14 DAY TRIAL // Microsoft is fighting Microsoft Security Essentials Alert on multiple fronts, and has even started distributing automatically to Windows users a free security tool designed to tackle the threat. Since August 2010, the Redmond company has warned customers of the danger posed by Microsoft Security Essentials Alert, a rogue antivirus which masquerades itself as Microsoft Security Essentials 1.0.
Now, the software giant has released an updated version of the Microsoft Windows Malicious Software Removal Tool, a free security solution set up to kill a specific list of malware, including Win32/FakePAV, which is being spread as Microsoft Security Essentials Alert.
It is important to underline that Microsoft Security Essentials Alert has nothing to do with the genuine Microsoft Security Essentials 1.0 from the Redmond company.
Microsoft Security Essentials Alert only copies MSE in order to appear as a legitimate security solution to end users. In fact, it’s anything but.
Microsoft Security Essentials Alert has stolen not only the MSE brand, but also elements of the graphical user interface in order to create a feeling of authenticity.
However, Microsoft Security Essentials Alert is nothing more than a rogue AV, a fake antivirus, also known as scareware because it scares victims into thinking their machines are infected to convince them to pay for a license to remove inexistent threats.
“When FakePAV sees an attempt to run certain programs, it displays a fake Security Essentials alert dialog,” revealed Hamish O'Dea, from the Microsoft Malware Protection Center.
“At first glance, there is very little that differentiates this from a real Security Essentials alert, beyond the bogus malware name ("Unknown Win32/Trojan").
“You can close the window, but in a crude attempt to emulate the behavior of real-time malware blocking, FakePAV also terminates the program that it reports as a threat. This effectively means you can't run programs in FakePAV's kill list, including Internet Explorer and other common web browsers.”
Essentially, the Microsoft Security Essentials Alert rogue AV cripples machines to the point at which they are virtually unusable.
PC users without the technical know-how necessary to deal with this threat are often force to register the fake antivirus and pay for license to continue using their computers.
But when victims will attempt to clean their machines with the useless Microsoft Security Essentials Alert, they will find that the fake AV is incapable of doing so, and that they will be prompted to scan online in order to “handle” the fake infection.
“It then pretends to scan the file again. Earlier variants of FakePAV would display bogus results from a list of anti-virus scanners, including legitimate ones, but invariably only five fictional scanners were reported to actually detect the threat: Red Cross Antivirus, Peak Protection 2010, Pest Detector 4.1, Major Defense Kit and AntiSpy Safeguard.
“The rogue would even go as far as to display a different GUI depending on which "scanner" you chose to install,” O'Dea added.
In the more recent variants of FakePAV, the attackers are not allowing users to make any choices. Instead, fake AV "ThinkPoint" is installed as soon as the PC is rebooted.
ThinkPoint takes over the machine, and performs more face scans. The rogue replaces explorer.exe and users are stuck running the scareware without access to their normal desktop, taskbar and start menu.
Just as it is the case for other rogues, ThinkPoint will claim that there are a range of infections on the machine, and scare users into paying for a full license in order to remove them.
“The affected machine is now even more difficult to use; in addition to stopping explorer.exe from running, it terminates task manager, leaving no easy way to run any other programs,” O'Dea added.
Users should not, under any circumstances, pay even a single cent when dealing with Microsoft Security Essentials Alert, ThinkPoint, Red Cross Antivirus, Peak Protection 2010, Pest Detector 4.1, Major Defense Kit and AntiSpy Safeguard.
Instead, they should turn to legitimate security solutions such as the Windows Malicious Software Removal Tool and Microsoft Security Essentials to have this malicious code removed.
Microsoft Security Essentials 1.0 is available for download here. Microsoft Windows Malicious Software Removal Tool is available for download here.
Remove Fake Microsoft Security Essentials Alert / ThinkPoint