Fake Antivirus Forces User Uninstall Of Legit A/v

Hackers are running a new social engineering scheme that tricks users into uninstalling their legitimate
anti-virus program protecting their computer, and using a rogue product instead.

Those behind the duping scheme have leveraged a clone of the CoreGuard (fake) Antivirus product and
relabeled it as AnVi Antivirus. Both products are rogue.

Rogue antivirus products have become a reoccurring problem for security companies, though one particular
security software firm, Symantec, noted that this method of attack differs from rogue antivirus products
of the past.

Symantec stumbled upon the AnVi Antivirus scheme when hackers attempted to get them to uninstall some
of their own software. Symantec employees reported that, when infected by AnVi, a "warning is displayed
that the Symantec anti-virus is 'uncertified' and will hamper the system's performance."
(Source: informationweek.com )

From there, the user becomes a virtual hostage within their own computer system, realizing that they have
become the victim of a rogue attack.

"The user is left with no other option than clicking OK, which initiates the uninstall process. Even if the use
r clicks the 'close' button, the uninstaller of the anti-virus product still executes."

Symantec researchers also discovered that AnVi also attempted to download rogue anti-virus software by
linking to malware-ridden websites. Once installed, users are bombarded with notifications that their
system is infected and that it will cost money to fix the problem, which doesn't technically exist.

AnVi Antivirus is also attacking other big-name antivirus products, including Microsoft, AVG antivirus,
Spyware Doctor, and Zone Labs. (Source: symantec.com )


Unfortunately, the combination of dubious antivirus and social engineering has become a popular method among
online evildoers. Earlier this week, Panda Labs reported more than 200 fake web addresses capitalizing on the
allure of teen heartthrob Justin Bieber to spread a form of rogue software called MySecurityEngine.
(Source: itpro.co.uk )

As Luis Corrons, technical Director of PandaLabs, warned "When positioning websites used to distribute
malware among the first results in search engines, they can be sure that numerous Internet users will
inadvertently download the fake anti-virus."

Article

 

I would immediately close the program using the task manager. If that doesn't work I would
force a hard boot to shut down. I believe you only have a few seconds...
I have done this before with other rogue programs successfully.

 

I don't think a firewall is going to deter some of these rogue programs that are out there. It's
always best to pratice safe surfing but if or when something such as this makes an attempt to
break through....Right click the task bar and select Task Manager. No need for Ctrl>Alt>Delete.
:unsure: It takes less time... When in doubt, do a hard boot shut down. Keep in mind, you do not
want your cursor anywhere near it.