STRONGER AND STRONGER STRAINS OF COMPUTER VIRUS
February 19, 2011 8:16 PM   Subscribe

A Google search for my latest problem, the "AntiVira AV" Windows PC virus, pulls up an actual Sponsored Result from "wiki-security.com", which itself looks like a HOAX WEBSITE, suggesting that I purchase SpyHunter to remove the virus. How large is this conspiracy?

I've never had a virus that pretends to be antivirus software also direct me, via Google, to a phony Wikipedia website --- suggesting that I buy even more software. This virus is one step too Meta for me, so I wanted to Ask Metafilter about it. ??? Is this for real?
posted by shipbreaker to Technology (18 answers total) 4 users marked this as a favorite
 
A search for "Blue Phantom Marketing, LLC" reveals the over forty phony Anti-Spyware programs you can buy from them. Deeper and deeper the rabbit hole goes, it's making me crazy.
posted by shipbreaker at 8:21 PM on February 19, 2011


Actually, my search was for "Blue Phantom Marketing, LLC" and "scam". Revealing forty deeper layers to this particular rabbit hole. This is very much the next "strain" of meta-computer-virus, and I am happy to be the first person to report it. February 19, 2011.
posted by shipbreaker at 8:25 PM on February 19, 2011


Yes it's for real and the conspiracy is very large. Large enough such that you should just run Microsoft's Security Essentials and forget about ever needing to know anything about viruses again. It's not going to be perfect, but good enough and trustable.
posted by rhizome at 8:29 PM on February 19, 2011 [2 favorites]


I can't say anything specific about your case for AntiVira AV since I'm not familiar with it, but this combination of malware + advertising is becoming increasingly common. There have already been several pieces of malware that direct you to purchase fake anti-virus software, which is easier than installing keyloggers trying to figure out your bank accounts since you're giving them your credit card info directly.

Google does have extensive anti-malware detection for their ads and web pages, but it's a cat and mouse game with the bad guys always coming up with more clever approaches.

User deezil has a bunch of info on anti-virus that is useful if you are already infected.

Lastly, if you're interested, I wrote about the similar practice of malvertisements for Communications of the ACM a while back.
posted by jasonhong at 8:31 PM on February 19, 2011


How is this a conspiracy? A common virus exists. A bullshit software company buys a search ad on the name of the virus. The bullshit software company's website is misleading so that you give them money without them having to do much real work.

This is not a "strain of meta-computer-virus", it's more like parasites feeding on parasites.
posted by jrockway at 8:31 PM on February 19, 2011 [1 favorite]


Yeah... you realize that "Sponsored Result" means that someone paid to put that there as an advertisement, not that Google has evaluated or somehow endorses the link, right? Basically, you should probably always ignore the "Sponsored Results" when you do a search.
posted by XMLicious at 9:13 PM on February 19, 2011 [1 favorite]


Just download MalwareBytes and run that, it's free and does a good job. Try the forums at BleepingComputer.com for advice on getting rid of viruses.
posted by citron at 10:10 PM on February 19, 2011


Oooh my friend just had this same problem. Yes it is a virus but viruses posing to be anti-spyware programs are not uncommon. When I ran a search on antivira av yesterday, it came up as one of the "newer" hoaxes, but still a blatantly obvious one.

You should definitely run one of the programs suggested above to get rid of it. When my friend had it, it made it impossible to do anything on his computer so I ended up running it in safe mode to do some manual stuff. Double check its removal by removing it from your msconfig start up files (the one with the funny name like 'ajwhewiyrbf') and from regedit.
posted by bluelight at 5:21 AM on February 20, 2011


As others have told you to do, check my profile. Also, if you want how to remove this exact piece of spyware (viruses self-replicate, spyware programs do not), check out its guide at Bleeping Computer. If there's ever a nasty you need to get rid of, Bleeping Computer will give you exact details, and they're pretty quick on the draw with getting new finds out in the wild put up.
posted by deezil at 7:44 AM on February 20, 2011


You might want to have a look at this FPP.
posted by Obscure Reference at 7:52 AM on February 20, 2011


The conspiracy does run very deep, but Google does not want to be part of it. Their ad policies explicitly prohibit advertising of malware and you can report inappropriate ads. FWIW I spent a good minute reading the linked wiki-security site and I still can't really tell if the site is shilling malware or legitimate. If it's malware social engineering it's well designed and Google might need some help figuring out that it's really a scam.

Your best bet for cleaning a system is to go to a trusted source for tools to repair it. You have about a 50% chance of it being repairable, you may have to wipe the computer entirely. I'd start with Microsoft's own Windows Defender, and if that doesn't work escalate to deezil's profile and suggestion of Bleeping Computer.
posted by Nelson at 8:54 AM on February 20, 2011


FWIW I spent a good minute reading the linked wiki-security site and I still can't really tell if the site is shilling malware or legitimate.

If you can't tell, it's not legitimate. This is true 100% of the time for security-oriented sites, and basically 100% for everything else. If it's for something you need and there seem to be no legitimate sites when using this rubric, ask a nerd what you should use.
posted by rhizome at 12:40 PM on February 20, 2011 [1 favorite]


As of 2006^ Windows Defender has been replaced by the aforementioned (also free) Microsoft Security Essentials, which is an antivirus measure as well as dealing with malware.
posted by XMLicious at 1:35 PM on February 20, 2011


Personally I dislike MSSE and prefer Panda Cloud Antivirus. Free (as in beer only) for personal and non-profit corporate use, lightweight, unobtrusive and competent.

I recommend this product often enough on MeFi that I'm starting to sound like a shill, but I'm merely a satisfied user.
posted by flabdablet at 4:16 PM on February 20, 2011


Ugh, my apologies, the Microsoft tool I meant that I'd try first is the Malicious Software Removal Tool. It's limited, but easy to run. AntiVira AV isn't on the list, so it may not help in this instance, in which case it's time for the big guns.

rhizome: I am the nerd people ask on what to use. The malware landscape evolves so quickly it's hard to keep up. The wiki-security page includes notes on manual removal via regedit, which on the face seems legit but then when you read the actual instructions they're too vague to be of much use. Most of the links drive you to install "SpyHunter Spyware detection tool", with a link to an .exe installer on wiki-security itself. Is it legit or not? It takes more than a casual read to know. You really need to get tools from trusted sources and it's not clear what those are month to month.
posted by Nelson at 4:25 PM on February 20, 2011


rhizome: I am the nerd people ask on what to use.

So am I, that's why I got sick of having to figure out which virus checker is less annoying this week, and how good is this other one, and which one doesn't slow my mom's computer down, and are there ads and and and...There are now ways to set it and forget it, more or less.
posted by rhizome at 6:29 PM on February 20, 2011


flabdablet, I finally added Panda to my list, with a warning that if users had questions, to send them to you ;-)
posted by deezil at 8:33 PM on February 20, 2011


rhizome: apart from (a) the issue I linked above under "satisfied user", now resolved and (b) needing to turn it off while upgrading an XP SP2 box to SP3, I've found Panda Cloud Antivirus to be the most "set and forget" of any I've seen, and I've seen lots. It also eats less RAM than most and does a better job than most of keeping the machine responsive during an explicitly triggered full scan.

deezil: cheers! If I get any Panda-related questions requiring non-pebkac fixes, I'll let you know.
posted by flabdablet at 1:27 PM on February 21, 2011


« Older How to balance family and boyfriend?   |   Where can I get a king cake in San Francisco? Newer »
This thread is closed to new comments.