By Bob Rankin
An especially nasty fake anti-malware program is making the rounds. It goes by many names including XP Total Security, XP Home Security Vista Anti-Virus, Win 7 Anti-Spyware, Win 7 Internet Security, and “2011” variants that sound like the latest and greatest anti-malware tool. But they’re all the same evil malware in various disguises.
This malware is delivered to your computer via a Trojan horse: a file that purports to be something else such as a movie or handy utility. It installs itself as an executable file whose name is three letters long; unfortunately, the three letters are randomly generated so I can’t tell you a file name to look for. Once installed, it pretends to be a security update for Windows installed via Automatic Updates.
The malware launches whenever your launch another executable file. It also modifies Windows registry settings so that whenever you launch Internet Explorer or Firefox from the Windows Start menu, the malware launches instead and displays a fake firewall warning.
Like other rogue anti-malware, this one fakes a “full scan” of your computer when it starts. It then displays multiple alarming warnings of “infected files” – all of them false positives. It tells you that you must purchase the “full” version” of the fake anti-malware program to eliminate the infections. Don’t do it, and don’t try to remove the “infected” files manually. All of them are legitimate system files that Windows needs to operate.
The rogue aggressively deters efforts to remove it or get help. If you try to run a legitimate anti-malware app, the rogue will block its startup and display a fake “infected file” alert. Try browsing to a popular anti-malware site and the rogue will block the URL, telling you (falsely) that the page you are trying to visit is dangerous and blocked “for your protection.”