Fake-alert software,
also called fake AV
or rogue anti-virus
software, is malware
that masquerades as
a legitimate
security
application. These
threats employ
social engineering
tactics to trick
users into
purchasing and
installing malicious
products. Once
installed, a system
scan appears to run
and subsequently
claims that the
machine is infected.
During the fake scan
several other
nefarious activities
occur in the
background,
including the
disabling of
legitimate security
applications. 1. Smart Scan:This step scans the system efficiently and quickly. In this mode, we scan only a list of predetermined locations that are the most common infection points. We determine these from our analysis of fake-alert threats. User-selected directories will not be scanned in this mode. This is the default scan mode used by Fake Alert Stinger. 2. Full Scan:This step scans the entire C:\ directory. A user may change (add or modify) the various entries under “Directories to scan.” This mode will scan every directory entry populated under “Directories to scan” on the main window. b) Fix to Scan: Often fake-alert infections will prevent the machine from working as expected. This makes the threat persistent and prevents users from remediating the infection. In some cases, fake-alert infections will hijack certain Windows Registry Keys that associate applications based on file extensions. The new detection mode Fix to Scan helps users in removing changes made by fake alerts. We recommend this mode of detection only when a user is unable to run any application. Fix to Scan restores the system to a state in which users can run other applications, including an anti-virus scan to detect and remediate the infection. Users should take the following steps: 1. Verify that file extensions are visible in Windows Explorer, with help from the Microsoft Knowledge Base article at http://support.microsoft.com/kb/865219#LetMeFixItMyselfAlways. 2. Open Windows Explorer and browse to the directory where the Stinger tool has been downloaded. 3. Rename the executable file to include a “.com” extension. For example, change “stinger.exe” to “stinger.com.” 4. Launch the file fakealert-stinger.com to run the Stinger tool. If this fails, rename the file to “stinger.bat” and launch it again. 5. Open the Preferences dialog by clicking the Preferences button. Ensure the preferences appear as depicted in the screenshot below. 6. Confirm the preferences and run a scan from the main window. 7. Fix to Scan repair does following: · Terminates malicious processes that hinder anti-virus software from running properly · Restarts Windows Explorer to remove any hooks created by malware to prevent reinfections · Fixes file associations and other Registry-based policies that are typically altered by fake-alert threats to remain active or to prevent the normal use of system tools 8. Once the scan finishes, uncheck the Fix to Scan option from the detection section in the Preferences dialog. Additional detailed information is available in the following Knowledge Base KB72240. |
|
|
© Leading Edge Information Pty. Ltd. All Rights Reserved. SYDNEY 133 Alexander Street, Crows Nest NSW 2065 P +612 9431 5332 F +612 9438 1033 MELBOURNE Level 1, 459 Toorak Road Toorak VIC 3142 P +613 9296 2015 |