Announcement

**nattivillin** · March 29, 2010, 08:37 PM

Re: Slightly OT: Fake anti-virus delivery mechanisms

It seems like its all java based installs. We did a test and went to the fake websites themselves with java disabled and they could not install it on our system.

**Yaredo** · April 2, 2010, 10:50 AM

Re: Slightly OT: Fake anti-virus delivery mechanisms

natrat...What I think is when you visit those fake website they make a registry change on you computer, for example internet explorer, .exe, fire fox so that when you open internet explorer you will be redirected to a different page than that of your home page and any programs wont open since .exe file association has been hijacked, what I usally do is open my computer and type www.google.com for example which will brings me google. but if i had used internet explorer it wont bring goolgle since the home page in ie registry has been hijacked, then i run also exe file association fix from a good website http://www.dougknox.com/xp/file_assoc.htm
or i myself open note pad and save the file as .reg
and then install malware bytes,spybot with tea-timer,
finally if you immunize the system with spybot this fake alerts usaully..wont come ...
I dont know if this might help ...

**Yaredo** · April 2, 2010, 10:58 AM

Re: Slightly OT: Fake anti-virus delivery mechanisms

@nattivillin,
but you need java to run lots of programs?

**nattivillin** · April 5, 2010, 12:20 PM

Re: Slightly OT: Fake anti-virus delivery mechanisms

@ Yaredo

Yeah, i know. I didnt say it was a good solution........lol

I I only browse the web with a script blocker active. I then enable the scripts on a website if it has flash or java content that i actually NEED to use. If not, i just read the text.

It amazing how many background scripts and crap are running on some of these websites. Sometimes i get an alert with 5-15 scripts that my browser blocked. I feel safer this way.

**natrat** · April 7, 2010, 07:07 PM

Re: Slightly OT: Fake anti-virus delivery mechanisms

I know how to fix the problems on client computers. I'm wondering how they get it in the first place. What sites and links in emails they commonly receive that they are inadvertantly visiting or clicking on. Clients always ask, and I can't give anything more concrete than "you must have clicked on a link or opened an attachment in an email that you shouldn't, or visited a dodgy site". Is there anything more specific than that? They always say they don't do tinhgs like that.

**Yaredo** · April 13, 2010, 01:06 PM

Re: Slightly OT: Fake anti-virus delivery mechanisms

They always click some links.
Facebook links are the one . we get problem from links thru facebook and social networking sites
Have you tried opendns btw?

**pyro77** · September 9, 2010, 10:12 PM

Re: Slightly OT: Fake anti-virus delivery mechanisms

the win antivirus pro was very good at injecting its redirection url into legitimate google listings. When someone would search for a site and locate the one they wanted and then click on it, even though it appeared to be the correct address, it would immediately pop up with "your machine may be infected...2000 trojans" loaded from a different website. We have not seen this type of infection in several months though so i am assuming google fixed their search bot. Most of the fake AV infections are coming in through simple web browsing tho, staying off the "adult" sites will help... but I guess you can't tell that to all clients.. ;)

**nattivillin** · October 21, 2010, 07:27 AM

Re: Slightly OT: Fake anti-virus delivery mechanisms

It is a mess. I know it keeps us "employed" but when it cant be fixed in a reasonable amount of time, you end up with very upset customers. It can take 2-4 hours to clean some of these systems out.

From a business standpoint the cost of new computers are dropping each day. 2-4 hours on-site can easily cost more than a new system.

As customers begin to realize this, our phone will stop ringing as people will just go get new systems. Not good at all.

**natrat** · October 21, 2010, 04:18 PM

Re: Slightly OT: Fake anti-virus delivery mechanisms

True but in a business its not as simple as just buying a new PC. Then it needs apps installed, connecting to the domain, configuring xyz etc, so i don't think we're in any trouble yet. Businesses need to understand if they want the minimum amount of downtime then they need to pay the hourly rate. We give them the option - hourly rate to fix onsite, or we take it away and clean it for a fixed fee. Then its just our boys in the workshop doing it over 24 hours where they are working on multiple repairs at once so even if it takes 3 hours a flat fee is still feasible.

**nattivillin** · October 21, 2010, 06:32 PM

Re: Slightly OT: Fake anti-virus delivery mechanisms

I agree. Businesses are still going to choose repair for the foreseeable future. Its the home users who i am seeing a drop off in repairs for.

**natrat** · October 21, 2010, 07:01 PM

Re: Slightly OT: Fake anti-virus delivery mechanisms

yeah. I pretty much never do onsite virus removal for homes, always take it back to the workshop or get them to drop it off. We charge around $130 flat fee for removal in the workshop if they bring it to us, so its still hugely more economical than replacing a PC. Its an easy sell - $130 flat fee and without the PC for 24-48 hours, or $110 per hour for onsite removal which may take 1-3 hours and 90% of that time our tech would be staring at a screen doing nothing.

Announcement

Slightly OT: Fake anti-virus delivery mechanisms

Slightly OT: Fake anti-virus delivery mechanisms

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment