Fake Antivirus and Spyware Doctor, Symbiotic?

[Turnipweed]

I guess I've cleaned fake spyware cleaners from 2 dozen computers. You
know the ones:***

Total Security 2009
Windows System Suite
System Security
Personal Antivirus
System Security 2009
Malware Doctor
Antivirus System Pro
WinPC Defender
Anti-Virus-1
Spyware Guard 2008

And so on. I think most are based on Smitfruad or close variants.

When friends call, the first thing I do is google the fake du jour.

Googling always turns up all sorts of different removal procedures and
blogs. Most of them have similar embedded links to SpywareDoctor.

The linkages are subtle, and seem to be intentionally kept low key.
It's hard to explain, but try it! I bet more than 75% send you to
SpywareDoctor, without the usual fanfare. All the "blogs" and "removal
procedures" are done in the same precise, bland style.

Has anyone else noticed this, and suspected a "symbiotic" relationship
between SpywareDoctor and the fake AV Trojans?

***There should be international treaties to outlaw and prosecute the
purveyors of this crap. They will surely kill me some day!

Many thanks,,,

 

[FromTheRafters]

I guess I've cleaned fake spyware cleaners from 2 dozen computers. You
know the ones:***

Total Security 2009
Windows System Suite
System Security
Personal Antivirus
System Security 2009
Malware Doctor
Antivirus System Pro
WinPC Defender
Anti-Virus-1
Spyware Guard 2008

And so on. I think most are based on Smitfruad or close variants.

When friends call, the first thing I do is google the fake du jour.

Googling always turns up all sorts of different removal procedures and
blogs. Most of them have similar embedded links to SpywareDoctor.

The linkages are subtle, and seem to be intentionally kept low key.
It's hard to explain, but try it! I bet more than 75% send you to
SpywareDoctor, without the usual fanfare. All the "blogs" and "removal
procedures" are done in the same precise, bland style.

Has anyone else noticed this, and suspected a "symbiotic" relationship
between SpywareDoctor and the fake AV Trojans?

I just figured that it made good sense to load metadata with recent
threat nomenclature. Anyone searching for "Trojan/YetAnotherFake.AV" or
"Security Suite 2011" has a good chance of landing you on their (or an
affiliate's) webpage if loaded with such data.

 

[Bob Adkins]

I just figured that it made good sense to load metadata with recent
threat nomenclature. Anyone searching for "Trojan/YetAnotherFake.AV" or
"Security Suite 2011" has a good chance of landing you on their (or an
affiliate's) webpage if loaded with such data.

Of course.

What I'm saying is, there are many sites with removal procedures and
blogs that send you to SpywareDoctor. Too many, it seems to me, to be
a coincidence.

 

[FromTheRafters]

Of course.

What I'm saying is, there are many sites with removal procedures and
blogs that send you to SpywareDoctor. Too many, it seems to me, to be
a coincidence.

I don't think they are related in any way to the actual malware, but the
methods they seem to use to obtain high seach engine results have always
made me suspicious.

Following a malware as suggested will lead to many supposed removal
tools (many of which are as bad or worse than the malware they are
purporting to remove). On occasion someone will post one rogue as the
solution to another rogue in the groups.

I'm not sure I even trust PCTools for anything. \

 

[Turnipweed]

I'm not sure I even trust PCTools for anything. \

Same here.

It's too bad the fake AV's are so hard to fix, and the fixes are not
real trustworthy. If someone was really ambitious and honest, they
could get rich (or at least famous).

There REALLY needs to be international laws dealing with the polecats
that spread them. Every time I have to fix one, I want someone put
behind bars.

 

[Buffalo]

Same here.

It's too bad the fake AV's are so hard to fix, and the fixes are not
real trustworthy. If someone was really ambitious and honest, they
could get rich (or at least famous).

There REALLY needs to be international laws dealing with the polecats
that spread them. Every time I have to fix one, I want someone put
behind bars.

Yeah, what we really need is more laws, so the lawyers can become even
richer.
Buffalo
PS: Anyhow, the free version of MBAM (MalwareBytes AntiMalware) and the free
version of SAS (SuperAntiSpyware) are both excellent programs that, it
sounds like, you might find very useful!

 

[Turnipweed]

Yeah, what we really need is more laws, so the lawyers can become even
richer.

Sounds as though you dislike lawyers more than viruses. That makes 2
of us.

PS: Anyhow, the free version of MBAM (MalwareBytes AntiMalware) and the free
version of SAS (SuperAntiSpyware) are both excellent programs that, it
sounds like, you might find very useful!

I appreciate the kind offer, but I already have them. They are among
the main programs I use against the despised fake AV's. My favorite
tools are FDisk and Format, if my friends have a Windows disk.

Happy New Year,,,

 

[Turnipweed]

If you rely on other software to make the fixes then you'll never be
sure it's fixed. What you should have is a good understanding of the
OS, especially the registry and load points for drivers and user-land
executables and a good set of tools for diagnostics - including the
ability to boot a different OS (e.g. a Linux live CD) to inspect an
infected Windows system disk. Then, with access to the machine, you
manually make the changes yourself.

Lots of times I remove the drive, and plug it into my own machine by
USB adapter. MBAM, SAS, and a couple of other scanners usually knock
it out, though it's way too time consuming. If my friend or relative
has proper backups and a Windows disk, I can do a clean windows
install in an hour. It sometimes takes me 2 or 3 hours to try and
salvage the OS.

Not with an off-the-shelf software fix.

What needs to be fixed (educated) are the users who install this
malware so they stop doing it.

Very true. I have educated many people on this, but they still fail.

Know why?

Because they get tired of clicking on the popups from their AV and AS
programs and turn it off. At least that's what most of them tell me.

Thanks, and Happy New Year,,,

 

[Buffalo]

Sounds as though you dislike lawyers more than viruses. That makes 2
of us.


I appreciate the kind offer, but I already have them. They are among
the main programs I use against the despised fake AV's. My favorite
tools are FDisk and Format, if my friends have a Windows disk.

Happy New Year,,,

Yep, FDisk and Format are two tools that really work when all others fail;
many times it is the quickest also.
Buffalo

 

[Slarty]

That same was with me; I have MBAM too. I could not believe that so many
viruses could be there and turned it off, which turned into disaster. I
still feel that MBAM is overdoing, I cannot believe that even Yahoo or
Google have flaws.

I do hope that you don't seriously believe that? Some 'flaws' are probably
not accidental either, a cynic writes.

Cheers,

Roy

 

[FromTheRafters]

Before I had other anti-virus software and my computer was behaving in
a way that I was anything but glad; but I got used to all that. When I
installed MBAM, I thought if cannot be sinply true; if so many viruses
are there, how was my computer able to work? I actually did not know
what to do: to delete them or not? Today computer runs like a rocket,
but still there might be some of the malicious items in the Yahoo or
Gmail, and Google too. I shall try another AV to see if it is a false
positive.

You seem to be confusing "virus" with "malware". MBAM does not address
viruses (except peripherally) and is not a replacement for AV software.
It is best to have *both* available.

 

[The Central Scrutinizer]

Virus versus malware is just a detail to the average user. Do your parents
or my parents know the difference? I doubt it.

 

[Dustin Cook]

Virus versus malware is just a detail to the average user. Do your
parents or my parents know the difference? I doubt it.

it's an important detail. Same as knowing which side is positive and which
is negative on a battery; you only get one chance in some cases to connect
something correctly; or the magic smoke comes out. This is the same idea.

We don't deal with viruses, it's not the focus of our program; without a
seperate antivirus, your not as safe as you could be. Users even average
ones need to be educated.

 

[FromTheRafters]

Virus versus malware is just a detail to the average user. Do your
parents
or my parents know the difference? I doubt it.

That has nothing to do with the *fact* that they are different group
entities and different methods are used to address them.

 

[FromTheRafters]

it's an important detail. Same as knowing which side is positive and
which
is negative on a battery; you only get one chance in some cases to
connect
something correctly; or the magic smoke comes out. This is the same
idea.

We don't deal with viruses, it's not the focus of our program; without
a
seperate antivirus, your not as safe as you could be. Users even
average
ones need to be educated.

As an aside, MBAM just (apparently) FPed on my:

C:\IBMTOOLS\APPS\ACCSUPT\as_setup.ex2 file.

 

[The Central Scrutinizer]

Actually it seems more like infinitesimal points of details for experts to
pontificate about.

The potential is you are equally hosed with a virus as you are with malware.

 

[FromTheRafters]

Actually it seems more like infinitesimal points of details for
experts to
pontificate about.

Yes, it does seem that way to those that don't (and perhaps can't)
understand what the difference is. When the term virus was coined for
self-replicating code, it caught on and became a buzz word for anything
that can go wrong with a computer. Despite that, the definition still
stands. No amount of crying will repeal that.

The potential is you are equally hosed with a virus as you are with
malware.

Most experts currently agree that all viruses are indeed malware (and
they are wrong). The fact is that a virus need not be malicious - and in
fact can be a boon to mankind in the future. A virus is a virus because
of what it does, not because of how people feel about the results - not
the same for malware because malware by definition is malicious.

[...]

 

[Dustin Cook]

Actually it seems more like infinitesimal points of details for
experts to
pontificate about.

Yes, it does seem that way to those that don't (and perhaps can't)
understand what the difference is. When the term virus was coined for
self-replicating code, it caught on and became a buzz word for anything
that can go wrong with a computer. Despite that, the definition still
stands. No amount of crying will repeal that.

The potential is you are equally hosed with a virus as you are with
malware.

Most experts currently agree that all viruses are indeed malware (and
they are wrong). The fact is that a virus need not be malicious - and in
fact can be a boon to mankind in the future. A virus is a virus because
of what it does, not because of how people feel about the results - not
the same for malware because malware by definition is malicious.

[...]

And, malware is sometimes much easier to clean up. A fine example would
be the rogue program known as internetsecurity(antivirus)2010; it's an
annoyance, but not too difficult. A virus on the other hand, can be a
real pisser; it has self replicating code; and it could be inside
hundreds of files on your system by the time you notice something is
amiss.

 

[The Central Scrutinizer]

Most experts currently agree that all viruses are indeed malware (and they
are wrong). The fact is that a virus need not be malicious - and in fact
can be a boon to mankind in the future. A virus is a virus because

Please name one example.

of what it does, not because of how people feel about the results - not
the same for malware because malware by definition is malicious.

[...]

 

[Michael Cecil]

Please name one example.

KOH was one that was meant to be useful. It performed a type of whole
drive encryption, but IIRC it always did ask permission when it moved to a
new disk.