Scam emails Antivirus 2010

Got networking / internet / computer/ TV/ Telephone problems in Crete? Ask here.
paulh
Posts: 2435
Joined: Sun Feb 11, 2007 7:13 pm
Location: Akrotiri

Scam emails Antivirus 2010

Postby paulh » Mon Oct 19, 2009 12:09 pm

These are doing the rounds again in bulk

They use Microsoft somewhere in the Sender info, the subject looks important/technical and the email includes an attachment.

Delete it, do not run the attachment

more details this evening

paulh
Posts: 2435
Joined: Sun Feb 11, 2007 7:13 pm
Location: Akrotiri

Postby paulh » Mon Oct 19, 2009 8:27 pm

ok more info

Basically it is a way of getting Antivirus 2010 onto your machine. Antivirus 2010 is NOT an antivirus program it is just an image (picture) or set of images meant to scare you. No it is not a scary animal with big teeth or whatever but it is an image telling you (lying through it’s teeth) that you have 100’s of viruses on you machine. And at that point that is all it is, an image and nothing particularly bad.

It says that to get rid of these viruses run the attached program. Don’t do it. If you do then you really will have all sorts of nasties in your machine because the “removal” program puts them there. Don’t even click on a “cancel” or similar button, it might say cancel but the program underlying the button might be written to load the download automatically.

Instead turn your whole email program off (that way your email program will close the dubious email), count to 10 and then reopen it and delete the offending email whilst it is closed.

The aim here is to get you to send money to get the nasties removed. If you do send money you will get no response, nothing will change except they will have your email details, your banking details and your money.


Ways to check suspect emails

Is it from Microsoft in some form or other? Why would Microsoft know your email address or even write to you? Why would they have an attachment to carry out any action when every month they download updates into your machine anyway with no email and no attachment needed?

Add a column to your email program to show to whom the email is addressed primarily. When I get an email addressed to Babis & Popi I somehow suspect it is not for me but most email programs do not show this information by default.

In Outlook you can right click on the email and look at it’s properties (unopened). If it is from someone@somewherereallyweird.com then it is probably not from Microsoft so delete it.

Don’t rely on your real antivirus program to detect it in your email because there is no virus on your email, it is just a picture. It is when you download, and you ask for the download which is not a virus as such either just a whole load of nagware and frightening images telling you you have viruses (but of course it lies) and a little bit of extra programming to reinstall these nag images (should you just manage to remove the images) and perhaps some other coding to prevent you running programs which might help you remove it.



Many people will be sent these but they will be removed before they get to see them by filters on the email providers servers so no problem. Not everyone has these filters as an option and not everyone has them switched on so some rogue emails will get through.
Last edited by paulh on Sat Nov 28, 2009 11:18 am, edited 1 time in total.

Assimilate
Posts: 162
Joined: Tue May 15, 2007 9:10 am

Postby Assimilate » Tue Oct 20, 2009 9:56 am

I just had to clean this off a machine. Every time I ran AVG the virus program didn't let it finish. It rebooted the machine or bluescreened it. I got rid of most of it by running AVG and Malwarebytes' Anti-Malware in safe mode. But then had a whitelisted sys file infected that AVG wouldn't remove. I had to get a copy of the sys file that was undamaged from the updates folder and overwrite the corrupt file. (be very careful doing that, if the file doesn't work your pc wont boot and you will be in a big mess).

It took me the best part of a day with all the antivirus runs I had to do. So its best not to get infected.

PaddyPop
Posts: 50
Joined: Fri Mar 06, 2009 4:36 pm

Postby PaddyPop » Thu Nov 26, 2009 8:41 pm

Ah yes, I remember those things. They're a bastard to get rid of.

If you do get infected you'll want to disable the system restore option and run a scan.

For severe infections I reccommend Hijack This
http://download.cnet.com/Trend-Micro-Hi ... 27353.html

Rrun it and then post here
http://www.bleepingcomputer.com/forums/forum22.html
pasting in the contents of the log file. They'll tell you what it all means and what needs removing.

paulh
Posts: 2435
Joined: Sun Feb 11, 2007 7:13 pm
Location: Akrotiri

Postby paulh » Wed Dec 02, 2009 3:33 pm

Now that the dust has settled somewhat between Microsoft and Prevx
(Black Screen etc etc see BBC Technology) and it seems it was all a storm in a teacup.

Now if I was an enterprising fake antivirus pusher I'd be busy today pushing out emails looking like they were from Microsoft or Prevx saying something along the lines of:-

To protect yourself against this infection as detailed by the BBC run this small attached program and reboot your machine

Yeah right!

If it happens, if you get such an email just delete it.

There is no new major flaw in Windows, keep your machine and your antivirus up to date and you will be covered against most of what is out there.


Return to “ Computers, TV, Telephone and Internet”

Who is online

Users browsing this forum: No registered users and 6 guests