Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
The Rogue Antivirus Guide
Message
<blockquote data-quote="Chromatinfish 123" data-source="post: 448915" data-attributes="member: 23007"><p>Rogue AVs are one of the mot problematic malware in the giant encyclopedia. Nowadays, Rogue AVs are on the decline due to advanced security and easier ways to earn money, such as CryptoWall Ransomware and KeyLoggers. More on those later.</p><p></p><p> Welcome, protective members of the MT forum. Please consult this guide according to the table of contents:</p><p></p><p><strong>Part I: Avoiding/Detecting Rogue Antiviruses</strong></p><p><strong>Part II: Removing Rogue Antiviruses</strong></p><p><strong>Part III: I've been robbed! What should I do?</strong></p><p><strong></strong></p><p><strong>Part I: Avoiding and Detecting Rogue Antiviruses</strong></p><p><strong></strong></p><p> <strong>Part A: Classic Rogue Antiviruses</strong></p><p> Classic Rogue Antiviruses try their best to make themselves indistinguishable from regular AV software, however some things of them stand out from normal AVs like Kaspersky (Note Part B of Part I to learn about Rogue Antiviruses Faking to be Real Ones).</p><p></p><p> <strong>#1: The Name</strong></p><p><strong></strong></p><p>The names of fake antiviruses are usually much more generic than real antiviruses. Chances are, if you have something like Antivirus Pro 2015, PC Doctor Antivirus, PC-Scan Pro, or anything of the sort, you have a rogue antivirus. </p><p></p><p> <strong>#2: The Publisher</strong></p><p><strong></strong></p><p>Most classic rogue antiviruses don't have developer names, which flags a red marking when installing them. Usually, windows will pop up a windows saying that there is no known publisher on this software and whether you want to proceed. Do not install!</p><p></p><p> <strong>#3: How they Try To Push You Their Product</strong></p><p><strong></strong></p><p>Sometimes, a window will pop up in you browser showing a scanner bar, then popping up a smaller popup window saying that you have x threats and download this to correct them. Furthermore, when you click the close button, a popup will come up saying something like "You have x threats. You are not safe," and with only an OK button returning you back to the page! </p><p></p><p>If this ever happens to you <strong>press the Alt+F4 Keys Together to close the window. </strong>Then go to a preferences window and deselect "open closed windows at startup" option if it was selected before. </p><p></p><p>Another sneaky tactic they might do is to buy a whole bunch of webpage addresses with common mistypings (yutube, goggle, gmil, you get the idea). Then when you go to the site, they'll do a drive-by download (A download that happens automatically when you visit a webpage) on you and you won't notice until you're already infected. To see how to counter this, consult paragraph II on Part B)</p><p></p><p><strong> Part B: Name-Faking Rogue Antiviruses</strong></p><p><strong></strong></p><p> <strong>I</strong> These are pesky little creatures, trying to be one-another! These types of rogue avs are a lot harder to detect! Usually, they use the tactics that Bullet #3 describes, above. However, they use a name like Norton Antivirus, Kaspersky Antivirus, and McAfee Antivirus, making them hard to detect. The interface is designed just to look like the genuine copies of these fakers and you feel more protected to open up your wallet and pay for a license. </p><p></p><p> <strong>II</strong> However, if you have bookmarks, you won't mistype as often and if you do, you should install a browser protection extension such as:</p><p></p><p><a href="http://www.mywot.com" target="_blank">Web Of Trust</a></p><p></p><p><a href="http://www.bitdefender.com/solutions/trafficlight.html" target="_blank">BitDefender Traffic Light</a></p><p></p><p><a href="http://www.webutation.net" target="_blank">Webutation</a></p><p></p><p>To stop rogue software advertisements:</p><p></p><p><a href="http:///www.adblockplus.org" target="_blank">Adblock Plus</a></p><p></p><p><a href="http://www.adguard.com" target="_blank">AdGuard</a> (Their full version costs $19.95, and includes browsing protection, parental control, as well as an ad blocker and cross-browser user script manager)</p><p></p><p><a href="https://www.ublock.org" target="_blank">uBlock</a></p><p></p><p>Also, uncheck "Open Trusted Applications Automatically After Downloading" or anything of that sort in your browser preferences (if you have that option). Sometimes rogue avs trick browsers into thinking they are genuine virus-free software.</p><p></p><p><strong>Part II: Removing Rogue Antiviruses</strong></p><p><strong></strong></p><p> Okay, your gramma's computer has already been infected with a rogue antivirus. It's demanding payment and furthermore, is not allowing any access to block its processes, uninstall it, or even download real av or scanner software! Even though you don't pay, Rogue AVs are still a nuisance and may send information like passwords from key logging to the developer. </p><p></p><p><strong>Step 1: Boot Into Safe Mode With Networking.</strong></p><p><strong></strong></p><p>Restart your computer. When it starts up, start holding down the F8 Key. Use the arrow keys to select Safe Mode With Networking and enter your password when the screen comes up.</p><p></p><p><strong>Step 2: Remove Proxies/Internet Barriers</strong></p><p><strong></strong></p><p>Some Rogue AVs induce proxies to stop internet connection, therefore not permitting you do access the internet to see articles like this one for help. Therefore you should remove all proxies by selecting the "No Proxy" setting on any Internet Browsers. You will not be able to download RKill if you don't have this done.</p><p></p><p><strong>Step 3: Stop Processes from running using RKIll.</strong></p><p><strong></strong></p><p><strong><strong><a href="http://download.bleepingcomputer.com/grinler/iExplore.exe" target="_blank">RKILL DOWNLOAD LINK</a></strong></strong></p><p><strong></strong></p><p>Download RKill From Above. (Link Courtesy of MalwareTips Blog. Thanks a lot Jack!)</p><p>It will be named I-Explore.exe. Double-Click the icon and it should start running. Once a log is generated, you can now close RKill. Do not, however, reboot your computer. Kill did not remove the elements necessary to restart the software next time you reboot.</p><p></p><p><strong>Step 4: Scan For Malicious Files.</strong></p><p><strong></strong></p><p><strong><a href="http://www.emsisoft.com/en/software/eek/download/" target="_blank">EMSISOFT EMERGENCY KIT DOWNLOAD LINK</a></strong></p><p></p><p>Download Emsisoft Emergency Kit From Above. Update Databases and then Scan for any malware. Try to use full scan by clicking Custom Scan then Scan the whole drive. </p><p></p><p><strong>Step 5: Double-Check For Malicious Files.</strong></p><p></p><p><strong><a href="https://www.malwarebytes.org/mwb-download/thankyou/" target="_blank">MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK</a></strong></p><p></p><p>Download Malwarebytes Anti-Malware from Above. Update Databases and then Scan for any malware (Run full scan). Delete any infected files.</p><p></p><p><strong>Well, You're Finished!</strong></p><p><strong></strong></p><p><strong>Part III: I've been robbed! What should I do?</strong></p><p><strong></strong></p><p>Unfortunately, nothing too much.</p><p></p></blockquote><p></p>
[QUOTE="Chromatinfish 123, post: 448915, member: 23007"] Rogue AVs are one of the mot problematic malware in the giant encyclopedia. Nowadays, Rogue AVs are on the decline due to advanced security and easier ways to earn money, such as CryptoWall Ransomware and KeyLoggers. More on those later. Welcome, protective members of the MT forum. Please consult this guide according to the table of contents: [B]Part I: Avoiding/Detecting Rogue Antiviruses Part II: Removing Rogue Antiviruses Part III: I've been robbed! What should I do? Part I: Avoiding and Detecting Rogue Antiviruses [/B] [B]Part A: Classic Rogue Antiviruses[/B] Classic Rogue Antiviruses try their best to make themselves indistinguishable from regular AV software, however some things of them stand out from normal AVs like Kaspersky (Note Part B of Part I to learn about Rogue Antiviruses Faking to be Real Ones). [B]#1: The Name [/B] The names of fake antiviruses are usually much more generic than real antiviruses. Chances are, if you have something like Antivirus Pro 2015, PC Doctor Antivirus, PC-Scan Pro, or anything of the sort, you have a rogue antivirus. [B]#2: The Publisher [/B] Most classic rogue antiviruses don't have developer names, which flags a red marking when installing them. Usually, windows will pop up a windows saying that there is no known publisher on this software and whether you want to proceed. Do not install! [B]#3: How they Try To Push You Their Product [/B] Sometimes, a window will pop up in you browser showing a scanner bar, then popping up a smaller popup window saying that you have x threats and download this to correct them. Furthermore, when you click the close button, a popup will come up saying something like "You have x threats. You are not safe," and with only an OK button returning you back to the page! If this ever happens to you [B]press the Alt+F4 Keys Together to close the window. [/B]Then go to a preferences window and deselect "open closed windows at startup" option if it was selected before. Another sneaky tactic they might do is to buy a whole bunch of webpage addresses with common mistypings (yutube, goggle, gmil, you get the idea). Then when you go to the site, they'll do a drive-by download (A download that happens automatically when you visit a webpage) on you and you won't notice until you're already infected. To see how to counter this, consult paragraph II on Part B) [B] Part B: Name-Faking Rogue Antiviruses [/B] [B]I[/B] These are pesky little creatures, trying to be one-another! These types of rogue avs are a lot harder to detect! Usually, they use the tactics that Bullet #3 describes, above. However, they use a name like Norton Antivirus, Kaspersky Antivirus, and McAfee Antivirus, making them hard to detect. The interface is designed just to look like the genuine copies of these fakers and you feel more protected to open up your wallet and pay for a license. [B]II[/B] However, if you have bookmarks, you won't mistype as often and if you do, you should install a browser protection extension such as: [URL='http://www.mywot.com']Web Of Trust[/URL] [URL='http://www.bitdefender.com/solutions/trafficlight.html']BitDefender Traffic Light[/URL] [URL='http://www.webutation.net']Webutation[/URL] To stop rogue software advertisements: [URL='http:///www.adblockplus.org']Adblock Plus[/URL] [URL='http://www.adguard.com']AdGuard[/URL] (Their full version costs $19.95, and includes browsing protection, parental control, as well as an ad blocker and cross-browser user script manager) [URL='https://www.ublock.org']uBlock[/URL] [B][/B] Also, uncheck "Open Trusted Applications Automatically After Downloading" or anything of that sort in your browser preferences (if you have that option). Sometimes rogue avs trick browsers into thinking they are genuine virus-free software. [B]Part II: Removing Rogue Antiviruses [/B] Okay, your gramma's computer has already been infected with a rogue antivirus. It's demanding payment and furthermore, is not allowing any access to block its processes, uninstall it, or even download real av or scanner software! Even though you don't pay, Rogue AVs are still a nuisance and may send information like passwords from key logging to the developer. [B]Step 1: Boot Into Safe Mode With Networking. [/B] Restart your computer. When it starts up, start holding down the F8 Key. Use the arrow keys to select Safe Mode With Networking and enter your password when the screen comes up. [B]Step 2: Remove Proxies/Internet Barriers [/B] Some Rogue AVs induce proxies to stop internet connection, therefore not permitting you do access the internet to see articles like this one for help. Therefore you should remove all proxies by selecting the "No Proxy" setting on any Internet Browsers. You will not be able to download RKill if you don't have this done. [B]Step 3: Stop Processes from running using RKIll. [B][URL='http://download.bleepingcomputer.com/grinler/iExplore.exe']RKILL DOWNLOAD LINK[/URL][/B] [/B] Download RKill From Above. (Link Courtesy of MalwareTips Blog. Thanks a lot Jack!) It will be named I-Explore.exe. Double-Click the icon and it should start running. Once a log is generated, you can now close RKill. Do not, however, reboot your computer. Kill did not remove the elements necessary to restart the software next time you reboot. [B]Step 4: Scan For Malicious Files. [URL='http://www.emsisoft.com/en/software/eek/download/']EMSISOFT EMERGENCY KIT DOWNLOAD LINK[/URL][/B] Download Emsisoft Emergency Kit From Above. Update Databases and then Scan for any malware. Try to use full scan by clicking Custom Scan then Scan the whole drive. [B]Step 5: Double-Check For Malicious Files.[/B] [B][URL='https://www.malwarebytes.org/mwb-download/thankyou/']MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK[/URL][/B] Download Malwarebytes Anti-Malware from Above. Update Databases and then Scan for any malware (Run full scan). Delete any infected files. [B]Well, You're Finished! Part III: I've been robbed! What should I do? [/B] Unfortunately, nothing too much. [B][/B] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
