Daddy Bob



How to Spot Rogue (Fake) Anti-Virus Software

Have you seen an advertisement or similar pop-up messages telling you that you computer is infected and offering a free PC scan or to clean your computer of supposedly infected files? They try to scare you into running their program.

 NEVER run any scan offered in this way.

They are almost always attempts by malevolent persons or organizations to install malicious software (malware) such as a Trojan horse, keylogger, or other spyware. Such software is referred to as rogue (fake) anti-virus scareware. They try to scare you into paying them to remove problems that either do not actually exist or have been placed there by the program itself.

They not only want your $50 or more right now to remove a problem they created, they also want your credit card information so they can use it for their own benefit.  Then after several months have passed, the rouge anti-virus mysteriously resurfaces and the process repeats, hopeful that you have acquired a new credit card by then.

How can your system get infected? The primary way rogue anti-virus software gets on your system is the result of you, the user, clicking on a malicious link in an advertisement or similar pop-up message. You could also just go to an infected website that may look legit and it will automatically download without your knowledge. The wording contained in the advertisement is usually something alarming, designed to get your attention and attempt to convince to you scan your PC or clean it immediately with the offered tool. The fake program only detects problems that donít exist and may even create some real problems. This is way these are sometimes referred to as "Scareware".

The names of the fake programs sound legitimate, and often, in a further attempt to make the malware appear legitimate, the programs may prompt you to pay for an annual subscription to the service. Here are a few of the names used: Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, Antivirus 2008, Antivirus 2009, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, Ultra Antivirus 2009, Green AV, Anti-Virus 360, WinDefender, XP Internet Security, Security Essentials 2010 and RegistrySmart.

Any kind of website can host ads for rogue anti-virus. However, the most likely sites for this type of malware are porn sites, movie trailer sites and social networking sites like Twitter, Facebook and My Space. Especially notorious are file sharing P2P sites like uTorrant and Limewire. Some varieties of rogue anti-virus programs may get installed on your computer just by you visiting a website with a malicious ad or code, and you might never know youíve been impacted.

Why wonít your valid anti-virus and anti-spyware programs protect my computer? Though good anti-virus and anti-spyware programs will protect against many threats, they cannot protect against all malware threats, especially the newest ones. There are millions of different versions of malware, with hundreds more being created and used every day. It may take a day, a week, or even longer for anti-virus companies to develop and distribute an update to detect and clean the newest malware. Remember too that anti-malware programs can be overridden by user intervention.

What can rogue anti-virus software do to my computer? Just about anything, especially if you are using administrative-level access, like most users do when using your computer. Rogue anti-virus software might perform many activities, including installing files to monitor your computer use or steal credentials, installing backdoor programs, or adding your computer to a botnet. (Make it a zombie). The malware might even use your computer as a vehicle for compromising other systems in your home or workplace network.

Rogue anti-virus software can also modify systems files and registry entries so that even when you clean off some infected files or registry keys others might remain, or even allow the infections to be restored and active again after your system is rebooted.

Rogue anti-virus programs can install malicious Trojan files and make dozens of changes to your computer to ensure that the malware stays on the system and stays active. This type of malware often blocks access to valid security sites (anti-virus and anti-spyware companies, and operating system and application update sites like Microsoft) so that you wonít be able to patch or clean your system by visiting those valid sites.

Click HERE to download this article in a Microsoft Word format.


The materials in this site are provided "as is" and without warranties of any kind, either express or implied. To the fullest extent permissible pursuant to applicable law, I disclaim all warranties, express or implied, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose. I do not warrant that the functions contained in the materials on this site will be uninterrupted or error-free, that defects will be corrected, or that any site or the servers that make such materials available are free of viruses, spyware, adware, or other harmful components, although all efforts have been made to assure that they are. I do not warrant or make any representations regarding the use or the results of the use of the materials on this site in terms of their correctness, accuracy, reliability, or otherwise. You assume the entire cost of all necessary servicing, repair, or correction. Applicable law may not allow the exclusion of implied warranties, so the above exclusion may not apply to you.