused with Microsoft Security Essentials), Smart Antivirus 2009, Soft Soldier, SpyAxe, Spy Away, SpyCrush, Spydawn, SpyGuarder, SpyHeal (a.k.a SpyHeals & VirusHeal), SpyMarshal, Spylocked, SpySheriff (a.k.a PestTrap, BraveSentry, SpyTrooper), SpySpotter, SpywareBot (Spybot – Search & Destroy knockoff, Now known as SpywareSTOP), Spyware Cleaner[135] SpywareGuard 2008 (not to be confused with SpywareGuard by Javacool Software), Spyware Protect 2009, SpywareQuake …
Important Note: This is partial list only. And these product names are just names in the UI (User Interface). FakeAV Developers can update this anytime by adding the year (and year next year) as what Legit AV products do. They can also add the usual legit product suffixes like Pro and Security Suite. Bottom line: use the name list with caution OK?
Original list taken from wikipedia
http://en.wikipedia.org/wiki/Rogue_security_software#Partial_list_of_rogue_security_software
I hope you find my FakeAV and AV Security Suite Removal post useful. I’m glad finally I finished one as I have been contemplating on writing a post on this topic since 2009. To know more about FakeAV, I recommend reading the TrendLabs Malware Blog
http://blog.trendmicro.com/?s=fakeav&image.x=0&image.y=0?=Search
Lastly some background info on me, my blog and some disclosure:
This blog is my personal blog and I discuss my personal views on Technology and IT/ Security here at menardconnect.com. This post is _NOT_ a paid post by Trend Micro but I disclose that I’m employed with Trend Micro. Read more on my about page and my disclosure page.
