Bogus Antivirus and Security

Is there an Antivirus or other program that can recognize and stop one of these in their tracks? I know that the operator has to click on it to get it started. I was just wondering if there is a program that would act as a fail-safe to protect the system?

 

Well,

With standalone anti-virus that rely just only on virus-signature updates, I think it's very unlikely for those AVs to detect bogus [fake] AVs because fake AVs morph constantly and whatever might be caught right now, might be missed in the next hour.

You best bet is using HIPS and/or sandboxing your browsers and Internet facing applications [media players, pdf readers, instant messengers, etc.]

Also, keep the most vulnerable applications [I mean the ones vulnerable to exploits] updated to the most recent versions, this includes [but not limited to] Adobe Flash Player, Adobe Shockwave Player, Adobe Acrobat Reader, Java SE RunTime Environment and also keep Windows and Office [if you run MS Office] fully patched checking Windows Update manually or setting up your PC to download those patches automatically. Furthermore, whenever possible, run your computer as a Restricted User [also known here as a Limited User] to minimize the damage that a fake AV infection may cause.

You may want to install Secunia PSI software Inspector so it checks your system for unpatched applications and alerts you.


Hope this helps.

 

No such dedicated App exists, be nice if it did

Further to Zyrtec's suggestions, mine would be to include an AntiExe App. For eg: i use Processguard

 

or add Mbam Pro

 

Excellent suggestion Jmonge !

 

I suppose heuristics are supposed to catch these. Not super reliable. AVs with the signatures will catch them.

If they don't do a lot of suspicious stuff, just tell you to buy the product there isn't much any product can do without explicitly blacklisting it.

Thankfully most of them do suspicious stuff.

 

I use Sandboxie . Of course I know better than to click on any of those. It is my daughter's kids that manage to get infected.

 

Not always, and sometimes the virus analysts won't add detection because there is no malicious code within the rogue program. They are getting better at adding these now though than a couple of years ago.

 

You sure about that?


What about “Cloud Security 2012” fake AV?

---http://www.bleepingcomputer.com/virus-removal/remove-cloud-av-2012---




and this one: “System Fix” fake HDD fixer

---http://www.bleepingcomputer.com/virus-removal/remove-system-fix---



Not all Rogues [fake AVs] are just benign programs just designed with the solely purpose to annoy the PC user.


Thanks

 

HIPS would stop them right in thier tracks.

 

If they have a signature for it, it will catch it - that's how it works.

 

This is why I said sometimes. I am aware there are rogue programs that do exhibit trojan or other malware-like behaviours. However, there are fake/rogue programs out there whose only purpose is to misinform the user and hopefully extract payment to fix non-existent errors. With some of these that I submitted to the likes of KL I was always told there is no malicious code within the program itself and so would not be added to their definitions. As I said, they have got better at adding these "fraud.tools" to their signature bases.