Fake AV November 2011

A few piccies of my latest patient, with observations on how the scammers try to trick the unsuspecting user into parting with their money, and possibly more …

Looks normal so far…

XP Splash Screen

XP startup screen

This is the point at which we start to realise something is wrong. This particular machine usually has a picture of Rory Gallagher’s memorial as the wallpaper, and of course, icons!

blank desktop

“Where are my icons?”

Now the false system warning messages start. But of course, unless you see this kind of thing every day, it can be extremely worrying, to say the least. The clue to take here is that there are so many of them. I can’t remember the last time I saw a genuine Windows fault generate this many warning messages at once. I’m not saying they don’t; I just cannot remember the last time I saw it!

false system messages

Oh-oh, this does not look good

The natural reaction is to try and close them all. And, if you succeed, you finally get to the nitty gritty – another fake warning window designed to look just like a real one, busily “scanning” your computer for faults. Except it’s not. This particular flavour chooses to call itself System Restore. This is another popular trick the villains employ – terminology that users may have heard of, even if they’ve never seen it in action before. In fact, they’re hoping you haven’t, then you’ve nothing to compare it to.

Fake system restore

Fake antivirus infection posing as system restore

Scary Warnings

The results of the so-called “scan”