Fake Antivirus and Spyware Doctor, Symbiotic?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View




I guess I've cleaned fake spyware cleaners from 2 dozen computers. You
know the ones:***

Total Security 2009
Windows System Suite
System Security
Personal Antivirus
System Security 2009
Malware Doctor
Antivirus System Pro
WinPC Defender
Anti-Virus-1
Spyware Guard 2008

And so on. I think most are based on Smitfruad or close variants.

When friends call, the first thing I do is google the fake du jour.

Googling always turns up all sorts of different removal procedures and
blogs. Most of them have similar embedded links to SpywareDoctor.

The linkages are subtle, and seem to be intentionally kept low key.
It's hard to explain, but try it! I bet more than 75% send you to
SpywareDoctor, without the usual fanfare. All the "blogs" and "removal
procedures" are done in the same precise, bland style.

Has anyone else noticed this, and suspected a "symbiotic" relationship
between SpywareDoctor and the fake AV Trojans?

***There should be international treaties to outlaw and prosecute the
purveyors of this crap. They will surely kill me some day!

Many thanks,,,

Re: Fake Antivirus and Spyware Doctor, Symbiotic?



Quoted text here. Click to load it

I just figured that it made good sense to load metadata with recent
threat nomenclature. Anyone searching for "Trojan/YetAnotherFake.AV" or
"Security Suite 2011" has a good chance of landing you on their (or an
affiliate's) webpage if loaded with such data.




Re: Fake Antivirus and Spyware Doctor, Symbiotic?




Quoted text here. Click to load it


Of course.

What I'm saying is, there are many sites with removal procedures and
blogs that send you to SpywareDoctor. Too many, it seems to me, to be
a coincidence.


Re: Fake Antivirus and Spyware Doctor, Symbiotic?




Quoted text here. Click to load it



I don't think they are related in any way to the actual malware, but the
methods they seem to use to obtain high seach engine results have always
made me suspicious.

Following a malware as suggested will lead to many supposed removal
tools (many of which are as bad or worse than the malware they are
purporting to remove). On occasion someone will post one rogue as the
solution to another rogue in the groups.

I'm not sure I even trust PCTools for anything. :o\



Re: Fake Antivirus and Spyware Doctor, Symbiotic?



On Sun, 27 Dec 2009 19:55:51 -0500, "FromTheRafters"



Quoted text here. Click to load it

Same here.

It's too bad the fake AV's are so hard to fix, and the fixes are not
real trustworthy. If someone was really ambitious and honest, they
could get rich (or at least famous).

There REALLY needs to be international laws dealing with the polecats
that spread them. Every time I have to fix one, I want someone put
behind bars. :D


Re: Fake Antivirus and Spyware Doctor, Symbiotic?





Turnipweed wrote:
Quoted text here. Click to load it

Yeah, what we really need is more laws, so the lawyers can become even
richer.  :)
Buffalo
PS: Anyhow, the free version of MBAM (MalwareBytes AntiMalware) and the free
version of SAS (SuperAntiSpyware) are both excellent programs that, it
sounds like, you might find very useful!



Re: Fake Antivirus and Spyware Doctor, Symbiotic?



wrote:


Quoted text here. Click to load it

Sounds as though you dislike lawyers more than viruses. That makes 2
of us. ;)

Quoted text here. Click to load it

I appreciate the kind offer, but I already have them.  They are among
the main programs I use against the despised fake AV's. My favorite
tools are FDisk and Format, if my friends have a Windows disk.

Happy New Year,,,


Re: Fake Antivirus and Spyware Doctor, Symbiotic?





Turnipweed wrote:
Quoted text here. Click to load it

Yep, FDisk and Format are two tools that really work when all others fail;
many times it is the quickest also.
Buffalo



Re: Fake Antivirus and Spyware Doctor, Symbiotic?



Buffalo wrote:
Quoted text here. Click to load it


Even better.. ClearHDD.exe
It's ancient, but it blows away the MBR faster than FDISK or any
partition editor

http://downloads.uol.com.br/windows/utilitarios/clear_hdd.jhtm

(Samsung used to have it on their "disk utilities" page, but probably
pulled it after a n00b bombed his hard drive with it)


Re: Fake Antivirus and Spyware Doctor, Symbiotic?



"Turnipweed" wrote:

Quoted text here. Click to load it

If you rely on other software to make the fixes then you'll never be
sure it's fixed. What you should have is a good understanding of the
OS, especially the registry and load points for drivers and user-land
executables and a good set of tools for diagnostics - including the
ability to boot a different OS (e.g. a Linux live CD) to inspect an
infected Windows system disk. Then, with access to the machine, you
manually make the changes yourself.

Quoted text here. Click to load it

Not with an off-the-shelf software fix.

What needs to be fixed (educated) are the users who install this
malware so they stop doing it.



Re: Fake Antivirus and Spyware Doctor, Symbiotic?





Quoted text here. Click to load it

Lots of times I remove the drive, and plug it into my own machine by
USB adapter. MBAM, SAS, and a couple of other scanners usually knock
it out, though it's way too time consuming. If my friend or relative
has proper backups and a Windows disk, I can do a clean windows
install in an hour. It sometimes takes me 2 or 3 hours to try and
salvage the OS.

Quoted text here. Click to load it

Very true.  I have educated many people on this, but they still fail.

Know why?

Because they get tired of clicking on the popups from their AV and AS
programs and turn it off. At least that's what most of them tell me.

Thanks, and Happy New Year,,,

Re: Fake Antivirus and Spyware Doctor, Symbiotic?




Quoted text here. Click to load it

That same was with me; I have MBAM too. I could not believe that so many
viruses could be there and turned it off, which turned into disaster. I
still feel that MBAM is overdoing, I cannot believe that even Yahoo or
Google have flaws.



Re: Fake Antivirus and Spyware Doctor, Symbiotic?



On Sun, 3 Jan 2010 20:59:41 +0800, Billabong wrote:
Quoted text here. Click to load it

I do hope that you don't seriously believe that? Some 'flaws' are probably
not accidental either, a cynic writes.

Cheers,

Roy


Re: Fake Antivirus and Spyware Doctor, Symbiotic?




Quoted text here. Click to load it

Before I had other anti-virus software and my computer was behaving in a way
that I was anything but glad; but I got used to all that. When I installed
MBAM, I thought if cannot be sinply true; if so many viruses are there, how
was my computer able to work? I actually did not know what to do: to delete
them or not? Today computer runs like a rocket, but still there might be
some of the malicious items in the Yahoo or Gmail, and Google too. I shall
try another AV to see if it is a false positive.

A story: http://tinyurl.com/y8fcpmp





Re: Fake Antivirus and Spyware Doctor, Symbiotic?





Quoted text here. Click to load it

You seem to be confusing "virus" with "malware". MBAM does not address
viruses (except peripherally) and is not a replacement for AV software.
It is best to have *both* available.



Re: Fake Antivirus and Spyware Doctor, Symbiotic?



Virus versus malware is just a detail to the average user. Do your parents
or my parents know the difference? I doubt it.


Quoted text here. Click to load it

Re: Fake Antivirus and Spyware Doctor, Symbiotic?




Quoted text here. Click to load it

it's an important detail. Same as knowing which side is positive and which
is negative on a battery; you only get one chance in some cases to connect
something correctly; or the magic smoke comes out. This is the same idea.

We don't deal with viruses, it's not the focus of our program; without a
seperate antivirus, your not as safe as you could be. Users even average
ones need to be educated.


--
... Those are my thoughts anyways...


Re: Fake Antivirus and Spyware Doctor, Symbiotic?



Quoted text here. Click to load it

As an aside, MBAM just (apparently) FPed on my:

C:\IBMTOOLS\APPS\ACCSUPT\as_setup.ex2 file.



Re: Fake Antivirus and Spyware Doctor, Symbiotic?



Quoted text here. Click to load it

That has nothing to do with the *fact* that they are different group
entities and different methods are used to address them.



Re: Fake Antivirus and Spyware Doctor, Symbiotic?



Actually it seems more like infinitesimal points of details for experts to
pontificate about.

The potential is you are equally hosed with a virus as you are with malware.

Quoted text here. Click to load it

Site Timeline