Antivirus XP is not a real antivirus... it's a scam to get your money (solution included)
|
Greetings from The VACM Team,
In This Issue:
----------------------
- "Antivirus XP" is nasty scareware designed to get you to pay money for a bogus product.
You are free to forward this critical information to anyone
you wish as long as it is not modified in any way.
***************************************************
* The Bottom Line...
***************************************************
Antivirus XP is infecting computers that have up-to-date antivirus and antispyware software installed.
Antivirus XP takes control of your screen in order to make it look like (and fool you into thinking):
- you have no antivirus installed
- that Google has detected a virus on your PC and
- that you need the so-called protection of "Antivirus XP", which isn't even an antivirus software.
Currently, the purveyors of this "scareware" are being sued by the state of Washington and by Microsoft Corporation.
quoting a Washington Post article:
Microsoft, Washington State Sue Scareware Purveyors
Microsoft Corp. and the state of Washington have both filed lawsuits against multiple purveyors of "scareware", scam artists who use fake security alerts to frighten consumers into paying for worthless, do-nothing computer security software.
The case filed by the Washington attorney general's office names Texas-based Branch Software and its owner James Reed McCreary IV, alleging that McCreary's company caused targeted PCs to pop up misleading security alerts about security threats on the victims' computers. The alerts warned users that their systems were "damaged and corrupted" and instructed them to visit a Web site to purchase a copy of Registry Cleaner XP for $39.95.
"We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist," Washington Attorney General Rob McKenna said. "We've repeatedly proven that Internet companies that prey on consumers' anxieties are within our reach."
Paula Selis, who heads the attorney general's consumer protection unit, said Registry Cleaner found the same 43 "critical" errors on each PC they used to examine the software, while consumers who purchased the product were told their machines were instantly rid of the imaginary threats.
Selis said that in addition to handing their name, address and credit card numbers to someone "who is obviously a fraudster," consumers who purchased the software may have been lulled into a false sense of security, thinking the bogus software would protect them from future threats.
"We're absolutely certain that consumers across the country have been deeply affected by this," Selis said.
No one answered the phone at the number listed on Branch Software's Web site. McCreary could not be immediately reached at his home number, nor did he respond to e-mailed requests for comment.
In a separate action, Microsoft filed five "John Doe" lawsuits to learn the identities of individuals responsible for marketing other scareware products, including such titles as Antivirus 2009, Malwarecore, WinDefender, WinSpywareProtect and XPDefender. Microsoft also amended two complaints filed earlier to unmask those running SMP Soft LLC, a Delaware corporation that markets a scareware product called Scan & Repair Utilities.
The products named in the lawsuits used a variety of methods to prompt victims to install the scareware products. Scan & Repair Utilities, for example, was advertised via misleading instant message alerts sent over Skype, a popular Internet telephony service.
Other products, such as Antivirus 2009 and XPDefender, come disguised as Web browser plug-ins or "codecs" that certain Web sites claim the visitors need to install in order to view online videos. The sites typically are advertised in junk e-mail messages touting video links to adult content or international news events. The fake codecs are in fact Trojan horse programs that change a variety of settings on the victims' computers and serve the victims with incessant warnings that their computers are infected with malicious software.
Alex Eckelberry, president of Clearwater, Fla.-based security firm Sunbelt Software, said the spread of fake security software has become a pandemic.
"This is an absolutely huge problem, and these rogue anti-spyware products are what most consumer PCs are getting infected with now," Eckelberry said. Some of the most aggressive scareware products make critical changes to the victims' PCs, such as preventing consumers from restoring their computers to an earlier, known-secure state.
"These guys are doing whatever it takes to get you to buy their crap software," he said.
The lawsuits were filed under Washington's Computer Spyware Act, which among other things punishes individuals who prey on user concerns regarding spyware or other threats. Specifically, the law makes it illegal to misrepresent the extent to which software is required for computer security or privacy, and it provides actual damages or statutory damages of $100,000 per violation, whichever is greater.
***************************************************
* What You Should Do
***************************************************
How to remove Antivirus XP 2008
Antivirus XP 2008 is back, unfortunately. It's not an antivirus app, but a cleverly disguised rogue security application that tries to get you to buy the non-existent "security" it's selling. Advertised using the common tricks of Trojans
and faux security alerts, this nasty piece of malware can take over your desktop settings to mimic safe mode, display fake virus detections, and opens a faux Internet Explorer window stating that Google has detected a malware infection.
Antivirus XP 2008 website looks legit, but is just part of the scam - buyer beware!
Apparently, though, the AntivirusXP virus is now being spread in more insidious ways, and numerous people who claim safe browsing habits and up-to-date security definitions are being infected--including some of our clients.
The removal procedure is not terribly complicated, but if you are not comfortable with advanced settings, you should probably get help from someone more experienced with Windows internals.
The scan window from Antivirus XP 2008 also looks legit but it's just another bogus "scareware" product
A warning before we begin: do not boot your computer into safe mode. Leave it running as you normally would. The malware reacts to safe mode by making its folders and files become undetectable.
First, in the Start menu, click on Run. If you can't find the Run option, hit WIN+R. (That's the key with the Windows icon on it.)
Type in msconfig, and go to the Startup tab. You're looking for two files. One begins with the string of letters "lph," and the second begins with "rhc". The examples provided are longer strings, "lphc35dj0e1an" and "rhc75dj0e1an", but after the first three letters, the strings are known to change on different computers. Uncheck the boxes next to both of them, then click on Apply and OK or Close at the bottom of the window.
The scan window from an older version of Antivirus XP 2008
Restart your computer, and then delete the main files the spyware uses. In Windows Explorer, navigate to C:\windows\system32 and delete the lph*.exe file. Then go to your Program Files folder, C:\program files, and delete the rhc folder and everything in it. Keep in mind that these strings are known to change.
Restart your computer normally. You'll notice that the background hasn't changed. To restore your desktop settings, you'll need to go to Start > Run again, or Win+R. This time, type in Gpedit.msc. On the left nav, look for User Configuration near the middle. Navigate through Administrative Templates, then Control Panel, and finally Display. When you click on display, you'll see a list of options open in the central pane. Right click on "Remove Display in Control Panel," and click "Properties." Then choose "Disabled."
Repeat those same steps for the following attributes: Hide Desktop, Prevent changing wallpaper, Hide Appearance and Themes, Hide Settings, and Hide Screen Saver. Change all to "Disabled," then hit Apply, OK, and restart your computer.
You will still see the Antivirus XP 2008 desktop "theme", but now you can change it. Anywhere on your desktop, right-click and select properties. The first tab that opens should allow you to change your theme. If you also suffer from massive icons, use the last tab on the right, Settings. In the middle of that tab's window you'll see a Screen Resolution option, most likely set to 800x600. Move the slider to the left to choose a more aesthetically appealing resolution.
Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions
|
*** Be sure to check out the appendix at the end of this alert
******** APPENDIX - Handy How-To Tips ********** * How To Boot into Safe Mode Shut the computer down so that the power is off.
|