Results 1 to 3 of 3

Thread: Windows Fake AV Programs - How to prevent installation?

  1. #1
    LightBulb
    Guest

    Windows Fake AV Programs - How to prevent installation?

    I am posting here to get knowledgeable feedback. I have had a few
    friends hit by this the latest being ThinkPoint AV. I am Mac User so
    bear with me. Do this fake AV programs that appear to be web browser
    pop-ups triggered from compromised websites require the the naive
    Windwos computer user to have 'local admin' rights? TIA

  2. #2
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Windows Fake AV Programs - How to prevent installation?

    LightBulb <lightbulb@nospam.net> wrote:
    > I am posting here to get knowledgeable feedback. I have had a few
    > friends hit by this the latest being ThinkPoint AV. I am Mac User so
    > bear with me. Do this fake AV programs that appear to be web browser
    > pop-ups triggered from compromised websites require the the naive
    > Windwos computer user to have 'local admin' rights? TIA


    Judging from what a quick search turned up, this particular malware
    installs itself into the user's profile. So, no, admin privileges are
    not required.

    You can easily get rid of it, though, by killing the respective
    processes and renaming the user's profile directory as an admin user.
    Next time the user logs in a new profile is created. Afterwards you can
    selectively migrate files and settings from the old profile to the new
    profile. Make sure to copy files instead of moving them to avoid keeping
    old permissions and ownership.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  3. #3
    Regis
    Guest

    Re: Windows Fake AV Programs - How to prevent installation?

    LightBulb <lightbulb@nospam.net> writes:

    > I am posting here to get knowledgeable feedback. I have had a few
    > friends hit by this the latest being ThinkPoint AV. I am Mac User so
    > bear with me. Do this fake AV programs that appear to be web browser
    > pop-ups triggered from compromised websites require the the naive
    > Windwos computer user to have 'local admin' rights? TIA


    The best way to avoid the pervasive scourge of rogue AV programs (and
    other nastiness) is to patch. Easy to say, harder to get people to
    do.

    You need to not only have Windows Updates current (assuming IE use),
    or to have Firefox current (if that's in use) but also have every
    plugin that touches the web browser at its most current level. Adobe
    Reader, Adobe Flash, Adobe Shockwave, Apple Quicktim, Java .... modern
    exploit packs fingerprint all this stuff in javascript, and willy
    happily redirect browsers to a relevant exploit, and voila, drive-by
    downloads occur.

    Secunia PSI makes a handy piece of software to run on a personal
    windows box to alert users to the perils of having out of date
    software on their machines. Free for personal use.

    http://secunia.com/vulnerability_scanning/personal/



Similar Threads

  1. Windows Police Pro fake antivirus
    By dfinc in forum comp.security.firewalls
    Replies: 1
    Last Post: 09-19-09, 07:08 PM
  2. 10 Easy Steps to Speed Up Your Computer - Without Upgrading
    By Computer Tips in forum alt.computer.security
    Replies: 1
    Last Post: 08-27-09, 02:30 AM
  3. Yummy VISTA Home Premium
    By Lobo in forum Broadband Tweaks Help
    Replies: 2
    Last Post: 02-04-07, 03:57 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •