Fake Windows Antivirus 2012

[Milambar]

4 of my friends, all with current antivirus software, and all with it completely up to date have gotten infected with this crudware.

It pretends to be antivirus software, but is infect, the actual virus.

All the usual fix methods failed, malwarebytes did not detect it, Im guessing its so new in the wild, the antivirus companies havent analyzed enough of them yet, to come up with defitions and a cure.

In each case, they tell me they got infected by "something on facebook".

So, people beware.

[Dai]

Thanks for the warning. I'll have to try and find out about this before my clients start reporting problems.

[Peter_]

That keeps returning in various guises and seems in the main to be from clicking links in Facebook.

[LSainsbury]

Got some screenshots of this new malware / virus?

[bw41101]

Sounds like it could be the old Windows Antivirus trojan that's manifested itself on the particular PC. If you get any of the following that come up on your screen, I.e.:

"Internet attack attempt detected:
Somebody is trying to attack your PC:
This can result in loss of your personal information and infection other computers connected to your network."

"Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software"

"svchost.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
If you are in the middle of something, the information you were working on might be lost."

"Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately."

If a dialogue box comes up with the above (or something similar) DON'T click on anything - not even the box's cancel button or the [X] in the corner. If you do you will activate an executable and infect your machine.

If the above happens, do a Ctrl+Alt+Delete (using the Windows task manager) and shut down your browser immediately. After this do a scan and (if you're lucky) you'll have caught it before any damage is done.

I got infected with this and the first I knew about it was when my desktop went black and every time I clicked on an icon I was told "access denied" basically I couldn't run anything. I did finally get rid of the problem manually but the hassle involved was significant and very time consuming indeed.

There's more information of the net regarding this along with the fixes for those unlucky enough to get infected.

Be vigilant!

Si thee

[Kymmy]

The problem with clickware is that few AV programs will ever catch them as your click bypasses a lot of the security. Get a decent pop-up blocker as that will prevent it a lot more than an AV program

[Dai]

Some more info and removal tips here:

http://www.bleepingcomputer.com/viru...tispyware-2012

Ooh, even nastier:

"There have been reports of this infection being bundled with the TDSS rootkit infection"

[Matth]

By no means new, yet there seem to be many accounts of it breezing past current antivirus - maybe there's just no defeating the most determined users, who will ok past all warnings and turn off their antivirus no matter how much you berate them.

One other thing, the friend who I had to clean this up for, was back on Vista no SP, wonder if missing updates are a factor.