Savvy Duck Alerts: Vista Antispyware

A recent trend in the field of malicious software scams is fake virus and spyware protection that actually gives you the problems they claim to prevent. They then ask for money in return for cleaning these imposed infections and then steal your money (or worse - steal your credit card number). A particularly malicious variant of this scam is known (among many other names) as Vista Antispyware. This clever piece of software not only tries to scam its users, but it defends itself from legitimate antispyware programs, making it almost impossible for the average user to remove. Read on for tips on preventing this infection. Tweet

One Possible Main Menu

Names and Appearance

This malicious software is difficult to define because it operates under many names and appearances. This is, in effect, one of its many defense mechanisms. Depending on the name and appearance of a particular infection, the user of an infected computer may not be able to easily find advice on dealing with the software because it is not clear that the infection is identical to other infections that have a variety of other names. The name of this software does usually follow a specific formula: the ame of the user's operating system (such as Vista), followed by a safe-sounding software name (such as Antispyware), followed by the year of or year after the date of original infection (such as 2012). I have encountered the software most often under the name Vista Antispyware 2011 or 2012, hence the name of the article, but the following is a collection of its most common names:

XP Antispyware 2025 XP Antivirus 2025 XP Home Security 2025 XP Internet Security 2025 XP Security 2025

Vista Antispyware 2025 Vista Antivirus 2025 Vista Home Security 2025 Vista Internet Security 2025 Vista Security 2025

Win 7 Antispyware 2025 Win 7 Antivirus 2025 Win 7 Home Security 2025 Win 7 Internet Security 2025 Win 7 Security 2025

Even worse, the appearance and interface of this software changes according to how and where it's installed It is basically like a chamelion crossed with a rattlesnake crossed with a computer virus. It is extremely difficult to pin down, which makes prevention very important.


Lots of scary pop-ups

Method of Attack

The software has two primary methods of attack. The first method is to trick people who are looking for legitimate antivirus or antispyware software to download and install it directly. It does look very legitimate at first glance, and it would be easy for someone not familiar with such matters to download this malicious software willingly. The second method of attack is the use of malicious (or even hacked) websites that search for flaws in a computer's programs. If it finds a good enough flaw, it will install this software in the background without the unfortunate user's knowledge. It then simulates the built-in Windows security software to a certain extent to keep the user in the dark as long as possible.

Effects

Once installed, this software modifies the operating system so that any program you attempt to launch has to be okayed by it first. If you attempt to launch a program that this software considers a threat to itself, it will fail, making it extremely difficult to remove. It also modifies Internet Explorer (and potentially other web browsers) to deny you access to websites that might assist you with the infection. Then the malicious software will start throwing all kinds of error messages claiming serious infections, some of which look very similar to legitimate Windows security features, right down to the multicolored shield. Finally, it pretends to scan the computer, displays several "infections" that are actually legitimate files, and demands money in order to remove them. That's where the scam is; an illegitimate request for money to clean an infection that the software itself simulates.

Prevention

Prevention is two-fold. The first and most important thing to remember is to only download legitimate, well-known antivirus software. If you're uncertain about a piece of software you want to download, try typing its name into Google. If the software is not legitimate, the search results will (in most cases) reflect the fact that people are trying to remove it.

The second step is to always keep your computer's software updated. Run your Windows updates at least once per week, and don't delay too long when you get update requests from other programs. One of the ways that this malicious software gets installed is through security holes it finds in the programs on your computer, and many of the updates to these programs are fixes for those sorts of security holes.

What if I've been infected?

If you have been infected by Vista Antispyware or one of its variants and live in the Eugene/Springfield area, you're in luck. I have encountered and successfully removed this software before and would be willing to do the same for you, right at your home or business, through my computer repair service. I can usually remove this infection in under an hour (though this software usually appears alongside secondary infections which may take longer to remove). If you are outside of the area, I recommend searching for a virus removal service closer to you or searching for a recently-updated legitimate piece of security software.