Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Security Blog

September 28th, 2012, 12:59 GMT · By

BLOG

Fake AV “System Progressive Protection” Distributed via Drive-By Downloads

SHARE:

Adjust text size:


System Progressive Protection - fake antivirus Enlarge picture - System Progressive Protection - fake antivirus
McAfee Labs experts have come across a nasty fake antivirus called System Progressive Protection that’s currently being distributed via drive-by downloads and via other pieces of malware.

System Progressive Protection is part of the Winwebsec family and its main goal is to block victims from accessing other applications on the infected machine.

Once it finds itself on a computer, the malware displays “virus infection” alerts, attempting to trick victims into activating the product in order to fix errors and remove threats.

At this point, whenever the user attempts to execute another app, a firewall alert appears, informing him/her that it has been blocked because of a worm that’s allegedly trying to send credit card details to a remote host.

After the program is activated and the activation code is entered, all the alerts disappear, but the malicious software remains on the machine.

Experts say that the threat can be easily removed from computers with a decent antivirus program or by deleting its files and registries. Furthermore, while most apps are blocked, Internet Explorer isn’t, which means that it can be utilized to access the websites of security companies.
FILED UNDER:
Fake AV
malware
scareware

TELL US WHAT YOU THINK:

3,225 hits · 2 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Dorifel Malware Threat Utilized by Support Scammers Against Dutch Users
Google Go Programming Language Used to Develop Encriyoko Malware
Ransomware Encrypts over 110 File Types and Holds Them Hostage
Gaeilge Language Ransomware Targets Users from Ireland
US-CERT Warns of Ransomware Impersonating the FBI

READER COMMENTS:


Comment #1 by: Serpempl on 05 Nov 2012, 05:22 UTC reply to this comment

It is quite sticky. I hope that tomorrow with my brother's help and following the instructions from experts appearing in web pages, we will be able to get rid of this malware. I wonder why if it has been known already for a couple of weeks, protection programs are not prepared to stop it before infection occurs. I tried to start some protection programs apprt from those I have, but it looks like the malware is able to prevent them to start working. It is a nightmare!!

Comment #1.1 by: nunoh on 12 Nov 2012, 19:30 GMT

My 4 cents...
Use windows explorer to COPY \windows\system32\taskmgr.exe to c:\iExplore.exe
Then, execute iexplore from there. It will launch task manager because the "virus" allows running processes with that name.
From task manager, find a running process called (something).tmp
Kill / End Task it.
It should allow, now, running other exe's, like normal Task Manager, Regedit, etc...
Use known Tools to effectively detect and clean up the mess...
(i could suggest malwarebytes, with their free version), but there are others.
If correctly done, you should be able to do all even without reboot.
Only reboot after reasonable cleanliness, to allow running cleanup tool - again in Safe Mode.
Good Luck!

Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use