6 Replies Latest reply on Mar 7, 2011 5:40 PM by Hayton

    FAKE Antivirus software

      I have been using McAfee for some time without any problems - I have a 3 user licence.  However, recently I was hit with the "System Tools Virus" and the "Antivirus 2010 & 2011 Virus".  Both are fake Antivirus routines triggered by a Trojan that say your PC is affected by lots of viruses.  It locks many functions to inhibit you trying to get rid of it.  Loading in Safe mode let me run a McAfee scan - but this failed to find any problems!

       

      After searching the Internet, a free software routine called Malwarebytes was identified that said it could handle these viruses.  This was loaded and ran - this detected and eliminated the offending Trojan virus.

       

      I have made attempts to ask McAfee why their "sophisticated software" is unable to detect the Fake Antivirus software and eliminate them BUT a free routine Malwarebytes sorts the problem!!  I can't get a proper answer from McAfee - This is what they say:

       

      Please understand that any security software, McAfee or non-McAfee, does not guarantee that all viruses or any form of security threat that becomes available online will be detected and treated. The reason to that is, different security software providers such as us, McAfee, receive different kinds of updates.

      Other security software providers may be the first to receive an update regarding a latest threat for the day, however, that doesn't mean that McAfee is not working at all or will not detect that in the future.

      Please understand that this situation doesn't happen to McAfee alone. All security software providers experience this same issue and what we can do to properly resolve this is by referring you to a team dedicated to Virus Removal.

       

      The Fake Antivirus software I mention has been around for many months and the McAfee response just does not stand up!!

      They will not respond directly to my question but suggest I contact the "Virus Removal" team.  I have removed these viruses myself useing Malwarebytes (free) - this shows they are not reading my question but sending some "standard" reply.  This "Virus Removal" service is chargeable (more than the cost of the McAfee 1 year licence).

       

      My questions are:

      Why can't McAfee deal with these Fake Antiviruses when free software available on the Internet can deal with it?

      Why won't McAfee answer my direct question but reply with a standard reply.

       

      I would like to know if other users have these issues and if McAfee have responded in a satisfactory way.

       

       

       

       

       

        • 1. FAKE Antivirus software
          k3tg

          Required Reading - Home User Assistance Malware Troubleshooting

           

          This link from McAfee may help you with some answers to your questions

          • 2. FAKE Antivirus software
            Hayton

            Moved to Home User Assistance since this is a fake-AV thread.

             

            In brief,  McAfee and the other AV companies don't concentrate on this kind of thing. What you described were two instances of rogue AV programs rather than viruses. The lines between them are more blurred now than they were, since rogue programs can be the result of, and indeed lead to, infection by a Trojan (which McAfee and the others would detect). The programs themselves look, to AV software, perfectly legitimate.

             

            That's where Malwarebytes have stepped in and found their market. They do an excellent job of cleaning up these programs, which is why we here always recommend Malwarebytes if McAfee has allowed one to become installed. Very often - not always, but very often - a rogue program gets installed because a user has clicked on something that appeared on screen without realising quite what it was, or what would follow next. I'm afraid that to a lawyer just clicking 'Yes' on a pop-up from one of these programs means giving your (presumably informed) consent to letting it run. Where the software writers are really nasty is in interpreting *any* user interaction with their pop-ups or windows  - clicking 'No', or on the 'x' at top right - as meaning 'Yes'.

             

            Malwarebytes gets rid of these things. Sometimes McAfee doesn't. If you ask us, we'll point you towards a removal and/or repair strategy.  9 times out of 10, the fake program is easy to get rid of. The other 10% is probably called System Tools. Ask ConorD62, he's making these things his speciality.

            • 3. FAKE Antivirus software

              how do you down load malwarebytes when the av programme won't let me open it?....even opened up in safe mode with networking?

              • 4. FAKE Antivirus software
                Hayton

                If you can download it, save it somewhere on your C drive. Alternatively, download it on another machine onto a USB drive. Then rename it to something else - anything memorable, as long as it's an .exe file. These fake AV program writers sometimes try to be smart by blocking known anti-removal programs from running, but they can't disallow everything.

                 

                Run Malwarebytes (renamed) not in Safe Mode but in normal Windows. It works better that way. You may need to reboot after it's finished, and possibly run it a second time to be sure.

                 

                As an alternative to the above, many people say that using System Restore works for them. That's fine as long as the infection hasn't stored itself in one of the System Restore points ... if you're going to do that I'd say go back two or three, not to the most recent, unless you'd lose a lot of system changes that way; and then check for Microsoft, McAfee, Adobe, Java, etc etc updates.

                • 5. FAKE Antivirus software

                  thank you so much, I downloaded malwarebytes onto my own desktop then saved it to a memory stick after re naming it goodstuff. Then opened it as guest on my daugters laptop and ran it..found 10 infected files..(and that's after I took out about 10 last night) Just re booted her laptop and opened up internet and gone to malware..all seems fine..will re run scan just to make sure..thanks again, your help made things so much easier.

                  • 6. FAKE Antivirus software
                    Hayton

                    If you were running in a Guest account Malwarebytes will only have been able, I think, to access a subset of the whole system. It's found a load of bad files, but there may be more. Try running it in an account with Administrator privileges (you might want to disconnect from the internet first).

                     

                    Also, a Quick Scan is enough for most purposes but if you know you've got an infected machine then I would always run a Full Scan afterwards. Same goes for McAfee. Quick scans pick up, say, 95% of all the problems, and if you know there has been an infection you want to get rid of anything that a Quick Scan missed.