Beware of Fake Microsoft Security Essentials

[HardOCP News]

The folks at F-Secure say there is a rogue security program out there that is claiming to be Microsoft Security Essentials. Hit the link for more information and screen caps of the fake tool in action.

And not only does this fake tool steal Microsoft's brand, it also features a bizarre matrix display of 32 antivirus products, offering to locate you a tool that would be capable of fixing your machine as "Microsoft Security Essentials" can't clean the malware it found. In reality, this is all fake, and the tool has not found an infection in the fail it claims.

 

[nutzo]

I saw an early version of one of these a few weeks ago at the office. It was obviously a fake since we don't use Microsoft security essentials in the office....

 

[the-one1]

I saw that the other day. I knew it was fake because it popped up on a Windows 2003 Terminal server.

It came in via a PDF vulnerability. Executable was "hotfix.exe". Was relatively easy to remove. Kill the .exe and delete the file.
Am now blocking PDFs from being downloaded via the interwebs unless on passlist within Untangle.

 

[Pianomahnn]

I feel like such an idiot that I got owned by this over the weekend. I fixed it, though.

 

[Triage]

would be pretty convincing to an end user, except for a microsoft product suggesting you buy something from someone else.

 

[Harb]

I had to clean this from a machine in my office a few weeks ago. It's not particularly difficult to spot that it's not at all a legit MSE instal, and all it took was a boot into safe mode and a scan with Malware Anti-Bytes to clean it out.

 

[TechLarry]

this has been around for weeks. Seen dozens of machines infected with it.

 

[alienz]

Got a call from the family members on this one.

Apparently it might have evolved and now when you boot into safe mode it immediately hijacks that too.

Haven't gotten to it yet but it seems booting into safe mode with command line is necessary and then launching regedit.

Go for a Googling now and good luck,

 

[amazon3d]

I've seen this already in the wild. Two users have picked it up by email. The first one was just using Task manager to kill the process and running the explorer shell then running MBAM.
The second one I just had to run MBAM.

 

[ICOM]

this has been around for weeks. Seen dozens of machines infected with it.

You are the man!

 

[kjeldoran]

Got a call from the family members on this one.

Apparently it might have evolved and now when you boot into safe mode it immediately hijacks that too.

Haven't gotten to it yet but it seems booting into safe mode with command line is necessary and then launching regedit.

Go for a Googling now and good luck,

Yes, my mom had this virus on her old system and it did take over safe mode. Needless to say, it was a PITA to help her since she is about 300 miles from me and doesn't know anything about computers. Plus her computer is from 2001, needless to say it took like 5 hours of helping her. It was so bad she couldn't open the task manager to kill the process.

Funny thing is...about 2 days after removing the virus the computer's OS got corrupted. Needless to say, I am now sending her one of my XP copies so she can get the computer working again.