I was over at my folks’ house yesterday when my Dad walked out of their office asking, “Who rebooted the computer?” Well, nobody had, but after he logged in we noticed they had a new unwelcome guest installed: Personal Security. (cue the “Boo Hiss” sounds)
This is another one of those fake antivirus apps like Cyber Protection (last battle) or Antivirus 2009. It looks like an AV app. Acts like an AV app, even presents its own copy of the Microsoft Security Center. Then you’re told that this is just a trial version but boy, you sure have a lot of viruses. If you want to fix all the viruses it has found (heh…) you’ll have to pay for the full version.
What a load of crap.
It even creates an Uninstall entry, but if you try to run it you get another message about it being a trial edition. No uninstall is possible.
Last time I fought one of these apps someone (Nathan?) pointed out that I should consider using System Restore as part of my tool set to fix these things. So I gave it a shot on this one. First I rebooted into Safe Mode (just because it seemed wise). Then I popped into the System Restore app and chose a save-point from the previous day and turned it loose. Rebooted and… no sign of Personal Security any more.
Just to be safe I ran a full scan (again from Safe Mode) using Malware Bytes Anti-Malware and nothing showed up.
I still haven’t figured out how it landed on the parents’ computer – or, more importantly, how it got past Microsoft’s Security Essentials. At about the same time, SE did block a Koobface dropper so I wonder if the attack was a new wrinkle on that? If so, I need to make sure all software on their computer is current. Next step is to install Secunia’s Personal Software Inspector (PSI) and see what’s out of date.
Possibly Related posts: