Screen Shots of Current Rogues

There is a fake PrevX malware cleaner called: UnVirex Rogue as of june 2009.
This link shows you screen shots and how the rouge attacks the OS system files and registry. Also what's out there in the rouge world to watch out for. You can also block these rouge programs by IP address into your own firewall software if you like. Some have IP address listings.

http://siri-urz.blogspot.com/search/label/ScreenShots

 

Thanks for the link!

Screenshots are a great way to inform people what to look out for.

----
rich

 

It's amazing how good some of the rogues look. I can see why some folks are tricked.

 

That sure looks like the Window Security Center shield on one rogue.

 

Many are fake scans that pop up as the user is surfing. Those that are tricked by these either have no AV or have no confidence in what they do have, else they would just ignore the trick.

More devious are rogue sites that come up in a search, where the unwary user, in looking for an AV, is tricked into installing one of these products directly from a bogus site.

----
rich

 

What makes you say it is a fake Prevx?

 

Hmm... I don't see how this is a fake Prevx version. We did have a fake version of Prevx pop up at download.com a while back but it looked like one of our first versions rather than this. If you have a copy of this file, let me know and I'll take a look

 

Thanks for the info, Tipstir. It's a shame that there is so much junk out there. Many folks, I'm sure, get fooled into buying these fake programs.

 

Looks nice, might buy it lol !!!

 

They look very user friendly.

 

Welcome Rich,

Might want to make this a sticky since that link data on that site changes with newer rouges. 7 new ones pop-up since after I posted this subject.

 

The name and look of the file looks like rouge PrevX. I don't have this file nor do I want such a file. These rouges are dangerous. I've been to home users who have them running on their systems.

 

There seem to be at least three ways users get these bogus AV products. You may know of other ways!

I mentioned one, where in a search for AV products, the user is led to one of the bogus sites and then directly downloads/installs the rogue product.

This is difficult to protect against because the users are usually not well-informed about the best popular products.

Another method is when the rogue product installs with another piece of software, as with Unvirex:

Unvirex description
http://www.spywarevoid.com/remove-unvirex-un-virex-removal-tutorial.html

New rogue: Unvirex
http://www.lavasoft.com/mylavasoft/securitycenter/blog/new-rogue-unvirex

Good advice here is to immediately close out the site where you are prompted for a codec or Flash update in order to watch a video. These don't appear just on non-family oriented sites any more - Facebook had its share of this type of exploit - remember Koobface?

A third way I mentioned briefly, where the user is redirected from a site compromised by code injection.

This is actually the easiest to prevent, because its sucess depends on the user having Javascript enabled for all sites. In today's browsers, it's easy to configure scripting per site, so that in case the user is redirected to an exploit site, with javascript disabled, you get a blank screen:

​

If Javascript is enabled, then the fake scan screen will appear, and it's off to the races!:

​

Often, in conversations with friends, if the topic of computing comes up, I ask if they have AV. Most do, but I mention the rogue products tricks just so that they will be aware.

If I'm helping someone at their house, I'll show some screenshots. I keep a collection handy -- visual effects help make the point.

----
rich

 

Some amusing FAKE scans (pictures) of rogue products here: http://w-o-p-r.dk/xoomer/wopr.xoomer.pictures.asp

P

 

Interesting that you should mention this because just yesterday I was listening to the radio, on the way home in the car, and this so-called computer expert was telling people that it is nuts to run without an AV because you think that you can not afford one, when all you have to do is "Google" for free AV programs.

 

I liked Crusader anti-virus. Download HIM and forget about spyware. Aha!
BTW, the GUIs are good looking, well done. Which only emphasizes the importance of command line. When you're blind, you listen more carefully.
Mrk

 

This one WiniBlueSoft, a cousin of mine told me about this program he said it was really good. But one thing he didn't know it was a rouge and he couldn't get it off his PC. It was too late for him as this wasn't the only rouge on his system. I get calls always and it's just too bad none of them ever both to call first. These rouges are made by some upset programmers who might have lost there jobs and to fight back then create all these nasty pesty rouges that can damage your OS, registry, file system and leave some destructive worms on the system. Like:

I.CMD
worm autorun.inf

Well I hope this stuff helps the community learn what to block before it hops on. Those sites that tell you you have been infested by a virus with a popup because you had clicked on google link that stuff I would unplug the network cable then second turn off the computer don't even bother to do a shutdown.

 

http://i124.photobucket.com/albums/p20/frunnile/2008-10-17_172518.jpg
http://i124.photobucket.com/albums/p20/frunnile/eanti.jpg
http://i124.photobucket.com/albums/p20/frunnile/rapid.jpg

 

Better looking than some genuine products at times.