Beware of Fake Microsoft Security Essentials

Discussion in 'HardForum Tech News' started by HardOCP News, Oct 26, 2010.

  1. HardOCP News

    HardOCP News [H] News

    Messages:
    0
    Joined:
    Dec 31, 1969
    The folks at F-Secure say there is a rogue security program out there that is claiming to be Microsoft Security Essentials. Hit the link for more information and screen caps of the fake tool in action.

     
  2. nutzo

    nutzo [H]ardness Supreme

    Messages:
    7,379
    Joined:
    Feb 15, 2004
    I saw an early version of one of these a few weeks ago at the office. It was obviously a fake since we don't use Microsoft security essentials in the office....
     
  3. the-one1

    the-one1 2[H]4U

    Messages:
    2,982
    Joined:
    Jan 16, 2003
    I saw that the other day. I knew it was fake because it popped up on a Windows 2003 Terminal server.

    It came in via a PDF vulnerability. Executable was "hotfix.exe". Was relatively easy to remove. Kill the .exe and delete the file.
    Am now blocking PDFs from being downloaded via the interwebs unless on passlist within Untangle.
     
  4. Pianomahnn

    Pianomahnn [H]ard|Gawd

    Messages:
    1,039
    Joined:
    May 22, 2001
    I feel like such an idiot that I got owned by this over the weekend. I fixed it, though.
     
  5. Triage

    Triage Limp Gawd

    Messages:
    360
    Joined:
    Jun 12, 2007
    would be pretty convincing to an end user, except for a microsoft product suggesting you buy something from someone else.
     
  6. Harb

    Harb Limp Gawd

    Messages:
    155
    Joined:
    Apr 10, 2007
    I had to clean this from a machine in my office a few weeks ago. It's not particularly difficult to spot that it's not at all a legit MSE instal, and all it took was a boot into safe mode and a scan with Malware Anti-Bytes to clean it out.
     
  7. TechLarry

    TechLarry Can't find the G Spot

    Messages:
    30,141
    Joined:
    Aug 9, 2005
    this has been around for weeks. Seen dozens of machines infected with it.
     
  8. alienz

    alienz Limp Gawd

    Messages:
    248
    Joined:
    Apr 14, 2002
    Got a call from the family members on this one.

    Apparently it might have evolved and now when you boot into safe mode it immediately hijacks that too.

    Haven't gotten to it yet but it seems booting into safe mode with command line is necessary and then launching regedit.

    Go for a Googling now and good luck,
     
  9. amazon3d

    amazon3d Limp Gawd

    Messages:
    454
    Joined:
    Oct 19, 2007
    I've seen this already in the wild. Two users have picked it up by email. The first one was just using Task manager to kill the process and running the explorer shell then running MBAM.
    The second one I just had to run MBAM.
     
  10. ICOM

    ICOM 2[H]4U

    Messages:
    2,194
    Joined:
    Jul 27, 2004
    You are the man!
     
  11. kjeldoran

    kjeldoran Gawd

    Messages:
    615
    Joined:
    Jan 17, 2010
    Yes, my mom had this virus on her old system and it did take over safe mode. Needless to say, it was a PITA to help her since she is about 300 miles from me and doesn't know anything about computers. Plus her computer is from 2001, needless to say it took like 5 hours of helping her. It was so bad she couldn't open the task manager to kill the process.

    Funny thing is...about 2 days after removing the virus the computer's OS got corrupted. Needless to say, I am now sending her one of my XP copies so she can get the computer working again.