Steve Weigle is the owner of Village Geek Computers, an IT center with multiple locations. Steve has provided IT services to Central Indiana since 1996.
The one thing that never changes in IT is the fact that everything is constantly changing. In the past, people had to watch out for viruses. Then it was spyware, and then it was browser hijackers. Next came the Trojan, a program, that when opened would release either a virus, spyware or both. Lastly, we heard about phishing, an attack that tricked the end user into giving out personal information that can lead to identity theft.
Recently The Village Geek has been flooded by computers that are infected with what researchers are calling fraudware. Fraudware is software that tries to frighten the end user into purchasing protection from… itself. In the old days they called it extortion.
The current rash of fraudware is called Antivirus 2008; it is available in several varieties, including XP Antivirus 2008, XP Antivirus 2009 (the latest version!), MS Antivirus and probably more. This is an actual program that installs itself on your system in the same way spyware installs, without your knowledge or permission. Antivirus 2008 then shows up on your task bar as a warning icon that looks almost identical to the Windows Security Center shield and it shows an “X” or an exclamation mark. Pop up bubbles will warn you that an infection has been found. If you ignore the pop ups the program will pop up full screen and simulate a virus scan showing multiple infections. The program will show you all the problems and then it will explain that you must purchase the full version for $50 in order to clean these infections.
Here are some typical warning messages:
Privacy Violation alert!
XP antivirus detected Privacy Violation. Some program is secretly sending your private data to untrusted internet host. Click here to block this activity by removing threats (Recommended).
Or
System files modification alert!
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unauthorized modification by removing threats (Recommended).
The beauty of the scam is that (at least so far) none of the major antivirus and antispyware programs are picking this thing up. Once you pay your money the program doesn’t clean anything and on some versions it will actually release a flood of spyware or Trojans into your system. Eventually you will no longer be able to use your system as the Antivirus 2008 will not allow you to get past its interface except to follow the link where they will allow you to repurchase the software in hopes of ridding yourself of the menace.
Obviously if you have paid these crooks for the full version you will need to contact your credit card company and stop payment as soon as possible.
The early version of this fraudware had an uninstall routine, which would remove it from the “Add and Remove Programs” applet in the control panel, but did not remove the program. The newest versions don’t bother with the extra steps, they’ve got you and they aren’t going to let go.
Below are some typical processes, files and registry entries that must be removed in order to clean Antivirus 2008 off your system. You should be aware that editing the registry should only be done by experienced technicians, and there is no guarantee that these files are the only ones on your system. Comparing your running processes in the Windows Task Manager against this list will help you determine if this is an issue on your system.
Associated (XP) Antivirus 2008, XP Antivirus 2009, and XP Antivirus Processes
Antvrs.exe
AntvrsInstall.exe
AntvrsInstall[1].exe
Win Antivirus 2008.exe
av2008xp.exe
Antivirus-2008.exe
xpa_2008.exe
Associated (XP) Antivirus 2008, XP Antivirus 2009, and XP Antivirus Files:
c:Program FilesXP Antivirus
c:Program FilesXP Antivirusxpa.exe
c:Program FilesXPAntivirus
c:Program FilesXPAntivirusXPAntivirus.exe
c:WINDOWSsystem32scui.cpl
%UserProfile%DesktopXP Antivirus 2008.lnk
%UserProfile%Start MenuXP Antivirus 2008
%UserProfile%Start MenuXP Antivirus 2008Uninstall XP Antivirus 2008.lnk
%UserProfile%Start MenuXP Antivirus 2008XP Antivirus 2008.lnk
%UserProfile%Application DataMicrosoftInternet ExplorerQuick LaunchXP Antivirus 2008.lnk
c:WINDOWSkrln32.exe
c:WINDOWSsystem32scvh0st.exe
c:Program FilesCommon Filestrjdwnl.dll
c:WINDOWSshlext32.exe
Associated (XP) Antivirus 2008, XP Antivirus 2009, and XP Antivirus Windows Registry Information:
HKEY_CURRENT_USERSoftwareXP antivirus
HKEY_CURRENT_USERSoftware
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesXPAntivirusFilter
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesXPAntivirusFilter
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper
Objects{4e7bd74f-2b8d-469e-dcf7-f96da086b434}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper
Objects{6C6B8C69-9285-4D94-8492-9E920C8C2B65}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper
Objects{74f25a2c-22b3-4023-8f1a-ca616c30a8b5}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper
Objects{9a19966f-ae0e-4699-8cce-9b6f5f1c352c}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper
Objects{D714A94F-123A-45CC-8F03-040BCAF82AD6}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallXP antivirus_is1
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "XP Antivirus"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "mmnext06"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "shellbn"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "System"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "Windows Framework"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ""
Typically I would refer you to links on the internet that may be helpful at this point, but every site I can find is busy attempting to sell you a solution, or worse, attempting to infect you. At one point the top paid advertisement on the right side of a Google search was for Antivirus 2008. Tread carefully here folks, or just bring it to The Village Geek and let us clean this mess up for you.
- Related Videos
- Related Articles
- Ask / Related Q&A
- Secure Antivirus Pro is a Threat to Your Computer and Your Pocketbook
- Secure Antivirus Pro – Avoid It At All Costs
- How To Completely Uninstall Trend Micro Security/Antivirus Software from Your PC
- Antivirus or Internet Security ?
- Antivirus or Internet Security ?
- Norton Internet Security: the Trusted Name in Internet Security Software
- Antivirus internet security- How to choose the best one!
- Antivirus security- Install the best one in your PC
I have searched for and tired many different types of scanners to keep my PC running fast and efficiently. Many of them are similar when it comes to picking up the same types of viruses but there is a big difference when it comes to price. Search-and-destroy Antispyware is one of the best that I’ve used so far and it’s even cheaper than some of the better known scans like Norton and similar scanners. I found the antispyware solution from Search-and-destroy to be the answer to keeping my PC like new and you can check it out for yourself at http://www.Search-and-destroy.com.
AntiAdd Will Add Spyware to Your PC!
By: Carl Haugen | 30/12/2009AntiAdd is a misleading antispyware program that erroneously reports threats to the user. This rogue security program advertises through aggressive and frightening warnings, notifying you that spyware, Trojans and other parasites exist on your PC. This application is malware, although it claims to remove this exact thing. Do not spend your money!
Got Security?...Is your PC As Secure As It Can Be?
By: Paul Lubic | 30/12/2009The environment in which we conduct our home computing tasks, particularly using the Internet, is becoming more and more hazardous to our computer's health. In recent years the threats to our computing environment have gone from relatively harmless recreational hacking of Web sites to today's mass crime waves by organized criminal groups.
DSi Download Center: A SCAM?
By: Sarah Brown | 29/12/2009If you've been looking for DSi games online, you've probably seen something about a site called the DSi Download Center. And you, like me, probably wondered if DSi Download Center is a scam or a legitimate deal ? Not too long ago I was online and doing a Google search for DSi games to download from some place other than the Nintendo store. Through my searches I came across a couple places that talked about the DSi Download Center.
LOCATE YOUR LAPTOP
By: seema bansal | 29/12/2009Laptop thefts are very common nowadays, spilling a lot of financial burden on not only the laptop owners, but also the insurance companies. With the increase in the laptop thefts, the increase in the piracy has also made the market injected with the curse of increase in the duplication of the products as well as the parts of the laptops. So to avoid all these not only to save your laptop, but also as a social cause, you need to take up something that will stop the laptop theft events.
Examsoon 000-296 practice test
By: Adela1987 | 29/12/2009Examsoon offers you a comprehensive certification test solution to help you become IBM certified professional. This certification preparation guide comes with free study guide, sample questions and answers, pdf exam, braindumps and answers lab that give you the experience of actual Storage Sales for IBM Certified Solution Designer exam. This preparation kit also contains study notes, 000-296 pdf, 000-296 download, 000-296 practice test and 000-296 review.
Spyware, what is it and how to prevent it
By: Jarvis Edwards | 29/12/2009This article will describe what spyware is and how to prevent it from appearing on your computer.
Avoiding Malware and Spyware Online
By: Bubba Vine | 27/12/2009Avoiding malware and spyware online is getting harder, its becoming more and more common and a lot of the time people get infected without even knowing.
Warning Signal For Freeware - Are You Alert For The Pains That May Come Forth
By: Jose Sogiros | 27/12/2009Computer Software security measures is not uniquely pertaining publishers. As Well, the user must be sensible of troubles that might originate when clicking done with the software permit agreements without properly interpreting them.
Iconitis: are You at Risk?
By: Steve Weigle | 11/09/2008 | SoftwareIconitis is a little known disease effecting the users ability to open a program on their computer after the icon has been deleted. This article examines the problem and possible solutions. A must read for technical support staff.
Zombie Attack! (or Learn to Survive on the Internet)
By: Steve Weigle | 11/09/2008 | SecurityZombies, Bots, and Trojans, Oh My! As we approach the Halloween season, we wanted to take time to look at some of the resources on the web that help users understand the type of issues parents and their children have to deal with "out there".
Antivirus 2008: the Latest Scourge of the Internet
By: Steve Weigle | 10/09/2008 | SecurityAntivirus 2008 or XP Antivirus 2008 is a malware program that is sweeping across the internet in record numbers. Cleaning this off your computer can be treacherous, even looking up a solution on Google is risky. Here is a description of the problem and some details that may help you find your way.