[Portions adapted and republished from CA.com]
An alarming alert suddenly appears on your computer screen– your PC has been infected and must be cleansed. The alert offers an opportunity to download “Antivirus XP 2008″ (aka “Antivirus XP Pro”), a program to remove the infection. Do not click any links; turn off the computer with the on/off button and call us immediately at 770-713-8070.
Your PC is already infected, but the damage can be minimized. Antivirus XP 2008 (AntivirusXP08) is a component of the FakeAlert family of trojans. It follows in a long line of schemes to extort money from innocent computer users via multicomponent malware. The FakeAlert family is one part trojan, one part downloader, and one part rogue security product. All components work in tandem to trick users out of money.
The downloader pulls down various code and installs a rogue security product. The most recent, and unfortunately most prolific, rogue security product to be installed is “Antivirus XP 2008″, but that could change. Past downloads have included rogue security products like Antivirus 2009, WinFixer 2006 and Malware Protector 2008. Most variants hijack the user’s desktop and screensaver.
They also use what look like legitimate Windows alerts (balloon windows), but are actually fake alerts, to scare the user into thinking they are infected with spyware. Unfortunately, the actual infection is FakeAlert and related components. The same alerts offer a remedy to the infection, a rogue security product, that will remove the “spyware” for a fee. The entire scheme is meant to get your money. All components need to be removed to neutralize the threat.
The possibilities for infection are great. Recently, aggressive email spam campaigns have been used to infect users with FakeAlert and subcomponent Antivirus XP 2008. One notable campaign sent fake CNN news alerts. The alerts were identical to actual alerts sent by CNN and MSN. When the user clicked a link to a “news story” they were brought to page that looked identical to a CNN page and prompted to download a video codec to watch the news alert. Upon doing this, the user became infected. Some fake emails have also been titled ““CNN.com Daily Top 10″. Visitors to porn video sites are also at great risk of acquiring this infection.
Shoestring Solutions can remove the AntivirusXP08 infection and restore your computer to full function. We can also install high-quality antivirus and antispyware applications to minimize the possibility of repeat infection. In addition, we can reclaim wasted disk space, and update Windows* for optimal performance. Contact us for more information.
(Windows XP and Vista)