In case of this fake Anti-Virus, it came to us again with its new release around the year as always. Therefore, users need to be careful on downloading applications and not to be induced.
2. Spreading path and symptoms of infection
In case of this fake Anti-Virus program, it mainly uses SNS, attachment of e-mail, and web sites which are weak for certain vulnerability. And XP Antispyware has been being updated constantly.
Its well organized interface and fake infection report can induce user to pay.
If a user is being infected by this Anti-Virus SW, general use and removal of this program will be difficult.
Once infected, you can see following screen.
It shows user fake infection report then shows window for register. This will induce user to pay.
The payment window is very neat, however, "DOWNLOAD", "SUPPORT" menu doesn't work.
Fake Anti-Virus can even block Internet Explorer.
IE doesn't work!
Not only explorer, but cmd.exe and regedit.exe are also blocked by this fake Anti-Virus' firewall.
Because execution file is inserted in Shell -> open commend in registry, that window will appear.
General users can feel difficult, because several complex steps including registry removal and process will be needed for treat.
Following another fake Anti-Virus is disguised as a "Kaspersky's Internet security".
Both file name and program are disguised as by Kaspersky's.
3. How to prevent
Needless to say, the highest purpose of malicious program is for money. We try to effort against that fraud.
To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.