Re-occuring Fake Antivirus Infections
Posted on: February 1st, 2012
In the recent month I had a few cases where, not too long after cleaning up computers, the owner started getting similar messages as before.
In one case I found that I missed cleaning up a portion of the infection that resided deep inside Windows. But at least two cases proved to be user caused re-infection.
Actually, they re-occurence of the infection was different – but not for the user’s eyes. The reinforced antivirus protection in each cases prevented the fake antivirus to infect the system. All that was running was a small file that created the “show” of convincing the user that his computer was crawling with all kinds of trojans and spyware. The usual scare tactic of these scammers.
In each case removing the newly resurfacing fake AV was a piece of cake (as compared to a full blown infection), because it did not have foundation of embedded protection as it did before.
Also, the re-infection happened almost exclusively when users continued to use Internet Explorer as the main browser. That seems to be the most common source of infections. IE has vulnerabilities which are not patched quickly, leaving the users open to “drive-by” infections when simply visiting a site would infect the machine – without downloading anything specifically.
As I mentioned many times in other articles the best defense against computer viruses and fake antiviruses is having a good antivirus and using Firefox with ad blocking. The latter is important because there are situations where a website is not infected but it accepts ads from dubious sources and those ads do contain malicious code.
Did you find this information useful?
Please consider donating.