Win 7 AntiMalware 2010

Bugger – I am an IT Professional and I got hit with Win 7 AntiMalware 2010 Fake-AV yesterday. I am running Windows 7 with Sophos Anti-Virus v9 and Windows Defender, all fully patched yet still got hit – perhaps I should shell out for the paid version of Malware Bytes!.

I am currently cleaning up my iTunes, moving greatest hits to original albums, removing duplicates, putting the English album covers on instead of American, and it was this last part part that got me – downloading images from Google. I was looking for the 2 heads facing each other that can look like a vase. In the 90’s I was in a band that had a recording session that we sold on cassette. I still have it on my iPod, but never kept the artwork and I was trying to re-create it.



Scanning
The first I know is I get a message saying that Windows has changed to the default desktop colours and then it starts scanning my disks. It looks quite like Windows 7 security, but I know that it isn’t. What it will do next is to report that it has found a number of “threats and if I click the link and pay around £25 pounds it will install the removal software and clean my system…of nothing. As I am responsible for my company’s IT I am already aware of this scam and close the window.

Fake Security CentreI still get notifications from the system tray but I just ignore them. Next up is the Fake Security Centre. Again it’s prompting me that Win7 AntiMalware is turned off and a Turn On button. Persistent little critter isn’t it.

PromptAnyway if I did succumb to any of these prompts I would get the final screen where I would be taken to the fake site that asks for payment. Not only would they process the payment, thereby earning themselves £25, they would also have my credit card details. The final part of the scam is I would eventually be re-directed to a genuine survey which they would earn money from (a device used in almost all Facebook “Oh my God…” scams).

If I tried to access the Internet (using IE or Firefox, but not Safari) all pages were re-directed to “fake” security warning. I couldn’t open Task Manager by right clicking the task bar (my preferred method).

Anyway it took me ¾ hour to get rid of it – I’ll be posting instructions, when my system is completely back to normal