AV20XX- The Anti-Virus Scam

So I was working at Ft. Lewis, and one of our clients came to me with a bit of a problem. He said his wife was doing some research online and clicked on something she shouldn't have (though she didn't know it at the time) and suddenly a program called AV2008 was telling her she had hundreds of viruses on her computer.

She clicked through the program thinking it was their McAfee. He mentioned the subscription had expired and had to be renewed. She thought she was renewing it, entered her credit card info, then after she had hit the submit button, she noticed it was the wrong program. They captured screen shots, printed their account transactions, and went to the bank to get it stopped.

He brought her laptop in and told me that if at all possible, rescue the computer from all the viruses, if not, then save the data- priority one, and then wipe it and start over from scratch. I started digging around under the Guest account (the account she had been using) and noticed that it was the program saying they had viruses. They didn't have any viruses whatsoever, I had uninstalled McAfee, but Av2008 wouldn't let me install another AV program, nor would it let me uninstall itself. Windows Vista does not have the admin account enabled by default, I had to enter the following string- "net user administrator /active:yes" from the command line in order to have the Admin account show at the login screen. I logged in as Admin, was able to uninstall the program, installed Symantec Endpoint Protection (free for members of the DoD) and their computer ran beautifully.

I re-ran the command for the admin account, except changed it to /active:no to disable the Administrator account after I had finished.

I told the client that he needed to do a few things:

  1. He needed to create her an account to use, since the Guest account is un-secure and wide open.

  2. Disable the guest account after she moved all her stuff over.

  3. Never trust any program you have never heard of, or no you have not installed, and NEVER enter your credit card info on any unknown source. If you have to do anything financial to any source you are not too sure about, use PayPal, you have a much higher chance of getting your money back.

He said thanks many times during the visit, and each time he came in with an issue on one of his, or his soldiers computers, he came down personally instead of calling, just to say thanks. IT guys appreciate thank yous just as much as the other guys. We hardly get praised when things are working, and always get the pressure and blame when things aren't working.

Any program except the AV you have installed comes up and tells you you have viruses or other issues with your computer, close out of it, and quickly. They are scams, frauds, and only want your money for no reason.

If you are not certain you really are anti-virus free, disable your current anti-virus, install AVG Free, run a scan, if it still comes up as negative, uninstall it, then re-enable your trusty AV software.

 

Last Note:

Every Year a new program is written like the one above and it keeps the same name except the year change ie: AV2007 AV2008. Keep as far away from them as possible, and remember the site you encountered it on. Email their webmaster and report it (page name and link you clicked for it), if they are not in cahoots with the writers, they will send their thanks.

About the Author: 

Sean Wheeler
Small Biz Techno Geek 

Sean works at home designing IP Video Surveillance and Home Intrusion systems, writing articles, and managing 3 young children. Enjoys tinkering with technology and generally delving into every little detail imaginable whenever he gets into a project.

Firelight Web Studio
A price you can afford, payments that work for you, and information when you need it, will keep you in the driver's seat, even if you don't know a metatag from a content management system.