Anti-Virus 2009 nearly swindles another helpless victim! Reimage’s R&D Director’s girlfriend was saved from paying the ransom!
A long, long, time ago, a computer virus was a program that would delete some files, format your disk and generally vandalize your PC. Nowadays, viruses are about making $$$. Viruses have become a $14 billion Dollar industry that is all about stealing your money with bogus software or generate traffic to websites.
These virus conglomerates function as corporations, they have R&D, Marketing & Executive Training. These “corporations” would pay an employee 4 years of tuition fees and after that he is bound (in more than one way) to work for them. He is bound to them through the widespread phenomenon of kidnapping his \ her family for years to make sure they put in some extra effort.
Definition: A virus is an application with malicious intentions !
Spyware, Malware, Virusware, Adware, Junkware, etc – is a the security industry way to sell you the same product with a different name, it is still a virus. Same as selling the same coco drink in a different bottle. In this case, every product is a billion dollar market !
So today the virus industry came knocking in the form of the amazing “Anti Virus 2009”, aka “Anti Virus 2008”, “Malware labaratory”, etc. This program is NOT an anti-virus … It is actually a virus that is telling you that you are infected and should pay $29.95 for a quick repair. This is a simple ransom demand for a hijacked PC!
Look how the virus is telling you that Google is telling you to use it… very clever! (click on picture to enlarge the picture).
The follow-up question is: why aren’t the anti-virus, anti-malware, anti-adware or anti-junkware programs removing such a hoax? In brief, it may be because you do not have the anti-anti-virus (your anti-virus many not cover this).
Viruses are recognized today by behaviour and by known patterns. The best viruses are changing fast. Actually they change faster than the anti virus companies that try to stop them. It’s a cat and mouse game. In this case, the mouse is smarter, faster and better financed than the anti virus companies.
More screen shots of the virus in action
Why am I writing about viruses in the Reimage blog?
The PC in question had a leading, updated, anti virus. But that anti virus missed this particular virus. Typically, several other AVs did not find anything as well. However, Reimage did [yes, I am promoting Reimage 😉 ].
There are so many different methods for getting into one’s PC and staying there. To date, there is no technology or product besides of the human brain (and Reimage), that can understand the problem and act to resolve an issue.
Here is a part of Reimage’s log dealing with the “Anti Virus 2009”:
|15-10-2008 20:28:31||WRNNG||Suspicious file detected: C:\\WINDOWS\\system32\\bmztmss.dll|
|15-10-2008 20:28:25||WRNNG||Suspicious file detected: C:\\Program Files\\Applications\\wcs.exe|
|15-10-2008 20:28:25||WRNNG||Suspicious file detected: C:\\Program Files\\Applications\\iebtm.exe|
|15-10-2008 20:28:21||WRNNG||Suspicious file detected: C:\\WINDOWS\\system32\\nwiz.exe|
|15-10-2008 20:28:04||WRNNG||Threat detected and will be removed in file: C:\\Program Files\\WinRAR\\rarext.dll. Backdoor.SpyBoter!sd5, Trojan.StartPage.FW, Trojan.Spybot.GL|
|15-10-2008 20:27:40||WRNNG||Suspicious file detected: C:\\Program Files\\AAV\\aav.exe|
|15-10-2008 20:27:37||WRNNG||Threat detected and will be removed in file: C:\\Program Files\\VirRL2009\\VirRL2009.exe. Adware.Component.Generic|
|15-10-2008 20:27:35||WRNNG||Suspicious file detected: C:\\WINDOWS\\system32\\algg.exe|
|15-10-2008 20:27:16||WRNNG||Suspicious file detected: C:\\Program Files\\Applications\\iebt.dll|
|15-10-2008 20:27:13||WRNNG||Threat detected and will be removed in file: C:\\Program Files\\VirRL2009\\VirRLWarning.dll. Adware.Component.Generic|
|15-10-2008 20:27:04||WRNNG||Suspicious file detected: C:\\Program Files\\Applications\\iebr.dll|
|15-10-2008 20:27:01||WRNNG||Suspicious file detected: C:\\WINDOWS\\system32\\675873\\675873.dll|
Notice the Suspicious files? This is Reimage’s unique mechanism to make a near human decision. For example, would you leave: “C:\\WINDOWS\\system32\\675873\\675873.dll” on the system? Do you even know what it is?!
Reimage removed all the bad files even though NO ONE recognized them. For our manual R&D tests we use www.virustotal.com. This site scans files with 30 known anti-viruses.
We also had a slight miss, when we recognized a self extracted picture collection – BUT, REIMAGE DOES NOT INFLICT DAMAGE!
|15-10-2008 20:32:29||WRNNG||Suspicious file detected: C:\\My-3D-Album\\Album1\\Album1.exe|
Here’s is the picture of the repair