Memorial Day fighting cybercrime…

I had a great Memorial Day, but I ended up at the end of the day fighting cybercrime… The cybercriminal in this case was “AntiMalware Pro”…


If you look at the above screenshot of AntiMalware Pro, the application appears very legitimate and professional in appearance. You may even think it is associated with the legitimate version of Malwarebytes Anti-Malware. It is everything but that… What you are actually seeing isuninvited, unexpected, illegitimate, non-professional, dishonest, misleading, deceiving, intimidating  masquerading, malicious, fraudulentthe work of the cybercriminal.

The sad part about this particular situation was that the user (on a Vista box) was doing everything right, in terms of maintaining layers of protection (i.e. firewall, antivirus, antispyware, WOT, etc…) and by practicing safe habits on the internet. It was an innocent click of the mouse on a link in an email or website, or a downloaded file, that initiated this whole malware event. The user described it as a “Tennessee tick that would not let go!”.

In this case, I found on the users’ PC that AntiMalware Pro (and a mixed bag of other trojan goodies) generated pop-ups, hijacked the browser, hijacked the desktop, changed the screen resolution, created a browser redirect to the AntiMalware Pro site, disabled the anti-virus software, and prevented access to legitimate security sites. Another issue I never experienced before was that I could not enter “Safe Mode via the F8 key”.  I ended up using the MSConfig GUI to force the PC into Safe Mode…

Manual removal of AntiMalware Pro would have been very time consuming; however, in this case SmitFraudFix and Malwarebytes Anti-Malware, in combo, took this cybercriminal down and out.

The purpose of these rogue applications is to trick computer users’ into paying for the full version of the software by displaying false positives of malware infections and by totally causing havoc. First thing to remember; if an application such as this shows up uninvited, pull the plug on your internet connection and get help. Secondly, never purchase anything that you never asked to buy in the first place. Putting that credit card number out there under these circumstances will cause you more problems than you bargained for; besides purchasing malicious applications such as AntiMalware Pro will fix nothing. This whole malware process is about “taking” (your money and identity), not “giving”.


jaanix post to jaanix

Bookmark and Share


9 thoughts on “Memorial Day fighting cybercrime…

Add yours

  1. I really like your style Rick. You’re funny without intending to be lol.
    Anyway, I think it’s stupidity to install anything on your pc without checking first the app or program.
    As Bill of Tech Thoughts said, you have to be paranoid to ensure online safety.
    Great tip again from Rick.


  2. Rick,

    What a way to end a great holiday weekend! Super job in knocking out this parasite though.

    You have to see this crap (rogue software), in action to really see the damage it does, and the impact it has on innocent people.



  3. Excellent article, and thank you for sharing your experience.

    I would like to add for your readers (as, I’m sure you have already advised your friend) that should something like this happen to you (there’s currently several thousands of these types of “rogue” anti-malware and ‘registry optimizer’ out there on the Web):
    * Change all your login passwords
    * Check your credit report (invest in a Credit monitoring service) often.


    1. TechPaul,

      Being a tech, you probably have experienced this type of issue more than any of us…

      Thanks for the additional tips… Never even thought about checking with the credit bureaus, etc…




  4. T3CK,

    Thanks for commenting and visting… I love your avatar… I’m an ole’ redneck “T3CK” country boy myself…



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Powered by

Up ↑

%d bloggers like this: