PDA

View Full Version : Windows Fake AV Programs - How to prevent installation?



LightBulb
10-18-10, 05:51 PM
I am posting here to get knowledgeable feedback. I have had a few
friends hit by this the latest being ThinkPoint AV. I am Mac User so
bear with me. Do this fake AV programs that appear to be web browser
pop-ups triggered from compromised websites require the the naive
Windwos computer user to have 'local admin' rights? TIA

Ansgar -59cobalt- Wiechers
10-18-10, 06:47 PM
LightBulb <lightbulb@nospam.net> wrote:
> I am posting here to get knowledgeable feedback. I have had a few
> friends hit by this the latest being ThinkPoint AV. I am Mac User so
> bear with me. Do this fake AV programs that appear to be web browser
> pop-ups triggered from compromised websites require the the naive
> Windwos computer user to have 'local admin' rights? TIA

Judging from what a quick search turned up, this particular malware
installs itself into the user's profile. So, no, admin privileges are
not required.

You can easily get rid of it, though, by killing the respective
processes and renaming the user's profile directory as an admin user.
Next time the user logs in a new profile is created. Afterwards you can
selectively migrate files and settings from the old profile to the new
profile. Make sure to copy files instead of moving them to avoid keeping
old permissions and ownership.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Regis
10-20-10, 01:43 PM
LightBulb <lightbulb@nospam.net> writes:

> I am posting here to get knowledgeable feedback. I have had a few
> friends hit by this the latest being ThinkPoint AV. I am Mac User so
> bear with me. Do this fake AV programs that appear to be web browser
> pop-ups triggered from compromised websites require the the naive
> Windwos computer user to have 'local admin' rights? TIA

The best way to avoid the pervasive scourge of rogue AV programs (and
other nastiness) is to patch. Easy to say, harder to get people to
do.

You need to not only have Windows Updates current (assuming IE use),
or to have Firefox current (if that's in use) but also have every
plugin that touches the web browser at its most current level. Adobe
Reader, Adobe Flash, Adobe Shockwave, Apple Quicktim, Java .... modern
exploit packs fingerprint all this stuff in javascript, and willy
happily redirect browsers to a relevant exploit, and voila, drive-by
downloads occur.

Secunia PSI makes a handy piece of software to run on a personal
windows box to alert users to the perils of having out of date
software on their machines. Free for personal use.

http://secunia.com/vulnerability_scanning/personal/