Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Fake Antivirus and Spyware Doctor, Symbiotic?

4 views
Skip to first unread message

Turnipweed

unread,
Dec 27, 2009, 6:25:43 PM12/27/09
to

I guess I've cleaned fake spyware cleaners from 2 dozen computers. You
know the ones:***

Total Security 2009
Windows System Suite
System Security
Personal Antivirus
System Security 2009
Malware Doctor
Antivirus System Pro
WinPC Defender
Anti-Virus-1
Spyware Guard 2008

And so on. I think most are based on Smitfruad or close variants.

When friends call, the first thing I do is google the fake du jour.

Googling always turns up all sorts of different removal procedures and
blogs. Most of them have similar embedded links to SpywareDoctor.

The linkages are subtle, and seem to be intentionally kept low key.
It's hard to explain, but try it! I bet more than 75% send you to
SpywareDoctor, without the usual fanfare. All the "blogs" and "removal
procedures" are done in the same precise, bland style.

Has anyone else noticed this, and suspected a "symbiotic" relationship
between SpywareDoctor and the fake AV Trojans?

***There should be international treaties to outlaw and prosecute the
purveyors of this crap. They will surely kill me some day!

Many thanks,,,

FromTheRafters

unread,
Dec 27, 2009, 6:59:50 PM12/27/09
to
"Turnipweed" <m...@pit.com> wrote in message
news:dnofj5dpuqmmmv4jp...@4ax.com...

>
>
> I guess I've cleaned fake spyware cleaners from 2 dozen computers. You
> know the ones:***
>
> Total Security 2009
> Windows System Suite
> System Security
> Personal Antivirus
> System Security 2009
> Malware Doctor
> Antivirus System Pro
> WinPC Defender
> Anti-Virus-1
> Spyware Guard 2008
>
> And so on. I think most are based on Smitfruad or close variants.
>
> When friends call, the first thing I do is google the fake du jour.
>
> Googling always turns up all sorts of different removal procedures and
> blogs. Most of them have similar embedded links to SpywareDoctor.
>
> The linkages are subtle, and seem to be intentionally kept low key.
> It's hard to explain, but try it! I bet more than 75% send you to
> SpywareDoctor, without the usual fanfare. All the "blogs" and "removal
> procedures" are done in the same precise, bland style.
>
> Has anyone else noticed this, and suspected a "symbiotic" relationship
> between SpywareDoctor and the fake AV Trojans?

I just figured that it made good sense to load metadata with recent
threat nomenclature. Anyone searching for "Trojan/YetAnotherFake.AV" or
"Security Suite 2011" has a good chance of landing you on their (or an
affiliate's) webpage if loaded with such data.

Bob Adkins

unread,
Dec 27, 2009, 7:04:45 PM12/27/09
to

>> Has anyone else noticed this, and suspected a "symbiotic" relationship
>> between SpywareDoctor and the fake AV Trojans?
>
>I just figured that it made good sense to load metadata with recent
>threat nomenclature. Anyone searching for "Trojan/YetAnotherFake.AV" or
>"Security Suite 2011" has a good chance of landing you on their (or an
>affiliate's) webpage if loaded with such data.


Of course.

What I'm saying is, there are many sites with removal procedures and
blogs that send you to SpywareDoctor. Too many, it seems to me, to be
a coincidence.

FromTheRafters

unread,
Dec 27, 2009, 7:55:51 PM12/27/09
to

"Bob Adkins" <m...@pit.com> wrote in message
news:vctfj5ddj7oiaijgj...@4ax.com...

I don't think they are related in any way to the actual malware, but the
methods they seem to use to obtain high seach engine results have always
made me suspicious.

Following a malware as suggested will lead to many supposed removal
tools (many of which are as bad or worse than the malware they are
purporting to remove). On occasion someone will post one rogue as the
solution to another rogue in the groups.

I'm not sure I even trust PCTools for anything. :o\


Turnipweed

unread,
Dec 27, 2009, 9:12:17 PM12/27/09
to
On Sun, 27 Dec 2009 19:55:51 -0500, "FromTheRafters"
<err...@nomail.afraid.org> wrote:

>I'm not sure I even trust PCTools for anything. :o\

Same here.

It's too bad the fake AV's are so hard to fix, and the fixes are not
real trustworthy. If someone was really ambitious and honest, they
could get rich (or at least famous).

There REALLY needs to be international laws dealing with the polecats
that spread them. Every time I have to fix one, I want someone put
behind bars. :D

Buffalo

unread,
Dec 27, 2009, 9:40:52 PM12/27/09
to

Yeah, what we really need is more laws, so the lawyers can become even
richer. :)
Buffalo
PS: Anyhow, the free version of MBAM (MalwareBytes AntiMalware) and the free
version of SAS (SuperAntiSpyware) are both excellent programs that, it
sounds like, you might find very useful!


Ant

unread,
Dec 27, 2009, 11:28:02 PM12/27/09
to
"Turnipweed" wrote:

> It's too bad the fake AV's are so hard to fix, and the fixes are not
> real trustworthy.

If you rely on other software to make the fixes then you'll never be
sure it's fixed. What you should have is a good understanding of the
OS, especially the registry and load points for drivers and user-land
executables and a good set of tools for diagnostics - including the
ability to boot a different OS (e.g. a Linux live CD) to inspect an
infected Windows system disk. Then, with access to the machine, you
manually make the changes yourself.

> If someone was really ambitious and honest, they could get rich (or
> at least famous).

Not with an off-the-shelf software fix.

What needs to be fixed (educated) are the users who install this
malware so they stop doing it.


Turnipweed

unread,
Dec 27, 2009, 11:43:36 PM12/27/09
to
On Sun, 27 Dec 2009 19:40:52 -0700, "Buffalo" <Er...@nada.com.invalid>
wrote:


>Yeah, what we really need is more laws, so the lawyers can become even
>richer. :)

Sounds as though you dislike lawyers more than viruses. That makes 2
of us. ;)

>PS: Anyhow, the free version of MBAM (MalwareBytes AntiMalware) and the free
>version of SAS (SuperAntiSpyware) are both excellent programs that, it
>sounds like, you might find very useful!

I appreciate the kind offer, but I already have them. They are among
the main programs I use against the despised fake AV's. My favorite
tools are FDisk and Format, if my friends have a Windows disk.

Happy New Year,,,

Turnipweed

unread,
Dec 27, 2009, 11:53:05 PM12/27/09
to
On Mon, 28 Dec 2009 04:28:02 -0000, "Ant" <n...@home.today> wrote:


>If you rely on other software to make the fixes then you'll never be
>sure it's fixed. What you should have is a good understanding of the
>OS, especially the registry and load points for drivers and user-land
>executables and a good set of tools for diagnostics - including the
>ability to boot a different OS (e.g. a Linux live CD) to inspect an
>infected Windows system disk. Then, with access to the machine, you
>manually make the changes yourself.

Lots of times I remove the drive, and plug it into my own machine by
USB adapter. MBAM, SAS, and a couple of other scanners usually knock
it out, though it's way too time consuming. If my friend or relative
has proper backups and a Windows disk, I can do a clean windows
install in an hour. It sometimes takes me 2 or 3 hours to try and
salvage the OS.

>> If someone was really ambitious and honest, they could get rich (or
>> at least famous).
>
>Not with an off-the-shelf software fix.
>
>What needs to be fixed (educated) are the users who install this
>malware so they stop doing it.

Very true. I have educated many people on this, but they still fail.

Know why?

Because they get tired of clicking on the popups from their AV and AS
programs and turn it off. At least that's what most of them tell me.

Thanks, and Happy New Year,,,

Buffalo

unread,
Dec 28, 2009, 10:17:05 AM12/28/09
to

Yep, FDisk and Format are two tools that really work when all others fail;
many times it is the quickest also.
Buffalo


nobody >

unread,
Dec 28, 2009, 8:42:48 PM12/28/09
to


Even better.. ClearHDD.exe
It's ancient, but it blows away the MBR faster than FDISK or any
partition editor

http://downloads.uol.com.br/windows/utilitarios/clear_hdd.jhtm

(Samsung used to have it on their "disk utilities" page, but probably
pulled it after a n00b bombed his hard drive with it)

Billabong

unread,
Jan 3, 2010, 7:59:41 AM1/3/10
to

"Turnipweed" <m...@pit.com> wrote in message
news:atdgj55l9nj9s8rft...@4ax.com...

That same was with me; I have MBAM too. I could not believe that so many
viruses could be there and turned it off, which turned into disaster. I
still feel that MBAM is overdoing, I cannot believe that even Yahoo or
Google have flaws.


Slarty

unread,
Jan 3, 2010, 11:14:38 AM1/3/10
to
On Sun, 3 Jan 2010 20:59:41 +0800, Billabong wrote:
>
> That same was with me; I have MBAM too. I could not believe that so many
> viruses could be there and turned it off, which turned into disaster. I
> still feel that MBAM is overdoing, I cannot believe that even Yahoo or
> Google have flaws.

I do hope that you don't seriously believe that? Some 'flaws' are probably
not accidental either, a cynic writes.

Cheers,

Roy

Billabong

unread,
Jan 4, 2010, 5:55:29 AM1/4/10
to

"Slarty" <plink.1...@spamgourmet.net> wrote in message
news:jr64kr2punz7.1psy69m2fozbl$.dlg@40tude.net...

Before I had other anti-virus software and my computer was behaving in a way
that I was anything but glad; but I got used to all that. When I installed
MBAM, I thought if cannot be sinply true; if so many viruses are there, how
was my computer able to work? I actually did not know what to do: to delete
them or not? Today computer runs like a rocket, but still there might be
some of the malicious items in the Yahoo or Gmail, and Google too. I shall
try another AV to see if it is a false positive.

A story: http://tinyurl.com/y8fcpmp


FromTheRafters

unread,
Jan 4, 2010, 7:19:41 AM1/4/10
to
"Billabong" <in...@osvrt.net> wrote in message
news:VfWdnc3P4Ki-VNzW...@giganews.com...


> Before I had other anti-virus software and my computer was behaving in
> a way that I was anything but glad; but I got used to all that. When I
> installed MBAM, I thought if cannot be sinply true; if so many viruses
> are there, how was my computer able to work? I actually did not know
> what to do: to delete them or not? Today computer runs like a rocket,
> but still there might be some of the malicious items in the Yahoo or
> Gmail, and Google too. I shall try another AV to see if it is a false
> positive.

You seem to be confusing "virus" with "malware". MBAM does not address
viruses (except peripherally) and is not a replacement for AV software.
It is best to have *both* available.


The Central Scrutinizer

unread,
Jan 5, 2010, 1:40:25 AM1/5/10
to
Virus versus malware is just a detail to the average user. Do your parents
or my parents know the difference? I doubt it.


"FromTheRafters" <err...@nomail.afraid.org> wrote in message
news:hhsmcv$3cm$1...@news.eternal-september.org...

Dustin Cook

unread,
Jan 5, 2010, 1:37:04 PM1/5/10
to
"The Central Scrutinizer" <gci...@hotmail.com> wrote in
news:hhumt2$22q$1...@speranza.aioe.org:

> Virus versus malware is just a detail to the average user. Do your
> parents or my parents know the difference? I doubt it.

it's an important detail. Same as knowing which side is positive and which
is negative on a battery; you only get one chance in some cases to connect
something correctly; or the magic smoke comes out. This is the same idea.

We don't deal with viruses, it's not the focus of our program; without a
seperate antivirus, your not as safe as you could be. Users even average
ones need to be educated.


--
... Those are my thoughts anyways...

FromTheRafters

unread,
Jan 5, 2010, 5:20:48 PM1/5/10
to
"The Central Scrutinizer" <gci...@hotmail.com> wrote in message
news:hhumt2$22q$1...@speranza.aioe.org...

> Virus versus malware is just a detail to the average user. Do your
> parents
> or my parents know the difference? I doubt it.

That has nothing to do with the *fact* that they are different group
entities and different methods are used to address them.


FromTheRafters

unread,
Jan 5, 2010, 5:24:46 PM1/5/10
to
"Dustin Cook" <bughunte...@gmail.com> wrote in message
news:Xns9CF78B145F8...@69.16.185.250...

As an aside, MBAM just (apparently) FPed on my:

C:\IBMTOOLS\APPS\ACCSUPT\as_setup.ex2 file.


The Central Scrutinizer

unread,
Jan 6, 2010, 12:18:01 AM1/6/10
to
Actually it seems more like infinitesimal points of details for experts to
pontificate about.

The potential is you are equally hosed with a virus as you are with malware.

"FromTheRafters" <err...@nomail.afraid.org> wrote in message

news:hi0e0a$hr1$1...@news.eternal-september.org...

FromTheRafters

unread,
Jan 6, 2010, 4:48:12 PM1/6/10
to
"The Central Scrutinizer" <gci...@hotmail.com> wrote in message
news:hi16ec$sjd$1...@speranza.aioe.org...

> Actually it seems more like infinitesimal points of details for
> experts to
> pontificate about.

Yes, it does seem that way to those that don't (and perhaps can't)
understand what the difference is. When the term virus was coined for
self-replicating code, it caught on and became a buzz word for anything
that can go wrong with a computer. Despite that, the definition still
stands. No amount of crying will repeal that.

> The potential is you are equally hosed with a virus as you are with
> malware.

Most experts currently agree that all viruses are indeed malware (and
they are wrong). The fact is that a virus need not be malicious - and in
fact can be a boon to mankind in the future. A virus is a virus because
of what it does, not because of how people feel about the results - not
the same for malware because malware by definition is malicious.

[...]


Dustin Cook

unread,
Jan 6, 2010, 9:25:27 PM1/6/10
to
"FromTheRafters" <err...@nomail.afraid.org> wrote in news:hi30f6$bir$1
@news.eternal-september.org:

And, malware is sometimes much easier to clean up. A fine example would
be the rogue program known as internetsecurity(antivirus)2010; it's an
annoyance, but not too difficult. A virus on the other hand, can be a
real pisser; it has self replicating code; and it could be inside
hundreds of files on your system by the time you notice something is
amiss.

The Central Scrutinizer

unread,
Jan 7, 2010, 12:30:54 AM1/7/10
to
"FromTheRafters" <err...@nomail.afraid.org> wrote in message
news:hi30f6$bir$1...@news.eternal-september.org...

> Most experts currently agree that all viruses are indeed malware (and they
> are wrong). The fact is that a virus need not be malicious - and in fact
> can be a boon to mankind in the future. A virus is a virus because

Please name one example.

Billabong

unread,
Jan 6, 2010, 12:17:50 PM1/6/10
to

"FromTheRafters" <err...@nomail.afraid.org> wrote in message
news:hhsmcv$3cm$1...@news.eternal-september.org...

I also have SUPERAntiSpyware installed and it did find a few Trojans,
imediatelly. It is anti-spyware, but id did detect Trojan. Trojan is a
program, but is also a virus, or am I wrong?
--
A life story: http://tinyurl.com/y8fcpmp


Michael Cecil

unread,
Jan 7, 2010, 1:39:21 AM1/7/10
to
On Wed, 6 Jan 2010 23:30:54 -0600, "The Central Scrutinizer"
<gci...@hotmail.com> wrote:

>"FromTheRafters" <err...@nomail.afraid.org> wrote in message
>news:hi30f6$bir$1...@news.eternal-september.org...
>> Most experts currently agree that all viruses are indeed malware (and they
>> are wrong). The fact is that a virus need not be malicious - and in fact
>> can be a boon to mankind in the future. A virus is a virus because
>
>Please name one example.

KOH was one that was meant to be useful. It performed a type of whole
drive encryption, but IIRC it always did ask permission when it moved to a
new disk.
--
Michael Cecil
http://home.roadrunner.com/~macecil/
http://home.roadrunner.com/~safehex/
http://home.roadrunner.com/~macecil/hackingw7/

Dustin Cook

unread,
Jan 7, 2010, 2:46:00 AM1/7/10
to
"Billabong" <in...@osvrt.net> wrote in
news:qMGdnTMpQ84P4djW...@giganews.com:

A trojan is not a virus, no. A trojan is malware; but not a virus. In
order for something to legitimately be classified as a virus; it MUST
replicate, intentionally. Trojans do not replicate by themselves. A virus
has no trouble replicating once you execute the initial source.

FromTheRafters

unread,
Jan 7, 2010, 7:14:52 AM1/7/10
to
"The Central Scrutinizer" <gci...@hotmail.com> wrote in message
news:hi3rig$crs$1...@speranza.aioe.org...

> "FromTheRafters" <err...@nomail.afraid.org> wrote in message
> news:hi30f6$bir$1...@news.eternal-september.org...
>> Most experts currently agree that all viruses are indeed malware (and
>> they are wrong). The fact is that a virus need not be malicious - and
>> in fact can be a boon to mankind in the future. A virus is a virus
>> because
>
> Please name one example.

One example of what? The future? I will do that sometime tomorrow. :oD

The "good" virus?

None of the proposals have been accepted because it has been proven that
the same results can be achieved by programming that does not require
viral code. Cohen's "compression virus" for instance - infected and
compressed files to save storage space. When the file was invoked, the
virus executed and decompressed the rest of the file.

My main point is that there is nothing about a virus that *requires* it
to be malicious or even unwanted. The main point of detractors of this
view is that a virus "modifies files" (generally without user consent)
in such a way that they steal computing power - but this is not
necessary for a program to be a virus.


FromTheRafters

unread,
Jan 7, 2010, 7:37:21 AM1/7/10
to
"Billabong" <in...@osvrt.net> wrote in message
news:qMGdnTMpQ84P4djW...@giganews.com...

SAS is good too, many people suggest using both (MBAM and SAS) for
better coverage.

Spyware works to get information from your computer. It can be malware
(malicious software) or an administrative tool (to spy on your kids for
instance).

Adware works to get information to your computer (advertisements "in
your face" for instance) and can be malware too if it is unwanted and
not agreed to when you installed the responsible software (ad supported
software - AntiVir free version for instance).

If a malicious virus infects a program with a copy of itself (as they
are known to do) the infected program is essentially now a trojan in
effect. It does something other than (instead of, or in addition to)
what the user assumes it will do - and since maliciousness was a given,
it is an unwanted funtion that it adds. Since that function is
replicative in nature, it is termed a virus rather than a trojan
(probably because it is more important to note that it is viral than to
note that it is *bad*).

Use the term "malware" to cover all types of malicious software, and
"virus" for recursively self-replicating code (whether malicious or
not). Don't assume that all spyware is malware or that all adware is
malware. Assuming all viruses are malware is generally a safe assumption
as it stands now, but only because examples of non-malicious viruses are
so rare.


FromTheRafters

unread,
Jan 7, 2010, 9:43:00 PM1/7/10
to
"Dustin Cook" <bughunte...@gmail.com> wrote in message
news:Xns9CF8DA80252...@69.16.185.247...

Additionally, most non-viral malware has a need to persist reboot -
often by methods easily revealed by autoruns, HJT etc...if not
rootkitted.

Many viruses won't use any of those methods - they persist by being
patient and waiting to be invoked as a matter of course.

...and then there's the polymorphic aspect - you can't just do a hash
comparison like you can with some malware.

Yes, I know I'm not telling you anything that you don't already know.
:o) Just reiterating, here, for the readership.


The Central Scrutinizer

unread,
Jan 11, 2010, 1:54:07 AM1/11/10
to
"FromTheRafters" <err...@nomail.afraid.org> wrote in message
news:hi4j88$dfu$1...@news.eternal-september.org...

> "The Central Scrutinizer" <gci...@hotmail.com> wrote in message
> news:hi3rig$crs$1...@speranza.aioe.org...
>> "FromTheRafters" <err...@nomail.afraid.org> wrote in message
>> news:hi30f6$bir$1...@news.eternal-september.org...
>>> Most experts currently agree that all viruses are indeed malware (and
>>> they are wrong). The fact is that a virus need not be malicious - and in
>>> fact can be a boon to mankind in the future. A virus is a virus because
>>
>> Please name one example.
>
> One example of what? The future? I will do that sometime tomorrow. :oD
>
> The "good" virus?
>
> None of the proposals have been accepted because it has been proven that
> the same results can be achieved by programming that does not require
> viral code. Cohen's "compression virus" for instance - infected and
> compressed files to save storage space. When the file was invoked, the
> virus executed and decompressed the rest of the file.

Huh. You did not explain anything in your reply. Interesting..

FromTheRafters

unread,
Jan 11, 2010, 6:41:51 PM1/11/10
to
"The Central Scrutinizer" <gci...@hotmail.com> wrote in message
news:hiehue$6ar$1...@speranza.aioe.org...

What *example* are you looking for?

I can't give you an example of what the future might hold.

For instance, I couldn't give you an example of a replicating robot, but
I could propose that they exist in the future. As long as the distances
are short enough, programming software for new robotic instances could
be sent from humans. Autotonomous replicating robots too for away (or
under too much radio interference) to receive new software must
replicate the software. That ability is what a computer virus is. I
propose that the future of mankind might indeed depend upon computer
viruses.

The whole virus=malware thing is just prejudice, although there are no
examples of 'the good virus' to offer that can't be shown to use the
viral capability only because there is no other way to accomplish the
task. I propose that one might exist in the future where there *is* no
non-viral alternative method to accomplish the task.


The Central Scrutinizer

unread,
Jan 12, 2010, 10:48:40 PM1/12/10
to
"FromTheRafters" <err...@nomail.afraid.org> wrote in message
news:higd0a$7pc$1...@news.eternal-september.org...

> What *example* are you looking for?
>
> I can't give you an example of what the future might hold.

Oh swell...

You said a virus need not be malicious. I asked you to name one
example. Seems pretty straight forward to me. Just name one example
of a computer virus that was not malicious.

So hows about stopping with all the psycho-babble and simply answer
the f-ing question?

Sheesh!

FromTheRafters

unread,
Jan 13, 2010, 5:14:45 PM1/13/10
to
"The Central Scrutinizer" <gci...@hotmail.com> wrote in message
news:hijfqp$avg$1...@speranza.aioe.org...

> "FromTheRafters" <err...@nomail.afraid.org> wrote in message
> news:higd0a$7pc$1...@news.eternal-september.org...
>> What *example* are you looking for?
>>
>> I can't give you an example of what the future might hold.
>
> Oh swell...
>
> You said a virus need not be malicious. I asked you to name one
> example.

I guess English isn't your strong suit.

The phrase "need not be" is not the same as the phrase "is not". I
proposed that the future might give a need to incorporate viral code
into robotics. There were two "examples" (one of which was actually in
existence, and one only proposed) of "the good virus" - both largely
unaccepted as proof of existence because the viral code wasn't
"necessary" to accopmplish the "good" task.

IIRC Fred Cohen proposed the virus that compressed files for storge on
disk. I don't recall the author or the name of the program that provided
disk encryption via viral code.

> Seems pretty straight forward to me. Just name one example
> of a computer virus that was not malicious.

The virus "again.com" was written without malicious intent, does that
count?

> So hows about stopping with all the psycho-babble and simply answer
> the f-ing question?

I did, but I guess you're just too stupid to get it!

> Sheesh!

Indeed!!


FromTheRafters

unread,
Jan 13, 2010, 6:14:53 PM1/13/10
to
"The Central Scrutinizer" <gci...@hotmail.com> wrote in message
news:hijfqp$avg$1...@speranza.aioe.org...

> "FromTheRafters" <err...@nomail.afraid.org> wrote in message
> news:higd0a$7pc$1...@news.eternal-september.org...
>> What *example* are you looking for?
>>
>> I can't give you an example of what the future might hold.
>
> Oh swell...
>
> You said a virus need not be malicious. I asked you to name one
> example.

I guess English isn't your strong suit.

The phrase "need not be" is not the same as the phrase "is not". I
proposed that the future might give a need to incorporate viral code
into robotics. There were two "examples" (one of which was actually in
existence, and one only proposed) of "the good virus" - both largely
unaccepted as proof of existence because the viral code wasn't
"necessary" to accopmplish the "good" task.

IIRC Fred Cohen proposed the virus that compressed files for storge on
disk. I don't recall the author or the name of the program that provided
disk encryption via viral code.

> Seems pretty straight forward to me. Just name one example


> of a computer virus that was not malicious.

The virus "already.com" was written without malicious intent, does that
count?

> So hows about stopping with all the psycho-babble and simply answer
> the f-ing question?

I did, but I guess you're just too stupid to get it!

> Sheesh!

Indeed!!

0 new messages