14 DAY TRIAL // Security researchers from Symantec warn of a new piece of scareware, which tricks users into uninstalling the legit security programs already running on their computers.
The rogue application, which poses as an antivirus product, is called 'AnVi Antivirus' and is a clone of the already known 'CoreGuard Antivirus' scareware program.
Upon execution, AnVi Antivirus checks to see if several legit security applications produced by Symantec, Microsoft, AVG, Spyware Doctor or Zone Labs, are installed on the victim's computer.
If any of these programs are found, the rogue software triggers a fake alert, instructing the user to remove them, and then launches their legit uninstallers.
For example, if Norton Antivirus is found running on the computer, the alert reads: "Uncertified Symantec antivirus software detected in your computer. You need to remove Symantec software for correct operation of the Antivirus.
"Attention: If you don't remove Symantec software, the performance of your computer will dramatically degrade. Press 'OK' to remove the Symantec."
"The user is left with no other option than clicking OK, which initiates the uninstall process. Even if the user clicks the 'close' button, the uninstaller of the antivirus product still executes," the Symantec security researchers explain.
In order to know how to initiate the uninstall process, the rogue application reads corresponding registry entries stored under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.
After the legit security software is removed the rogue AnVi Antivirus application is downloaded and installed.
During this process Softpedia's 100% Clean and five-star Editor's Review awards are abusively displayed in an attempt to add legitimacy to the program by abusing the trust users associate with these graphics.
Obviously our website and company has never endorsed this scareware application or others like it. Software added to our database undergoes thorough testing and our editors are specifically trained to spot such fraud.
