Malware masquerading as Microsoft Security Essentials?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Does anyone know of malware that might masquerade as Microsoft Security
Essentials? My mother, who is 80+ years old, has a PC that I gave her
several years ago. I configured it for her and update it every time she
visits (she lives 500 miles from me). I never installed Microsoft
Security Essentials. Suddenly she is getting a popup claiming to be from
Microsoft Security Essentials saying it has detected a severe threat.
Not being there to actually see what is going on, I am suspicious that
she inadvertently downloaded some malware.

--

Dennis

Re: Malware masquerading as Microsoft Security Essentials?

Dennis wrote:

Quoted text here. Click to load it

I personally am not aware of any.

Quoted text here. Click to load it

I think you will find she installed it from Windows Update .. where it
appeared, and needs to be physically/manually UNchecked to refuse it.
And it will continue to re-arrive checked.

I had the same kind of situation with my mother 250 miles away (who died
at 87), so my brother and I told her not to accept any kinds of updates
or software installation, and to let us do it. Fortunately my brother
was close by. I bought her her first computer for her 80th birthday.

--
   -bts
   -Four wheels carry the body; two wheels move the soul

Re: Malware masquerading as Microsoft Security Essentials?

On Wed, 6 Oct 2010 12:24:11 -0400, "Beauregard T. Shagnasty"

Quoted text here. Click to load it

I had turned her Automatic Windows Updates off. Unless she turned it on
somehow this shouldn't be the problem.

Can Microsoft Security Essentials even coexist with her other real-time
scanner ... Avira Free?

Quoted text here. Click to load it

Same here. I keep telling her not to open attachments, not to install
software when offered, and not to visit websites except for the few she
always visits (QVC, etc.). But she obviously has done something.

I told her to turn it off and take it up to the local computer repair
store and ask them what it might be. It's hard to troubleshoot something
like this from a distance. ;-)

--

Dennis

Re: Malware masquerading as Microsoft Security Essentials?

wrote:
Quoted text here. Click to load it

For troubleshooting over any distance use (Remote Support):
http://www.teamviewer.com/index.aspx

I use TeamViewer to install software, and/or help with troubles,
with someone on the other side of this planet.
(Europe vs. Australia).

Works very nice.
She is looking on her monitor in Australia, to see what I am doing on
her PC at my monitor in Europe.

The first time you have to get used to the idea, but it works smoothly.
 :-)

--
Fred W. (NL)

Re: Malware masquerading as Microsoft Security Essentials?

wrote:

Quoted text here. Click to load it

I'll take a look at it.

Thanks,

--

Dennis

Re: Malware masquerading as Microsoft Security Essentials?

Per FredW:
Quoted text here. Click to load it

+1 on TeamViewer, although I use the locally-installed version.
--
PeteCresswell

Re: Malware masquerading as Microsoft Security Essentials?

wrote:

Quoted text here. Click to load it

As opposed to the browser based version?

I am definitely going to look into installing this after I clean up my
mom's PC.

--

Dennis

Re: Malware masquerading as Microsoft Security Essentials?

Per Dennis:
Quoted text here. Click to load it

Yes.   I have not looked into the browser-based version but from
context of the advertisements I've received it seems like it
promises the ability to connect to a PC that has no TeamViewer
software installed on it.

Dunno what the tradeoffs are - or even if I've got it right - but
it seems like a way to get the local app installed on the remote
PC without driving to it if nothing else.   And who knows? Maybe
the tradeoffs aren't all that bad and the browser version would
be 100% sufficient.

I used to use Remote Desktop.   But RD takes awhile to get going
- especially if you VPN to the remote PC.   The TeamViewer
connection comes up almost instantaneously: doubleclick the name
of the remote PC on TeamViewer's list and *Shazam!*... you're
looking at the desktop.
--
PeteCresswell

Re: Malware masquerading as Microsoft Security Essentials?

wrote:

Quoted text here. Click to load it

Sounds like the locally installed copy on the remote PC is always
running in the background.

I'm not sure TeamViewer would have helped in this situation ... don't
know if the malware on my mom's PC would have allowed TeamViewer to
connect. But it sounds worthwhile for a lot of the other "support" phone
calls I get from my mom. Trying to imagine what exactly she is doing or
talking about is a real challenge.

--

Dennis

Re: Malware masquerading as Microsoft Security Essentials?

wrote:

Quoted text here. Click to load it

So if you wanted to use TeamViewer to run an antivirus scanner from
your computer to work on the other person's, would that work?  Or does
there have to be a CD in the cd drive of the person you are helping?


Re: Malware masquerading as Microsoft Security Essentials?


| wrote:

Quoted text here. Click to load it



| So if you wanted to use TeamViewer to run an antivirus scanner from
| your computer to work on the other person's, would that work?  Or does
| there have to be a CD in the cd drive of the person you are helping?


Remote Access and Remote Control are two different things.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Malware masquerading as Microsoft Security Essentials?

Per mm:
Quoted text here. Click to load it

I would say "Yes" as long as the scanner can run while Windows is
up and running.
--
PeteCresswell

Re: Malware masquerading as Microsoft Security Essentials?

wrote:

Quoted text here. Click to load it

I looked at the TeamViewer pdf brochures on their website but could not
find an answer to this:

Does the software that is installed on the remote site run in the
background ... waiting for someone with the full version to connect with
it? Or does the remote user have to start a program (TeamViewer
QuickSupport?) every time?

--

Dennis

Re: Malware masquerading as Microsoft Security Essentials?

wrote:

Quoted text here. Click to load it

The very first time I think the two sides have to be incommunication
by instant messaging or email or phone, or a personal visit, because
there is some password-type number that has to be relayed to the
remote site.

After that, I haven't installed it yet, (but I laid down the law for
that girl I help and told her I had to install it or I wouldn't keep
helping her).

However, my guess would be that whichever way it is envisioned and
designed to run most of the time, it could work either way you say.  

Loads of programs these days have parts that insert themselves in the
start-up routines, ready to go in a second's notice, instead of 5
seconds if you hadn't run them at startup.  People like me turn off or
uninstall most of those things.  Using an option within the program or
msconfig.exe if necessary.

OTOH, any program at all can be inserted in the Startup folder, for
example, so that it starts when Windows starts.  I used to have both
solitaire and my email program starting at boot time.

It talks about unattended computers working with this, so in that
case, the program has to be running already.  OTOH, other than that,
it's a decision to be made, probalby by whoever runs the remote
computer.

Re: Malware masquerading as Microsoft Security Essentials?

Per Dennis:
Quoted text here. Click to load it

It's an option you set at install time on the remote PC.

I always set it to start itself whenever Windows starts up.

Otherwise, you have to tell the user to start it.

There's another little angle:  default operation is for the
remote instance of TeamViewer to offer up a one-time password
that the user has to tell to whoever wants to connect.

e.g. 4f27px

I find that way over the top for my users - who I wouldn't even
want to have to start the app for me.

So, when I install it on the remote, I take advantage of the
"User-Defined" password at install time and make it the same
value for all the people (family members) that I support.

Going that route, I just enter that PW in my end, tell it to
remember that PW, and I can connect instantly just by
double-clicking.

The only other thing is that each remote user is identified by a
nine-digit number  e.g. "475 884 409".    TeamViewer offers a
facility where you can associate each users number with a name
you make up and have them appear on a list where ever/whenever
you are.

The user-defined PW route definitely is not for everybody.   If
one were to do it without telling the user, I'd call that a major
breach of trust.
--
PeteCresswell

Re: Malware masquerading as Microsoft Security Essentials?

wrote:

Quoted text here. Click to load it

Well say you did set up Teamviewer to work, without the other party's
knowledge.  He doesn't know you've installed it and doesn't know it
runs whenever he starts his computer.  You would have to be sure he
was out of the room, wouldn't you?

If he was in the room and you were doing things, wouldn't it show on
his monitor????

OTOH, can he continue to do things on his computer when Teamviewer has
handed control off to you??  Can you share control?

And is it possible for you to do nothing but watch what the remote
party does??

Re: Malware masquerading as Microsoft Security Essentials?


Quoted text here. Click to load it

My experience with the free version is as follows:

The user you want to team view with, installs and runs the program. It
gives them a unique code; you fire up your copy and put this code in
teamviewer to "dial out". and it does the rest. As the code isn't the
host ip address, I'd bet most of the data is routed thru teamviewer
servers and not a direct connection between the two computers.


--
Some people are like a Slinky. Not much good for anything, but you can't
help but smile when one tumbles down the stairs.

Re: Malware masquerading as Microsoft Security Essentials?

wrote:
Quoted text here. Click to load it


There is the "full" version (recommended):
http://www.teamviewer.com/download/index.aspx
But there also other versions.

I prefer the portable version, but that is a personal preference.
(page down for the portable version.)


Please download the "manual" (First steps - PDF) on this page:
http://www.teamviewer.com/solutions/remoteaccess.aspx
(one page - explains all)

--
Fred W. (NL)

Re: Malware masquerading as Microsoft Security Essentials?

wrote:

Quoted text here. Click to load it

Correction ... she still has AVG.

***

Follow-up: I walked her thru the steps to check to see if "Windows
Automatic Updates" was turned on. She says it is turned off.

I had her look thru Add or Remove Programs to see if Microsoft Security
Essentials was installed. She couldn't find it under the list of
installed programs that began with "Microsoft*".

I asked her to start AVG in order to perform a scan. She said AVG
wouldn't start.

I then asked her to start Task Manager to see what was running. That
wouldn't start.

Granted, she is 82 years old and may not be performing these steps
correctly, but I am beginning to think something is amiss. ;-)

--

Dennis

Re: Malware masquerading as Microsoft Security Essentials?

wrote:

Quoted text here. Click to load it

No no, she's right.  Task Manager wouldn't start for me either with
the phoney-MSE problem, and on my other friend couldn't start her AVG
with whatever problem she has.


Site Timeline