Antivirus Detection

The only thing that never changes in IT is that everything is in constant evolution. In the past, people had to monitor the virus. Then it was spyware, then it was browser hijackers. Then comes the Trojan horse, a program that at the exit aperture is either a virus, spyware or both. Finally, we have heard of phishing, an attack that tricked the user into giving personal information that can lead to identity theft.

Recently, The Geek village was inundated by computers that are infected by what researchers call fraudware. Fraudware is software that tries to scare the user into purchasing protection against ... itself. In the old days it was called extortion.

The present eruption of fraudware is called Antivirus 2008, is available in several varieties, including XP Antivirus 2008, XP Antivirus 2009 (the latest version!), MS Antivirus and probably more. It is a real program that installs on your system, installing the same way spyware without your knowledge or permission. Antivirus 2008, then appears in your taskbar as a warning icon that looks almost identical to the Windows Security Center shield and it shows an "X" or an exclamation point. Pop bubbly warn you that the infection has been found. If you ignore the message pop up program is displayed full screen and simulate a virus scan with multiple infections. The program will show you all the problems and then he will explain that you must buy the full version for $ 50 to clean these infections.

Here are some typical warning messages:

Privacy Violation alert!
XP antivirus detected Privacy breach. Some program is secretly sending your private data to untrusted internet host. Click here to block this activity by removing threats (Recommended).

Or

System Alert modified files!
Some critical system files on your computer have been modified by malicious program. It can cause system instability and data loss. Click here to block unauthorized modification by removing threats (Recommended).

The beauty of the scam is that (at least so far) none of the antivirus and antispyware programs are choosing to scale this thing. Once you pay your money the program does not own something and some versions it will actually release a flood of spyware or Trojans on your system. Eventually you will no longer be able to use your system as Antivirus 2008 will not allow you to go beyond its interface, except when they follow the link you will purchase the software in hopes of get rid of the threat.

Obviously, if you paid the scammers for the full version, you should contact your credit card company and stop payment as soon as possible.

The first version of this fraudware had an uninstall routine, which would remove the "Add and Remove Programs applet in Control Panel, but does not delete the program. The latest versions do not worry about additional measures, they've got you and they will not let go.

Some typical processes, files and registry entries that must be removed for cleaning your system Antivirus 2008. You should be aware that editing the registry should only be done by experienced technicians, and there is no guarantee that these are the only files on your system. compare the processes running in your Windows Task Manager against this list will help you determine if this is a problem on your system.

Associated (XP) Antivirus 2008, XP Antivirus 2009 and Antivirus XP processes

Antvrs.exe
AntvrsInstal.