Therefore, general users need to be careful on downloading and installation of this fake AV SW.
2. Spreading path and symptoms of infection
Lately found fake Anti-Virus SW can also download itself with the link through attachment of e-mail, accessing tampered web site, Twitter, and Facebook.
Downloaded Anti-Virus SW has its icon similar as real AVG product's icon. Besides having description of Dr.Web is a feature of this malware.
On executing this malicious file, it can induce user to install completely with showing "AVG Anti-Virus" logo as following.
After installation, this malware will show user fake diagnosis screen as following.
Clicking "Remove All" for treating, it will require "Activation code" for its activating.
Payment screen will appear on clicking "Activate" for getting "Activation code".
It can induce user to pay and make user inconvenience. When an infected user turns on his Internet Explorer window, following screen will appear and bother user to use internet on "about:blank"
Entering direct URL in URL field will show following screen.
Clicking "Fix now" for remove this symptom will appear another payment inducing window
After a period of time, you can see this update window.
Clicking "Update Now" for update will appear another payment inducing window.
It won't be removed even clicking "Close" on tray icon.
All of fake Anti-Virus softwares are inducing user to pay and can't treat from malwares.
3. How to prevent
Users who are familiar with various anti-virus SWs won't be induced from fake Anti-Virus SWs, however, general users can be induced and even infected.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Anti-Virus/Spyware” for detecting such as malicious file stated above and runs responding system against various security threats.