Saturday, April 19, 2008

Fake Trojans

My PC had been running normally up until a couple of days ago when it suddenly started giving popup messages suggesting it's operating system was about to collapse because it was infected with trojans and spyware. A very official-looking Windows-type message then urged a full system scan. Clicking on this connected me to an apparently bogus spyware firm's website PC-Anti-Spyware which, you guessed it, offered to get rid of the trojans and spyware at a price. Then every 15 minutes PC Anti-Spyware operated as nagware with repeated popups that led to a new threat/offer: Get rid of what seem to be trojans and spyware and the annoying popups urging purchase, by making the payment. As the trojans seemed to be fake - my computer operated properly despite the claims of impending disaster - the main problem was the apparently unending stream of popup advertisements. Moreover, at $39-99US the anti-spyware software apparently does not even work.

My assumption is that this firm somehow installed or arranged to have installed these messages as a virus attached to a website I had accessed and then used the threat of them and the despicable popup sales messages to try to sell their bogus software. I say this because I have never contacted this firm nor sought any support or help from them in managing my software.

I searched the web for information and came to a website Spyhunter which warned of the PC-Anti-Spyware scam and offered to delete both PC-Anti-Spyware and the false messages. Again I was led through a series of webpages to yes, you guessed it again, a request for payment to actually remove the damaging programs. Again appalling stuff. I have no idea if Spyhunter is an offshoot of PC-Anti-Spyware.

I couldn't get rid of PC-Anti-Spyware using the McAfee package which I routinely run as background anti-virus software or by using old spyware removal favorites such as Lavasoft and Ad-Watch. Finally, I scouted the internet and found a number of favourable articles recommending Malwarebytes-Anti-Malware which I ran gratis. It seems after 24 trouble free hours (touch wood) to have finally got rid of the despicable PC-Anti-Spyware and the despicable popup messages although - being burnt several times in this last episode - I offer no guarantees regarding the use of this (or any) software.

This type of intrusion is socially costly. The cost to me was inconvenience over several days. Other people subject to the same scam would have eventually paid up and still had to endure the effects of the scam. I assume that legal action to prosecute these firms would be difficult to sustain because it might be impossible to prove that a virus had been loaded to provide the basis for a sale. Sometimes I despair of the ragged edges of free-wheeling capitalism and of anything-to-make-a-buck attitudes.


Jacques Chester said...


At the risk of sounding like a cliche, this wouldn't have happened if you had a Mac.

Anonymous said...

Damn straight it wouldn't have Harry - I have had a Mac for my whole life, had it connected to the internet for 10 years. It has never had anti-virus software installed, or any kind of spyware/malware checker.

In that time it has never had a virus, never had spyware, never had a trojan or any other malware installed on it.

Spec-for-spec a Mac is almost the same price as a Windows-based machine, but the gain in productivity is incalculable.

derrida derider said...

It's really simple - never, ever, ever click on a pop-up while browsing the net. And use Firefox or Opera rather than IE - they both have excellent pop-up suppression.

Windows has lots of problems, but the reason both Unix and Mac don't suffer from these problems is not so much that they're inherently more secure as that the sleazes don't target them because they're niches. If they were as popular as Windows they'd have the same problems.

Wednesday Keller said...

Oh derrida derider, that old chestnut?

Assuming that the Windows/OS X split was 50/50 I would bet you pretty anything you wanted that Windows would still have more viruses.

To put it simply OS X's fundamentals are much more secure being based on BSD/UNIX.

I suggest this particular article:

The main point:

So, let’s concede the point, just for the sake of argument: OK, fine, if the Mac had the same market share as Windows, the tables would be turned and there’d be just as many Mac security exploits as there are Windows exploits today.

Now what? Given that the Mac is never going to attain a monopoly share of the operating systems market — that merely expanding its share to, say, 10 percent would be universally hailed as an almost-too-good-to-be-true success — isn’t it thus only logical to conclude that the Mac is forever “doomed” to be significantly more secure than Windows?

Jacques Chester said...


By that argument Apache should have far more exploits than IIS. It just isn't so.

The problem is not so much with the underlying OS: the NT line of kernels support quite sophisticated security models. The problem is that by default there's almost no security model at all -- the standard user runs with Administrator (ie superuser) privileges and Windows is very promiscuous in allowing remote code to download and run. The mix is lethal.

In both cases a 'socially engineered' trojan will defeat any security scheme.

hc said...

I don't disagree wityh the claims made about MACs - I don't know. But my workplace has no MACs and apart from occasionally using one belonging to a daughter I have no experience with them.

Generally I find Windows great even though the virus problems are a pain.

Anonymous said...

Getting back to the problem. I had an earlier bout with something similar. Looked around and found a freeware A-virus solution. The second product wound up in the Start-up section and came back time after (start-up) time until I narrowed the existing problem down. Invested $40 in PC Doctor w/AntiVirus. The system has been clean ever since.

Anonymous said...

How did this become a MAC-PC thing? Both have pros and cons. I for one use programs that have no mac version. Now I could buy a mac, run parallels and run my app but then I am still using Windows so what is the point in buying the mac?

I would beg to differ with the price being equal spec-for-spec.

Now for the topic of fake trojans. I have never had one but I have cleaned many. I boot to safe mode, run combofix and malwarebytes, and check the host file to see if it has been changed.