Securing the Tech: Fake Security Applications

This is the first in what hopefully becomes a series on security on Teching the Tech. Today I will be talking about fake security applications. This little insidious buggers get into your system by pretending to be a legitimate security application (antivirus, antispyware, firewall, etc.) when in reality they are a type of virus called a Trojan Horse. This type of virus pretends to be something it's not (in this case a security application) and when they are in they reek various degrees of havoc. In the past this havoc usually meant that it would erase vital system files so that your computer would crash and no longer function, but today they focus on forcing your computer to do their bidding. You don't want me to start listing these things. Imagine what they scum of the world are doing with their computers, and then imagine that they have coerced your computer to do the same.

My brother recently had an experience with one of these trojans called Antivirus System Pro. This program not only coerced his computer but prevented attempts to erase it by blocking Windows system functions that would be used to get rid of it. There are a lot of websites that tell you to download their own tool to get rid of Antivirus System Pro, but why should I trust them? So, what did we do?
1. Reboot the computer. This shuts down Antivirus System Pro (ASP) so it can't do what it does.
2. As soon as the task bar is visible, right click on it and select Task Manager from the menu that pops up. We will use this in the future to shut down ASP so we can uninstall it. Task Manager is blocked by ASP unless the task manager is already open.
3. Shut down ASP. In Task Manager it will be a .exe file with the words sysguard in it. The first four letters are randomized to make it harder to find. Right click on it and select End Process. Windows will ask you if you are sure and warn you that problems may ensue if you continue. Click End Process.
4. Install an antivirus application (a real one this time). I recommend Microsoft Security Essentials. It is free and works very well and found and removed ASP. You can get it by going to Microsoft.com and searching for Microsoft Security Essentials and clicking the download button.

All done! That should get rid of this little bugger.

Comments

Popular Posts