I was over at my folks’ house yesterday when my Dad walked out of their office asking, “Who rebooted the computer?” Well, nobody had, but after he logged in we noticed they had a new unwelcome guest installed: Personal Security. (cue the “Boo Hiss” sounds)
This is another one of those fake antivirus apps like Cyber Protection (last battle) or Antivirus 2009. It looks like an AV app. Acts like an AV app, even presents its own copy of the Microsoft Security Center. Then you’re told that this is just a trial version but boy, you sure have a lot of viruses. If you want to fix all the viruses it has found (heh…) you’ll have to pay for the full version.
What a load of crap.
It even creates an Uninstall entry, but if you try to run it you get another message about it being a trial edition. No uninstall is possible.
Last time I fought one of these apps someone (Nathan?) pointed out that I should consider using System Restore as part of my tool set to fix these things. So I gave it a shot on this one. First I rebooted into Safe Mode (just because it seemed wise). Then I popped into the System Restore app and chose a save-point from the previous day and turned it loose. Rebooted and… no sign of Personal Security any more.
Just to be safe I ran a full scan (again from Safe Mode) using Malware Bytes Anti-Malware and nothing showed up.
I still haven’t figured out how it landed on the parents’ computer – or, more importantly, how it got past Microsoft’s Security Essentials. At about the same time, SE did block a Koobface dropper so I wonder if the attack was a new wrinkle on that? If so, I need to make sure all software on their computer is current. Next step is to install Secunia’s Personal Software Inspector (PSI) and see what’s out of date.
Possibly Related posts:
I’d pay good money for Secunia to go two weeks without any Adobe products showing up on it. Only way I’ve had that happen is uninstall everything by Adobe… it never lasts though. Turns out too many sites use flash. *sigh* Stupid Adobe.
Amen. I recently heard that Adobe is now the number one “attack vector” — it has jumped over the Microsoft OS’s even!
I’ve actually had this problem several times. The virus is infecting the computer through firefox, at least with me, and seems to be tied to adobe. Unfortunately it doesn’t seem to matter whether or not I download or open anything, virus comes anyways.
It also seems to knock out a lot of security programs. I actually had Norton anti-virus running on my computer and it disabled it. When I tried Norton customer support someone in India told me they couldn’t help me with the problems unless I paid them more money for personal computer support. Their updated product failed to stop a common virus, was disabled by it and now it doesn’t work, but I have to pay for them to help me with this problem. Anyways I’ll never purchase anything from them again and I tell everyone else to stay away from them.
If you know a good free or low cost program that can protect against this or fix it let me know. So far all I’ve been able to come up with is a system restore, and I’ve been having to do that about once every three or four months for the past year now.
heyas Rob, long time
In our case it came through a Facebook exploit (apparently a derivative of Koobface) — and yeah, it immediately disabled MS Security Essentials which is definitely a bummer…
You might check out Malwarebyte’s Anti-Malware (there’s a free version), I’ve had excellent luck with it and this sort of stuff. Worth a scan even after you think you’ve cured yourself.