What Does Fake Antivirus Software Look Like?

Published by Adrian in Antivirus

Hackers and fake antivirus software concept

Fake antivirus is one of the many ways hackers get money from internet users. By exploiting a justified fear, the rogue antivirus – also known as scareware – does just what its name implies: it scares people into thinking that their computer has a virus. And then it offers the saving solution. One that involves the user paying to install the so-called antivirus.

Once you hand your money to them, the fake software may cease its warnings… or not. The only clear thing, however, is that if you don’t proceed with the payment, it will terrorize you with intrusive alerts and annoying pop-ups. So much so that you’ll find it very difficult to keep using your computer like you’re supposed to.

If you don’t know what is rogue security software, we really hope you won’t have to personally find out, ever. But unfortunately, these days, it can never hurt to stay informed on this topic. So, you kind of need to learn what it is and how to spot it, so that you will, hopefully, avoid its trap. Or, better yet, so that you’ll know how to remove the fake antivirus virus, just in case you’ll end up with one.

Coming up next, we’ll share more with you on the topic of fake antivirus or rogue antivirus, which, as suggested, are one and the same thing. We’re going to see how does it really trick users and what’s the solution to it. As a bonus, we’ve also prepared a list of fake antiviruses for you, so you’ll get a red flag much easier once you come across one of them. Meanwhile…

What is fake antivirus software and how does it work?

Simply put, a fake antivirus is a virus. This type of virus may sneak up on your computer without you even noticing it. Or, on the contrary, it can knock on your door and ask you to let it come in. Of course, it will pretend to be something else…

Fake antivirus software may show up as a pop-up on your computer screen. Or replace the content of a specific webpage that you were trying to access from your web browser. That page is:

  • Either from a spoofed website – meaning that you actually thought you were accessing a certain website when, in fact, you weren’t;
  • Or it can be a web page specifically created with the purpose to spread rogue security software – and most likely you ended up on it by clicking on its link within the search results.

The pop-up or the webpage will warn you that you have viruses on your computer and offer to clean it up for you. When you accept the offer, you are supposed to receive the antivirus software (which is a fake antivirus). But first, you have to pay for it.

The fake antivirus will take you to a page where you make the payment and, from there, it will continue the scam by the book – with a full scan, loads of scary viruses reported, and many other things that scare the crap out of you.

Are there other ways of getting infected with fake antivirus software?

So far, we’ve mentioned that you can end up on a web page and get the virus from there. That’s called search engine poisoning… Hackers build pages specifically with this purpose and then resort to black hat SEO techniques to bring those pages high in the search results. That way, when you google for a free online malware scanning service, you might end up on an infected page.

Other than that, the rogue antivirus may sneak in as a Trojan, making you install it on your computer. You might think you’re getting yourself some multimedia codec, a special song, an extension or a plug-in for your browser, even a shared software from a peer-to-peer network. Disguised as any of it, the fake software may enter your device.

Moreover, you can get it from an email, by downloading an attachment. Or, just like suggested above, from a compromised website – a website that was hacked and turned into a host for this kind of cyber scam.

Last but not least, you can be unfortunate enough to get your computer infected with malware. And that malware might be specifically designed to give access to a rogue antivirus.

Why do people fall for these tricks?

Well, you’d have to see it to actually believe it… But the truth is that this false antivirus software usually comes with surprisingly believable descriptions of your computer’s virus infection.

  • First of all, everybody is scared of getting viruses these days. So, you’re more likely to act upon a related threat. It’s basic psychology, as the scam taps into your most common fears related to web navigation.
  • Second, we’re used to seeing Google displaying notification messages such as “This website is not secure”, usually related to websites without SSL certificates. So, you don’t find it strange when another security-related message pops up while you surf the web.
  • Third, it promises a free scan, which makes it pretty irresistible – who wouldn’t want to see if their computer has viruses without having to pay? So, you’re one step closer to letting the rogue software come in, by allowing a so-called system scan.
  • Fourth, as we said, it does have a way to scare you for good when it sends back the scanning report full of threatening findings. So, by the time it asks for money, you’re almost too scared about the consequences of keep working on an infected computer to be able to think straight and reject the “proposal”.
  • Fifth, if you don’t give in from the first notification, it’s not like you’re in the clear. The scareware will keep flooding your screen with scary messages until you either pay or you find a way to get rid of it.

Rest assured, hackers are making loads of money from this particular scam. And they will invest as many resources as it takes to make the messages look very convincing. Sometimes, even the names are hard to resist to, resonating with the ones of well-known industry developers.

And imagine that there are even affiliate programs that compensate people willing to spread such software! It’s a shockingly profitable industry that thrives even more with distribution networks and individual affiliates whose only goal is to infect other computers.

While victims may pay over $100 for the software that is supposed to clean up their computers, the “affiliate marketers” are cashing in commissions of up to $30 per each generated infection…

What can you do if you’ve fallen for it too?

Illustration of fake antivirus software consequences

Like mentioned, there’s no way you won’t be able to tell you’ve got a fake antivirus, once it starts showing the classical signs described above. To get rid of it, however, you’ll have to:

  • Boot your PC into Safe Mode with Networking
    • Use either F8 at bootup, for Windows XP/Vista/Win7
    • Or the Windows+C keyboard combo for Windows 8
  • Download the Autoruns for Windows tool and install it
  • Launch the Autoruns for Windows
    • Just double click on it if you have Windows XP
    • Or use the right-click on its icon and select, from the context menu, Run as Administrator, if you have Windows 7/8/Vista
  • Head to the Logon menu (you should spot it as the second tab at the top of the main window)
  • Start searching for the malware – the most common locations where you’ll probably find it are in C:Users underneath:
    • the Computer User folder – anything related to the AppDataLocal or AppData Random or AppDataRoaming subfolders
    • or the ProgramData folder
    • or the Settings folders
      • And it will most likely have one of the extensions .exe, .com, .dll, .dat, .bat, .js or .lnk
    • Just right-click on the suspicious file and select the Jump to Folder option from the context menu that will drop down
      • This will open up a new window where you’ll see the location of the malware on your PC, from where you can manually delete it (with right-click and Delete);
    • Then, head back to the main window of the Autoruns for Windows, right-click on the suspicious file again, and this time select the Jump to Entry option
      • This will open up a new window, from the registry editor, where you’ll see the registry key responsible for loading the malware – right-click on it and Delete it.

By taking these steps, you’re pretty much sure you have gotten rid of the fake antivirus, on your current version of software and data. One more trick, however, is to keep in mind that fake antivirus software usually creates restore points!

If you’ll restore your computer in the future, after the infection with this malware, you’ll bring back the rogue antivirus. To avoid this, make sure that you also delete all the currently existing restore points.

To delete the restore points and definitively remove the rogue antivirus:

  • Launch the Control Panel center;
  • Go to the System and Security tab;
  • Select the System menu;
  • In the next window, look at the left side of the window and select from there the System Protection submenu;
  • Confirm with Yes when asked for Administrator permission;
  • After that, the System protection window will launch with the Protection tab already selected;
  • Hit the Configure button within that window;
  • You’ll see a new window popping up, with the Restore Settings tab active;
  • Select the option that says “Delete all restore points” from the bottom area of that window;
  • Next, select Delete;
  • Confirm the removal with the Continue button;
  • Use the Close button;
  • And finally, use the OK button to exit from all of the remaining windows.

Only when you’re done with removing the malware and the restore points you can safely reboot the computer in the Normal Mode. From now on, we’re pretty sure you’re going to think twice whenever getting an invitation to scan your computer for free.

Better yet, consider staying protected by specifically avoiding the names on the following list of fake antiviruses, no matter where you see it:

Advanced Virus Remover

Alpha Antivirus

Antivirus 2018

Antivirus 2019

Antivirus 360 and

Antivirus BEST

Antivirus Live

Antivirus Pro 2018

Antivirus Pro 2019

Antivirus System Pro

Anti-Virus-1

Braviax

Cyber Security

FraudTool.MalwareProtector.d

Green AV

Internet Security 2019

Malware Doctor

MS Antispyware 2019

PC Antispyware 2019

Personal Antivirus

Security Tool

Spyware Guard 2018

System Guard 2019

System Security

System Security 2019

Total Security 2019

Windows Police Pro

Windows Protection Suite

Windows System Suite

WinPC Defender

Now, we don’t expect anyone to actually remember all these names. But suffices for a name to raise suspicions and you might be more reluctant on accepting anything coming from that alleged software. Pausing for a second and taking the time to look it up, on a more extended list of fake antiviruses, could make a huge difference!

Needless to say, those who fall victims to fake antivirus software usually don’t have antivirus software on their computers. So, if you want to do even more about this peril, why not try to learn more on how antivirus software works (and get yourself one while at it) or even on how to tell if your PC is hacked?