Fake Anti-Spyware Programs

Category: Spyware

Browsing the web for free anti-spyware programs can get you into more trouble than an accidental spyware infection. Bad guys are actually disguising their malware as beneficial anti-malware utilities, and inducing the gullible to not only install their malware, but even pay them for it! Here's how to tell the difference...

Beware Of Fake Anti-Spyware Programs

The scam usually starts with your search for "best spyware removal program" or something similar. Search results, or paid ads on search results pages, may lead the unwary to a site which promises a free scan to detect spyware on your computer. Click a button to start the free scan and, almost instantly, up pops a lurid warning: "YOUR SYSTEM IS INFECTED! DOWNLOAD THE CURE NOW!"

Often, you are required to pay a fee before you can download the purported "cure." That's a big clue that the cure probably doesn't work. Nearly every legitimate anti-spyware developer offers a free trial or even a "free for personal use" version of its software. If you feel pressured to pay immediately, you may very well be downloading the opposite of what you hope to get.

Some fake anti-spyware programs report that they are scanning, finding infections, and removing threats. But in fact, behind the scenes they are sniffing your computer for sensitive data and transmitting it to their masters. Such treacherous malware posing as its own cure is a form of "Trojan horse" software - malware disguised as something beneficial.
Fake Anti-Spyware

Fake anti-spyware is not the only type of Trojan horse malware. Some Trojans pose as "PC tune-up" software, pretending to optimize your system while actually infecting your machine with viruses, keyloggers, spyware, rootkits, and other forms of malware. In most cases, the "hook" that gets you to download the Trojan is the offer of a "free scan" that reports fake problems.

Avoiding the Rogues

Some fake anti-malware programs include "Windows Debug System," "Windows Efficiency Manager," "Vista Internet Security 2011," "Windows Performance Manager," and "Windows Trouble Analyzer." Unfortunately, there is no comprehensive list of fake anti-malware programs because new ones and variants are cropping up all the time. Many are exactly the same programs passing under new names, as the old names are exposed as Trojans.

The best way to avoid downloading a fake anti-malware program is to stick with well-known brand names reviewed by respected magazines and websites. Anti-malware vendors you can trust include, but are not limited to, AVG, Avast!, Kaspersky, Malwarebytes, Microsoft, Trend Micro, Panda, Symantec, and McAfee.

You can also use the wisdom of the crowd to find out if a purported spyware scanner is the real deal. Just search for the name of the program on Google or Bing, and see what people are saying about it. If most of the top results are about "how to remove" the software in question, that's an immediate big red flag.

Make sure you download anti-malware programs directly from the vendor's website and not from some unknown "library" of copies that may very well be fake anti-malware programs. Trusted software libraries like Tucows and Cnet's Download.com are safe alternatives.

Above all, be suspicious of any "free scan" that tries to alarm you with jittering Dayglo-colored "alert" windows and urgent urgings to whip out your credit card to save your computer from a dreadful "infection." The hard sell is your best tip that you are facing a fake.

Do you have experience with a fake anti-spyware program? Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 7 Mar 2011


For Fun: Buy Bob a Snickers.

Prev Article:
Virtual Office Phone Systems

The Top Twenty
Next Article:
Has Your Identity Been Stolen?

Most recent comments on "Fake Anti-Spyware Programs"

(See all 30 comments for this article.)

Posted by:

Viv McDonald
08 Mar 2011

Thanks Bob - really good article to help people be alert. There's another nasty take: Internet Security Suite - such a generic name that people are easily fooled - and it is hard to get rid of. Need CC Cleaner and Malwarebytes to remove it. Thanks for sharing, cheers Viv


Posted by:

MmeMoxie
08 Mar 2011

No, I personally have NOT had any 'Fake Anti-Spyware installed on my personal PC. However, I have had to clean up several PCs from family and friends, who did 'click' on that Pop-Up, so on and so forth. Cleaning those up, was NOT fun and frequently involved reformatting the hard drive, to completely eliminate them.

I have been having Anti-Spyware installed on my PC, since Gibson first called Aureate software, 'Spyware'. I started with Gibson's OptOut and later moved on to Lavasoft's Ad-Aware. So, basically I have had Anti-Spyware on my personal PC, since sometime in 2000.

Over the years, I have changed anti-spyware programs, but mainly stay within the original programs that are tried and proven, Ad-Aware, CCleaner, SpyBot Search & Destroy, Malwarebytes, AVG, Avast!, and a couple of others. I have also, discovered Glarysoft software. Their programs are small, take practically no resources to run and simply work!!! I especially like Glary Utilities and Disk Speed Up. They both do a good job and keep my PC running smooth and quick.


Posted by:

Dalton Tamney
08 Mar 2011

I've had this happen to me as well. I tried to delete the program but it would not go. Finally had to take it in to Staples to have it removed. It also happened on another computer. That time System Restore got rid of it but what a pain in the butt.


Posted by:

Bob Pegram
08 Mar 2011

There is a comprehensive list of fake anti-malware programs on the Lavasoft website. Trend Micro SHOULD NOT be on the list of good programs. When it protects it is fine. When it gets compromised with malware it can't handle, it locks up the computer in a way that makes even cleaning it up difficult at best. Any time I am hired to clean up a computer from infections, I wince if I find out they had Trend Micro. I also charge a lot more since it will take me a lot longer.


Posted by:

Jery
08 Mar 2011

I was hit by a Trojan last week; stopped everything cold. Called itself "Spyware Protection". It prevented access or activation of my MS Security Essentials or on-line Panda, AVG, etc. After going to a "Geek" house to clean it, finding them too busy, I decided to research and see if I could handle it.

I decided to log in under my administrator log-in and, from on-line discussions, I found info indicating actual system files might be duplicated as a hi-jack action and imitating the actual system file. I found the MS0cfg32.exe file was not the right size per system research info. I deleted it, and everything returned to normal and I was then able to run a full battery of scans using MS Sec. Essential. Rather nasty bit of work.

I'm betting it came through a recent download based on your article.


Posted by:

Andy Knutson
08 Mar 2011

I had a program take over my machine, it wouldn't even let me open task manager. I did a power shut down, opened in safemode and ran Malwarebytes. That seemed to do the trick


Posted by:

Rakibuzzaman
08 Mar 2011

Is Norton safe??


Posted by:

Hank
08 Mar 2011

It wasn't a fake program but Panda took me for $100.00 when I downloaded and before I could install their program discovered they were automatically going to uninstall my Norton. When I said no, and that since it was never installed, I would like a refund, they said too late, you started the download, it's your loss. Contacted their Tech Services and they said they didn't know it would uninstall Norton.


Posted by:

gt
08 Mar 2011

I'm surprised you didn't mention Patrick Kolla's "Spybot Search and Destroy". It's been around for a long time, is free, and includes real time protection. It has treated me well and protected me for years.


Posted by:

mur_phy
08 Mar 2011

As an Admin in PC Tech in PalTalk, I and many others deal with numerous situations relating to rogueware on a daily basis. Sometimes a system restore will solve the problem and sometimes it will have to be done in safe mode. Sometimes on can use Fake Anti Virus Remover, Malwarebytes and SuperAntiSpyware will work but often Safe Mode is required. Generally before doing anything much, msconfig or Startup in C Cleaner needs to have all items terminated before doing scans. Sometimes the offending rogue will have to be stopped in Task Manager. Sometimes Task Manager has to be accessed at an initial boot by holding down Alt+Ctrl + Del at time of boot until the TM opens. Last solution will be the use of Combo Fix but an expert will be needed to read the log.
Means of protection will include the use of MSE + IObit Malware Fighter or combining Avast, Avira or AVG with things like Spywareblaster. Have the other scanners installed and available.


Posted by:

Rod Webber
08 Mar 2011

Had this one last Sunday,"system tool", a pain to get rid of. Bleepingcomputer.com's help was invaluable! Rod from England.


Posted by:

suhail gupta
08 Mar 2011

A very good article.
Thank you


Posted by:

John
08 Mar 2011

My comment regarding Trojans is "Beware of Geeks bearing gifts".


Posted by:

Mike
09 Mar 2011

The worst are the drive-by's, the ones that download infections into your computer just from connecting to their site. And they seem to come in the form of rogue anti-malware that claims you're infected and allows NOTHING to work until you "buy" their program. (Yeah, it's infected, by your fake program!) While running Vista, I FOOLISHLY disabled the annoying User Account Control that nagged me for nearly every function in the computer. Fortunately, MalwareBytes was able to rid me of the infection, and I re-enabled UAC. Now, with Win7 and MSE, I'm fairly worry-free. On rare occasion, I'll run a scan with MalwareBytes, and sometimes Lavasoft's Ad-Aware, or Spybot just for peace of mind.


Posted by:

Howard
09 Mar 2011

Good article, right on the money. I have been warning my friends for many months about this subject and have fixed a few computers that have been infected with fake AV. As for the real thing, I have had great success with AVG Free, SuperAnti-Spyware and Malwarebytes, all of which are totally free. I have Microsoft Security Essentials, but I'm not overly impressed with it.


Posted by:

Dave in Indy
09 Mar 2011

The ones that I have seen in the past two years start popping up their balloons all over the place on an infected PC and take control over your system. They even went as far as uninstalling Malwarebytes.

Doing a search for the name of the software that they are trying to sell you will indeed get you (often) good instructions.

For most instances you need to download an .exe that will stop the rogue and then run Malwarebytes to clean up the remnants.


Posted by:

steven
09 Mar 2011

My cure is to use combofix from bleepingcomputer.com AND malware bytes AND super antispyware.com. For reasons unknown, some people(Mostly female) just keep falling for the same exact scams, over over again. You must update the latter two. You may have to uncheck the proxy server in the internet properties, if your internet is no longer working.


Posted by:

Eddie
29 Mar 2011

The first time I fell for a rogue Software program. After I just clicked on the site of PX Anti-Virus 2011. It Hijacked all my browsers, in toatl I had 36 trojans & malware installed by these Bastards. I could not even get into my Emails any longer. So please if you encounter this site - RUN RUN RUN


Posted by:

Miles3298
18 Jun 2011

You may want to know that there's a fake AVG or two out there. My dad managed to snag it while he was supposed to he working... He called me in there to see what that stuff was that popped up, and you could see the obvious fake stuff. He was running Windows 7 and there was an image showing of a standard XP "my computer" screen, but with everything marked with a red infected. What was sitting in front of it? Something along the lines of "AVG Security Suite" was sitting there staring at me. It had (what was close enough to at least) the official icon set and a similar GUI to a real AVG product, but it was as fake as it gets. Removal wasn't that much of a pain, since all I had to do was delete the lone file after task killing it, but it should be known that there's a fake one out there that's lightly armed and ready to take your money.


Posted by:

Oscar
17 Jan 2015

I have had family and friends call for help with these Fake spyware programs. One i have run into several times is PC PRO. It offers a free scan and once you approve your pc is infected. System slows down, your internet has unending POP UPS. It is just a bad, nasty program. I have had success in removing it with Superantispyware. It knocks out the "PC PRO" program then cleans and PUP infections. then i follow it up with malwarebyes and that seems to do the trick.
I always advise the people never to click ok for a free scan from these predator programs.


There's more reader feedback... See all 30 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Fake Anti-Spyware Programs (Posted: 7 Mar 2011)
Source: https://askbobrankin.com/fake_antispyware_programs.html
Copyright © 2005 - Bob Rankin - All Rights Reserved