Recognizing and avoiding Rogue Software or FakeAlert Trojans

Learn how to recognize and avoid Rogue Software or FakeAlert Trojans.

OVERVIEW

About Rogue Software or FakeAlert Trojan recognition

What is a Fake/Rogue software product or alert?

Fake or rogue software and FakeAlert Trojans are illegitimate security applications that are presented as valid, for monetary gain. This scam involves the distribution or aggressive promotion of a Trojan disguised as legitimate security software. While these programs usually use scare tactics and behave aggressively, it may still be difficult to recognize the illegitimate behavior and distinguish a valid product from a fake or rogue software product.

What are the symptoms of such an attack on my computer?

Some common symptoms include:

Receiving multiple pop-up messages which state that your system is infected and prompt you to download specific software to remove the infection.
Receiving notifications from an application that you've never seen before which tell you there are an unusually high number of viruses or other malware on your computer, and won't clean them unless you purchase the product.
New icons for an unknown program show up on your desktop or in the taskbar beside your clock.
Unexpected network connections are made to unknown domain(s) when you open your web browser or while browsing the Internet, you are directed to a page other than your home page or intended destination.

Note: Do not click directly on these pop-up messages, even to close them. Clicking Cancel or the X in the top right corner can sometimes cause the application to install itself.

If you receive an unexpected message from a rogue application

Right-click an empty spot on your Windows taskbar and select Task Manager.
Click the Applications tab, highlight the false notification message, then click End Task.
If you are unable to end the task in this manner, shut down and restart your computer to clear the notification. This will not remove the malware.

McAfee recommends that you clear the cached (stored) data in your web browser after ending the malware task or restarting the computer. You can do this using the steps below.

Microsoft Internet Explorer

Click Tools, Internet Options
Under Browsing History, click Delete.
Click Delete Files.
Click Yes.
Click Delete Cookies.
Click Yes.

Mozilla FireFox:

Click Tools and select Clear Private Data.
Ensure only Cache, Cookies, and Offline Website Data are selected.
Click Clear Private Data Now.

What are some of the known names of these fake or rogue security products?

This is not a complete list of all rogue security applications:

AntiSpyware Pro 2009
Antivirus Plus
Antivirus System PRO
Antivirus XP
AV AntiSpyware
Malware Doctor
PC Privacy Center
Personal Antivirus
Spyware Protect 2009
Spy/System Protector

What can I do to prevent these programs from infecting my computer?
Block these commonly used Installation domains:

antivirus2008x.com
antivirus2008.com
72-9-10 8-82.reverse.ezz i.net
antivirusxp2008.com
winfixer.com
advancedxpdefender.com
liveresponsesite.com
xpsecuritycenter.com
malwareprotector2008.com
antivirusxp-08.net

Block these commonly accessed domains:

tibsystems.com
statsbank.com
boards.cexx.org
adultwebmasterinfo.com
dialerschutz.de
webmasterworld.com
56.com
adultfriendfinder.com

Please visit these links for more information: