Protect yourself against FAKE Anti-Virus and FAKE Anti-Spyware Software…

A day does not go by that I do not read about, and/or have someone contact me about, the FAKE anti-virus software or FAKE anti-spyware software programs that are rampantly infecting people’s PC’s.

It seems that the designers of these rogue and malicious software programs have found their niche on the underbelly of the internet and are apparently too criminal in nature to use those talents to benefit the good of the internet. What they are doing, in essence, is breaking into your PC, with criminal intent to extract something from you (through extortion and ID Theft). It is really no different than someone breaking into your home.

The rogue anti-virus software and anti-spyware software I am referring to is the type where you are on the internet and all of the sudden an alert pops up informing you that your PC has been infected by a virus or spyware; OR you turn on your PC and find that your desktop background is gone and a message is displayed indicating your PC is infected. The alerts look very official and real, and will even replicate a Microsoft Security alert or a brand name security product. The objective is to scare you into buying something that you think is real. Most people attempt to close the rogue application and the problem only worsens and becomes a nuisance that will not go away. If you are seeing it on your screen, you have already been infected. I’ve seen the infection of these things actually snowball and increasingly get worse. As a matter of fact, even after cleaning a PC of the infection, I personally would be real hesitant in putting out any personal information (i.e. credit card, banking, passwords) until I was absolutely sure that all remnants have been eradicated. Removal of these rogue programs are very difficult.

How is this happening to people?

It is happening by the “click” of the mouse through a variety of channels. It all happens pretty much the same way, no matter the channel. The user interacts, the system becomes infected with a Trojan downloader (that connects to the internet and downloads other Trojans) and/or becomes infected with a Trojan dropper (a program designed to install malware such as FAKE software). The common channels for malware are:

  • Spam, Chain and Scam Email
  • Search Engine Results (that leads to an infected “hacked” web page)
  • Porn Sites
  • Gaming Sites
  • Software Pirating Sites
  • Screensaver and Wallpaper Sites
  • Community Social Sites
  • File Sharing
  • Torrents
  • Shady Forums
  • Instant Messaging

What can be done to prevent or stop this?

  • Using the list above, avoid any site or service that is not credible or morally wrong OR any site or service where you are randomly and directly interacting with other people (that you do not know). I know this may sound rather drastic, but believe me, it works!
  • Monitor the internet activity of your children and set firm rules and limits. The majority of infections occur in households where children and teenagers have very liberal access to the internet; AND please do not be lured by the myth that our children are computer savvy. Don’t let the children teach you; educate yourself and teach your children.
  • Ensure your PC is equipped with at least the basics of layered protection (i.e. firewall is “on”; windows updates are maintained; anti-virus, anti-spyware, and anti-malware are installed, etc.).

What resources are there available to remove these infections?

If it is obvious that your PC has been hooked by one of these FAKE anti-virus or anti-spyware alerts, the first thing I tell people is to write down what they are seeing on the screen (i.e. name of the software, is there an icon showing up in the taskbar tray, etc…). It is imperative to identify and describe the issue in order to research and find credible removal instructions. The second thing is, do not attempt to use your mouse to interact with the alert. Shut down your PC and if connected to a network, unhook the network cable. Contact your tech support person; or if you are technically savvy, research the issue for removal instructions using another PC.

The resources that I use to educate myself and assist other people with the removal of these FAKE anti-virus and anti-spyware are:

S!Ri.URZ – Use this blog site to search for and identify what you may be seeing on your screen. If you are successful, you will be instructed to use a program called SmitFraudFix to remove the infection.


SmitFraudFix – Tool utilized for the removal of a variety of the FAKE malware that we are now being bombarded with.


Spyware Techie – Another blog site that will assist you with searching for and identifying malware


Microsoft Malware Protection Center – A Microsoft blog dedicated to researching malware and providing detailed statistics and graphs of what is going on out there.


Malwarebytes Anti-Malware – Can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect. Can download and use for FREE. The realtime protection, scheduled scanning, and scheduled updating is not activated in the FREE version. I have this installed on my PC and I periodically run the scanner as part of my normal maintenance routine.


SUPERAntiSpywareDetect and Remove Spyware, Adware, Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits and many other types of threats. A FREE and Professional version are available. I also have this installed on my PC and I periodically run the scanner as part of my normal maintenance routine.


Tech Thoughts – Awesome source for Security and System Tools and Tips. Software Reviews, News, Views, Downloads and Links. If something out there is a threat to us all, Bill will be writing about it.


Tech-for Everyone – Another awesome source for how-to’s and tricks & tips and general computing advice.



13 thoughts on “Protect yourself against FAKE Anti-Virus and FAKE Anti-Spyware Software…

Add yours

  1. Rick,
    Thank you for the nice word about my How To blog on this dead-on-accurate, timely, and important article.

    Blogging is my passion, but providing tech support is my business: I can attest that this form of cyber-crime is rampant and is THE leading source of my calls.
    Most often, these rogue apps are beyond removal by all but the most advanced techniques (it doesn’t make my job easier that the person clicked [and/or paid] for the “Pro” version and installed it). It takes a few hours if it’s doable at all, and the only way to be completely, totally certain that you’ve truly cleaned your infection is to wipe your hard drive.

    I would like to add, if I may, some further advice for your readers– the leading cause of this is browsing to an infected (hacked) webpage.. an anti-phishing toolbar (or ‘plug-in’) such as WOT, or SiteAdvisor, or even the built-in one, can help people avoid going to those sites in the first place.
    Also, make sure one of the anti-spyware tools on your machine has an “active” shielding mode (heuristics) or use the excellent Threatfire app.



  2. Safe security practices recommend using a non-administrative user account – this is most helpful when children and coworkers are behind the wheel as a simple delete of the user’s profile will resolve 99% of the problems. Reason being: “user” level authority does not allow any system level changes to be made – registry or hdd… This method however DOES NOT replace the need to have the above mentioned security layer of anti-malware software.

    However, most people find having to log out and log in as root or admin rather cumbersome and impractical; as such, it is rarely used, even by me at home. However, my coworkers still ask why they can’t change their own settings in the control panel….Power trip?…..Maybe….Better safe than sorry…Priceless.


  3. TechPaul,

    Thanks again for your input and advice. Very much respected and appreciated… I am going to add “browsing to an infected (hacked) web page to the list of culprits…



  4. Jeremy,

    Thanks for your input… I do agree with you on the practice of utilizing the “non-administrative” user account(s). It is actually a very good layer to have in place; but, I find most people do not understand the concept and like you said do not like it when it is in place.



  5. I just got a malware Trojan virus over the weekend (called virtumonde). Ad-aware wouldn’t see it and Spybot couldn’t remove it. I did some research and found that would remove it. Worked like a charm. Full scan in safe mode. I haven’t seen a trace of it since using it.

    I haven’t had an active virus in 3 years (until last week). I do wonder why my Norton Anti-virus 2007 never said anything about it though. It just left it right in.



  6. Thanks for this excellent article Rick.

    I agree with both TechPaul with respect to installing Internet Browser protection, and with Jeremy, in terms of running with Limited-user accounts. Neither will make you exploit-proof however, but both will generally make you safer.

    Using Windows XP’s Fast User Switching option, you can have both an administrator and a limited user logged in. Run with limited privaleges and when you require administrator rights, switch users to the administrator, complete the task, and switch back. Not perfect but…..

    Finally, I’m surprised that DW was infected by Virtumonde since this adware has been around since 2006, and should easily have been recognized by Norton Anti-virus 2007.



  7. Bill,

    Thank you! I AGREE with you all… This is why I hang with such a great bunch…

    The Fast User Option is a good one; but, I find, as with everything else with this stuff, the majority of people do not understand any of it (referring to home based users). In the actual business network environment, I say lock it down as tight as possible. It’s one thing if you have one or two PC’s at home that become infected and it is another thing if you are managing a business network and 50 of them become infected.


  8. Sorry Rick, I just think TechPaul, Bill and myself just want to stimulate our technological minds. 😉

    I agree and disagree with you on the home based users being illiterate when it comes to computers…this push is to make them literate. Microsoft coming out with a Windows HOME Server. Source:

    Home users best get used to the real world practices…You buy the server pre-built and installed and you’re expected to manage user accounts and storage.


  9. Hey “J” (Jeremy),

    I love it… I may have to do a blog post on the HOME Server… Good find…

    Oh, TechPaul and Bill Mullins… Great Tech people! I am fortunate for their obsession and contributions to the cause.

    Funny, we get on this topic… Ran into someone last night that is actually using the User Accounts and did understand it “a little bit” LOL…



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Powered by

Up ↑

%d bloggers like this: