Hagerman & Company, Inc. Technology Bulletin
Fake spyware removers
What NOT to install to clean your computer
by John Boline
Service Manager,
MCSE, CNE, USE
It’s a new year and our computers have become more
sophisticated. So have the people who write spyware, malware
and other undesirable software. With the new year, comes a
new ploy; Fake Spyware Removers! Yep, that free utility that
you downloaded may have actually infected or added to the
infection on your system.
Fake Anti-Spyware
Malicious programmers are now releasing fake anti-spyware
programs. Yes, re-read that sentence. The Anti-Anti-Spyware
programs are being distributed via banner ads on web sites
that spuriously warn users that their computers have already
been infected with spyware and then direct them to purchase
programs which do not actually remove spyware — or worse,
may add more spyware of their own.
The proliferation of fake or spoofed antivirus products has
continued to grow. Many of these products bill themselves as
anti-spyware, antivirus, or registry cleaners, and sometimes
feature pop-ups prompting users to install them. They are
now designated by a new class of spyware called rogue
software.
What is Rogue Software?
Rogue software, sometime called rogue security software is
software that uses malware (malicious software) or malicious
tools to advertise or install itself or to force computer
users to pay for removal of nonexistent spyware. Rogue
software products will often times install a Trojan designed
to download a trial version, or it will do other unwanted
things. Any software that uses clandestine methods to
install one or more softwares, without full permission or
under false pretenses, falls under this Rogue Software
category.
Known Offenders
Many known offenders exist, but the list changes as legal
actions puts some out of business. The following is a list
of known offenders as listed on wikipedia.org:
| -Antivermins | -errorsafe |
| -Pest Trap | -SpyAxe |
| -AntiVirus Gold | -SpywareStrike |
| -Spyware Quake | -WorldAntiSpy |
| -System Doctor | -Spy Sheriff |
| -Spy Wiper | -PAL Spyware Remover |
| -PSGuard | -WinAntiVirus Pro 2006 |
| -WinFixer |
False Positives
Another variant of the method described above to make you think you have an
infected system is the false positive. A false positive is a fake or false
malware detection in a computer scan. This can convince even advanced users
that their computer is infected. This can trap users who are very computer
savvy and not deceived by rogue softwares that they have a problem. These
false positives are quite different from an accidental false positive, which
can be produced in a scan by security software from honest companies.
Detection of Spyware
Almost all reputable anti-spyware software will detect rogue software if it
is detected on the scanned computer. The problem is that, just as often,
non-reputable rogue anti-spyware software will install a Trojan horse to
download the software from the maker's website, like Titan Shield. Reputable
anti-spyware software can detect the Trojan during or after the download,
even before the software is installed. Programs that can often detect these
include (with hyperlinks where available) but are not limited to:
| Ad-Aware SE | Spybot - Search & Destroy (free) |
| AVG Anti-Virus | Spy Sweeper |
| CounterSpy | Spyware Doctor |
| RogueRemover | SUPERAntiSpyware (pay) |
| Windows Defender |
Be aware that the removal of newer, more aggressive rogue programs
requires use of programs such as
HijackThis combined
with manual removal processes. This is due to the lead lag that exists
between the proliferation of new threats and the update of detection
programs. Note that the use of HijackThis without specialist help can
cripple a computer, just as manually editing the registry on a computer can,
and advice should be secured before using it.
Where Can I Find Out More?
There are many sites on the web that give some very good information on
Malware and on removers for malware and associated components. While this is
not an endorsement, you can find a rather inclusive list of malware and the
threats associated with programs that people use and download everyday at
http://www.cexx.org/adware.htm.
In addition, the link for programs that remove these programs can be found
at
http://www.cexx.org/noadware.htm. Remember however that you should check
all sources to make sure there are not issues with any of the program
listed, and make sure you are running a currently updated virus scanner
before downloading anything! Once you have removed the junk that is gumming
up your system, make sure you run the program you are using to detect these
programs at least once a week, if not daily. You will be amazed at the speed
increase you will see without all this junk clogging your machine's
performance! If you have questions or comments about this article, contact
me.
All product names / logos, company
names / logos are copyrights of their respective holders. John Boline is an
MCSE, CNE, USE and a member of the Network Professional Association.
The content herein is often based
on late-breaking events. Much of the material is based on information from
sources that are believed to be reliable. Hagerman & Company, Inc. disclaims
all warranties as to the ultimate accuracy or completeness of the
information. Hagerman & Company, Inc. and its employees shall have no
liability for errors, omissions or inadequacies in the information contained
within this article or for any interpretations thereof. The recommendations,
positions and best practice policies outlined herein represent Hagerman &
Company, Inc. initial analysis and therefore are subject to change as
further information which may have bearing on these positions is made
available. The reader assumes sole responsibility for the selection of these
materials to achieve its intended results. The opinions expressed herein are
subject to change without notice. Entire contents © 2007 Hagerman &
Company, Inc. All rights reserved. Reproduction of this publication in any
form without prior written permission is forbidden