Jump to content
TheHotfix.net is closing! Read more... ×
Sign in to follow this  
Apocalypse

[Warning] Security Essentials 2010 is fake and not from Microsoft

Recommended Posts

Well, it had to happen eventually. One of the oldest tricks used by rogue antivirus products is to use a similar name as, or have a similar look and feel to, legitimate security software. It’s been commonplace for them to mimic the Windows Security Center. So it was inevitable that the day would arrive when a rogue would masquerade as something similar to Microsoft Security Essentials. If anything, it surprises me a little that it’s taken so long.

This one calls itself “Security Essentials 2010” and looks something like this:

fakeinit_scan_result.png

For the record, this is how the real Microsoft Security Essentials appears when it has detected a threat (in this case, Win32/Fakeinit):

Security_Essentials_detects.png

As we in the MMPC have always been quick to point out, Microsoft Security Essentials can be downloaded and used without charge by users running genuine Windows (from here: http://www.microsoft.com/security_essentials/). So anything mimicking Microsoft Security Essentials but asking for any sort of payment is clearly Up To No Good.

fakeinit_activate_dialog.png

We detect this imposter as Trojan:Win32/Fakeinit.

Fakeinit’s downloader not only installs the fake scanner component – it also monitors other running processes and attempts to terminate the ones it doesn’t like, claiming that they are infected:

fakeinit_warning_dialog.png

Aside from this, it lowers a number of security settings in the registry, and changes the desktop background to display the following rather alarming message:

fakeinit_desktop.png

It also modifies the registry in an attempt to prevent this background from being changed again.

Furthermore, it also downloads and installs a Win32/Alureon component, and another Layered Service Provider (LSP) component, also detected as Trojan:Win32/Fakeinit. This LSP monitors the TCP traffic sent by various Web browsers that the user might have installed, and blocks any traffic to certain domains, instead displaying the following:

fakeinit_blocked_domain.png

Source : Microsoft TechNet

Share this post


Link to post
Share on other sites

When will these people just give up...their doing more harm then they are good <_<

Why can't they just write programs that aren't viruses...sheesh

Share this post


Link to post
Share on other sites

@diablofan: I wonder what motivation these writers of fake AV software get? I bet they get a buzz out of it all! <_<

And I bet once they have they have scammed the money out of people, they will spend the money on drugs and alcohol! :mad:

Share this post


Link to post
Share on other sites

i knw how to make virus and that wierd stuff, trust me guys, first it luk like fun, but after some time u will pay for it.......i was making viruses with my frnds for fun, but after some days i lost my data bcoz of my virus during testing.....i feel bad and i stopped doing it.....

Share this post


Link to post
Share on other sites

lol, dont mean to be harsh but then you deserved it, what kind of person "tests" its viruses outside of contained environment?! :rolleyes2:

Share this post


Link to post
Share on other sites

yeah i knw i deserve it......actually i accidently executed it when i was trying to pack it with an application.....:mellow:

Share this post


Link to post
Share on other sites

I got a link to a "security tool 2010" yesterday at a forum I posted in once in about 2 years, so I knew something was fishy. I first learned about these fake antivirus tools the hard way. A few years ago I had a popup in the taskbar area, the red Windows-something-is-wrong icon. I clicked it and it said I was infected, click here for a solution. It took me to a site where I could download the full app to remove the virus. I think it was called SpyAxe. Spyware Doctor (by PC Tools) in safe mode was the ONLY tool that could remove it completely the easiest. I had Spyware Sweeper and Symantec stuff running and they both missed it. That was back around 2005-2006. Spyware Doctor is good, but it slows down the PC and you cant run harddrive tools unless you uninstall or tweak it some kinda way. Again, that was back around 2005-2006.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×