Friday, August 8, 2008

XPAntivirusPro2008 and variants

One of the nastiest malware applications currently going around is a whole family of programs with names like XPAntivirusPro, WinAntivirusPro, VistaAntivirusPro and many variations of above names pre- and/or suffixed with years from 2007 through 2009. You may find almost any combination of Win, Windows, XP, Vista, anti, virus, spyware (and others?) in almost any semi-reasonable order.
  • A word of Caution: Above link on XPAntivirusPro brings you to a Wikipedia page that is not yet fully edited but still gives a fair overview of the related problems.
    Beware: Way at the bottom of this Wikipedia page is a link to "WinAntiSpyware Removal Instructions for Windows XP and Windows Vista". At the time of writing this link goes to a DANGEROUS web site according to Siteadvisor; it has NO instructions at all; do not use this link!
  • Added Oct-10-08: By now there are many more variants with different names out there. It is justified to say that with the exception of about one dozen of more or less proven programs most of what is promoted likely is malicious. The louder and/or scarier the "promotion" the more likely that it is bad stuff. Do your homework or ask me, don't just download and install only because "it says it's an Anti whatever" program.
The original program appears sometimes as secret payload of another "free download" or gets put on your computer by malicious websites. Once running it attempts to scare you into buying any of the variants of XPAntivirusPro. The scares are by now really convincingly well crafted and look like legitimate messages from Windows. When you really buy the junk software that supposedly would solve all problems that is the moment when the real problems begin. Some of the variants download Trojan horse programs, others download key loggers and so on.

This garbage comes primarily through the use of Internet Explorer on your computer. You can read details about one man’s epic trip to rid his father’s computer from this malware program here. Here this link in text format:

I admire this guy's persistence on the rocky road he took and congratulate the final success. If you are interested you may want to read the other articles on this issue he has posted. The links are in a small rectangular box on the right side at the beginning of the page I have just linked to.

BUT: Had the son earlier gone through with “switching” his father to the Firefox web browser they both would have avoided a grueling experience.

I have successfully removed these malware programs from many computers; I use a very different approach that renders success in an hour or two rather than spanning days! The worst case so far was a computer that had three layers of this garbage on top of each other; now that took a bit longer but the machine is clean now!

Here I can only repeat what I preach to my customers over and over:

Use the Firefox Web Browser instead of Internet Explorer!

Okay, I know, there are a few web sites out there that require Internet Explorer because they are programmed to use some non-standard functionality that is available only in IE. If the web site that requests IE is from a reputable well known company or a government agency you can do that. Just don’t begin a casual browsing session from within IE.

You would not believe what I see all the time. I get called to a customer whose computer is acting up. I find and remove some ActiveX malware that can have invaded the computer through IE only. The customer confirms most animatedly that “nobody here used IE”. I check the folder where IE stores temporary files and there are 10s of megabytes of recent temporary files that only IE can have put there. Funny coincidence, isn’t it?

BTW, when I talk about IE please mentally include Outlook Express and Outlook, Microsoft’s email programs.

Use Thunderbird E-Mail instead of Outlook or Outlook Express!

Switching you from Outlook Express to Thunderbird is simple and does not require a lot of learning. Switching from Outlook to TB is only feasible and simple if you did not use Outlook’s integrated calendar, planning and contact management features. But then again, I question the feasibility of using MS Outlook on a free-standing home computer anyway. Outlook is an application that should be used in companies, preferably with one centrally and professionally managed mail server behind it.

The reason I hear most often for using Outlook is ‘I am used to it because I use it at work’. Want to know what I am hearing? Good that you ask, I would have told you anyway; I hear ‘I am soooo unwilling to learn something new that I don’t give a hoot if I have to pay you repeatedly for fixing my computer after I have messed it up again’.

We all know, habits are hard to break - and sometimes costly to keep. ;-)

As usual I welcome comments and suggestions right here in the blog.

Thank you in advance.


No comments: