Oct 16, 2008

AntiVirus 2009 – Don’t feed the beast!

Anti-Virus 2009 nearly swindles another helpless victim! Reimage’s R&D Director’s girlfriend was saved from paying the ransom!

A long, long, time ago, a computer virus was a program that would delete some files, format your disk and generally vandalize your PC. Nowadays, viruses are about making $$$. Viruses have become a $14 billion Dollar industry that is all about stealing your money with bogus software or generate traffic to websites.

These virus conglomerates function as corporations, they have R&D, Marketing & Executive Training. These “corporations” would pay an employee 4 years of tuition fees and after that he is bound (in more than one way) to work for them. He is bound to them through the widespread phenomenon of kidnapping his her family for years to make sure they put in some extra effort.

Definition: A virus is an application with malicious intentions !

Spyware, Malware, Virusware, Adware, Junkware, etc – is a the security industry way to sell you the same product with a different name, it is still a virus. Same as selling the same coco drink in a different bottle. In this case, every product is a billion dollar market !

So today the virus industry came knocking in the form of the amazing “Anti Virus 2009″, aka “Anti Virus 2008″, “Malware labaratory”, etc. This program is NOT an anti-virus … It is actually a virus that is telling you that you are infected and should pay $29.95 for a quick repair. This is a simple ransom demand for a hijacked PC!

Look how the virus is telling you that Google is telling you to use it… very clever! (click on picture to enlarge the picture).

The follow-up question is: why aren’t the anti-virus, anti-malware, anti-adware or anti-junkware programs removing such a hoax? In brief, it may be because you do not have the anti-anti-virus (your anti-virus many not cover this).

Viruses are recognized today by behaviour and by known patterns. The best viruses are changing fast. Actually they change faster than the anti virus companies that try to stop them. It’s a cat and mouse game. In this case, the mouse is smarter, faster and better financed than the anti virus companies.

More screen shots of the virus in action

Why am I writing about viruses in the Reimage blog?

The PC in question had a leading, updated, anti virus. But that anti virus missed this particular virus. Typically, several other AVs did not find anything as well. However, Reimage did [yes, I am promoting Reimage ;-) ].

There are so many different methods for getting into one’s PC and staying there. To date, there is no technology or product besides of the human brain (and Reimage), that can understand the problem and act to resolve an issue.

Here is a part of Reimage’s log dealing with the “Anti Virus 2009″:

15-10-2008 20:28:31 WRNNG Suspicious file detected: C:\WINDOWS\system32\bmztmss.dll
15-10-2008 20:28:25 WRNNG Suspicious file detected: C:\Program Files\Applications\wcs.exe
15-10-2008 20:28:25 WRNNG Suspicious file detected: C:\Program Files\Applications\iebtm.exe
15-10-2008 20:28:21 WRNNG Suspicious file detected: C:\WINDOWS\system32\nwiz.exe
15-10-2008 20:28:04 WRNNG Threat detected and will be removed in file: C:\Program Files\WinRAR\rarext.dll. Backdoor.SpyBoter!sd5, Trojan.StartPage.FW, Trojan.Spybot.GL
15-10-2008 20:27:40 WRNNG Suspicious file detected: C:\Program Files\AAV\aav.exe
15-10-2008 20:27:37 WRNNG Threat detected and will be removed in file: C:\Program Files\VirRL2009\VirRL2009.exe. Adware.Component.Generic
15-10-2008 20:27:35 WRNNG Suspicious file detected: C:\WINDOWS\system32\algg.exe
15-10-2008 20:27:16 WRNNG Suspicious file detected: C:\Program Files\Applications\iebt.dll
15-10-2008 20:27:13 WRNNG Threat detected and will be removed in file: C:\Program Files\VirRL2009\VirRLWarning.dll. Adware.Component.Generic
15-10-2008 20:27:04 WRNNG Suspicious file detected: C:\Program Files\Applications\iebr.dll
15-10-2008 20:27:01 WRNNG Suspicious file detected: C:\WINDOWS\system32\675873\675873.dll

Notice the Suspicious files? This is Reimage’s unique mechanism to make a near human decision. For example, would you leave: “C:\WINDOWS\system32\675873\675873.dll” on the system? Do you even know what it is?!

Reimage removed all the bad files even though NO ONE recognized them. For our manual R&D tests we use www.virustotal.com. This site scans files with 30 known anti-viruses.

We also had a slight miss, when we recognized a self extracted picture collection – BUT, REIMAGE DOES NOT INFLICT DAMAGE!

15-10-2008 20:32:29 WRNNG Suspicious file detected: C:\My-3D-Album\Album1\Album1.exe

Here’s is the picture of the repair

Note – the message saying that the PC has Viruses is not ours … this is the virus inventing numbers ;-)


  • So…Does your reimage.com cure and wipe out this horrible trojan/virus/annoyance?

  • April … yes. We are quite good at it.

    – Zak

  • rarext.dll isn’t a threat, it’s a presumably the context menu extension for Winrar.

    Any reason you’re flagging it as such?

  • Phil -

    We have several methods to make the right decision what stays in or not. In this case, one of our mechanisms was over excited … nevertheless, we do not delete these files but only detach them from their O/S binding so Winrar still works.

    We are constantly working to improve our decision making process.

    – Zak

  • Thanks for the informative POST. Many of my IT clients are running into this latest threat. Everyone is in a panic about internet privacy and security. That makes them jump the gun and pool the trigger loading these viruses into their machines. I found that if this pops up on your screen and the first thing you do is shut off the computer. Hold the power off button. Then reboot and delete you browsers cache. Don’t go anywhere near the site you were at it doesn’t infest your machine. TechBranch, Tampa Computer
    I have also been able to get rid of the infection with CA’s spyware cleaner.

  • Hi there I like your post “AntiVirus 2009 – Don’t feed the beast!” so well that I like to ask you whether I should translate into German and linking back. Greetings Engel

  • antivirus…

    Your topic Results Of Recent Independent Anti-Virus Test | Your Home Computer Guide was very interesting when I was browsing on Friday. I was searching for antivirus. Great stuff….

  • Thanks for the information. Any other posts or blogs you can recommend on this topic?

Leave a comment