At Boxaid we get hundreds of phone calls about common fake alert viruses that have varied fake names. These viruses only have one thing in common, getting you to pay them with your credit card. They lure you in with fake messages that say your computer is infected when in fact, they ARE the infection. Lately we have seen a big spike in one particular flavor which is the so-called Security Tools 2010 brand of virus. In the past week alone we have received hundreds of calls on this specific virus. Clearly the malware writers are getting much better at evading the common anti-virus products that are being used. We have seen customers that are running every major anti-virus security product call in with this infection.
This includes Symantec, McAfee, AVG, Avira, BitDefender, and TrendMicro. None of these programs were able to stop this new version. We know they will eventually catch up and create appropriate signature files to stop this new malware but in the meantime our customers are suffering a barrage of infections. Make sure you follow the rules on how to avoid these common viruses and it will greatly reduce your chance of infection. Unfortunately, there is no perfect anti-virus program as you can see all the big players we just mentioned did nothing to stop this virus from infecting our customers. Read our article on how to prevent infections like this here.
How Security Tools 2010 Infects Your PC
Boxaid’s Virus Removal Service can definitely get this malware off your PC but we still like to keep our customer’s virus free, so lets make sure you don’t get hit with this painful virus that leaves your machine almost unusable. Take a look at our real time analysis of how this Fakealert virus infected our test machine. We will breakdown exactly how it infects your PC so you can keep an eye out for the warning signs.
Step 1. You are surfing the web minding your own business, checking football scores, looking for holiday gifts, watching videos on youtube, etc. While surfing to a website that comes up in Google as one of your search results, you get a very legitimate looking box open up on your desktop like the one below. It doesnt look like a website that you were on and it looks like it came from Windows. The reality is it came from one of the websites you just clicked on. They design the box so it doesn’t look like a webpage but it really is nothing more than a website.
Step 2. So you as the end user can either hit the OK button or the X button which closes the window. It does not matter which one you choose. But most importantly, you have NOT been infected yet so there is still time to prevent the infection. The next window you see will be much bigger, its still a website but the malware writer designs it so it looks like a very common window you would see in your Windows operating system. Look closely at the top of the page and see that there is a URL in there that points to where the malware writer is hosting this page. The image is animated and immediately starts displaying dangerous RED bars that catch your attention and make it seem like something bad is happening. It starts saying that it is scanning your files and flashing red very quickly to get you to react. This is all phsychological to trick you into taking action. Don’t fall for it!
Step 3. Next you get a download popup from Windows as shown below. This popup is a legitimate popup from Internet Explorer or whatever browser you are using that lets you know you are about to download a file. This is the actual file that will infect you. You are NOT infected yet. If you choose the Run option or the Save option you are in fact downloading the virus infection to your PC. So if you are attentive enough to see the warning signs like the pictures above, all you have to do is hit the Cancel button and DON’T download the virus. But unfortunately if you fall for this trick you will hit the Run button and at that point its too late. You have started the download of the infected file and it will execute in about 3 seconds.
Step 4. Next the virus will execute and bury itself everywhere it can inside your PC. That means it leaves files in random locations on your hard drive to make sure it starts up every time you boot your PC. In addition, it leaves multiple copies of itself in different locations to make sure even if you remove it from one spot it can come back again from another location. Here is a picture of what happened on our test machine. As you can see the virus has executed and gives you an error that says Windows had some kind of problem. This makes you forget all about the fact that you just downloaded something and you say “Darn Windows errors”. You close out of the error and webpage in the background and go on surfing the web. Next you notice all the real popups, and the redirection to different websites you do not want to go to. Game over. No worries. We can get your PC back to normal. That’s what our technical experts do all day long. Visit our home page to get started.
Feel free to leave us a comment below or use the share button below to share this with a friend.
About George Dover
George Dover is one of the Microsoft Certified Technicians that works at BoxAid.com. He is the primary blog contributor and has helped thousands of customers calling into BoxAid on a daily basis. Connect with me on Google+
Mail | More Posts (27)