Hey everyone,
I know no one (unless you have gone to college for computer security) is an expert with security. That doesnt mean that other people dont know a lot about security. I am going to be starting a group of security people. We are not trying to have anyone be above anyone else or try to talk down to less computer educated people. We just want everyone to get the MAXIMUM PROTECTION HELP they can. We will be discussing the latest and best software, the highest risk threats out there, some of the best ways to protect yourself, and how to do a few things to your computer to help protect yourself. I will be making a list at the top of this post on who is offically in the Infection Resolving Team (sounds very korny and childish but it is true so...) so everyone can ask us questions. If you have a little problem, you can just post in the System Security Forum as a normal post. If it is urgent of you have a serious problem you can either send anyone of the approved members a private message or post a comment in the blog here. Again, our only purpose is to help everyone reach there maximum protection against all of the "non-friendly" computer people out there.

If you are interested in joining you can send me, Neverhavemoney, a message or post your request in this thread.
Remember, A good computer starts with Good protection!!

Thanks very much
Ben

Hi Ben, I have put my name down for your group, if you'll have me. Thanks for this. Virus infection is a HUGE problem for everybody and you are so right, there are no experts (except I guess the folk that write these things). Any thing you want me to do, ask here or PM me. I think I am pretty security conscious, but I just got the Antivirus bug myself. A big wake-up call.

Norm

The following article is a compilation from various sources, attributed at the bottom of the post, and describes Rogue Security Software also known as Win32/FakeSecSen, how you get it, and what it looks like and does. The principal objective of all these types of rogue softwares is data collection.

How to remove it will be the subject of another post.



These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software. Some of these programs, such as Trojan:Win32/Antivirusxp and Program:Win32/FakeRednefed may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. These products may represent themselves as “Antivirus XP”, “AntivirusXP 2008”, “WinDefender 2008”, “XP Antivirus”, or similar.

In case you haven’t heard the term before, this is software that tells you that your system is crawling with bad stuff (for free!) and then offers to remove it for you (that’ll cost you). Of course the stuff they report is completely bogus; they are incapable of finding any real malware. What’s more they can be very insistent, repeatedly displaying popup warnings that make it virtually impossible to use your machine unless you pay to “register” the program. Apart from extorting money from innocent people, which is bad enough, this behaviour adds to the amount of FUD (fear, uncertainty and doubt) in the online community. As a virus researcher who’s spent more than ten years fighting real malware, this annoys me. Some even trade on the reputations of legitimate software vendors to help sell their scam. One such rogue that we’ve been seeing in high numbers is something we call Win32/FakeSecSen, and is this month’s addition to the Malicious Software Removal Tool (MSRT). FakeSecSen is a classic example of a rogue security scanner. It is distributed in a variety of different ways. One is through web sites that might look like this:

Another way is via malware that downloads the rogue directly. It is quite common for links to both the rogue web sites and the rogue downloaders to be distributed via spam, in cookies, or as a "drive-by" pickup. IT is not always neccesary to have "clicked" on anything in particlar to get this bug. If you see a pop-up advising you you have an infection, the best response is to immediately close all browser windows from the Taskbar. Closing the pop-up by clicking the "X" or pressing "cancel" on the window is often a trigger for a silent install.

An interesting, but not unusual, characteristic of Win32/FakeSecSen is that it uses many different disguises. As well as further contributing to the level of FUD and making them harder to keep track of, this might broaden their appeal to a wider audience – while one person may be convinced by something called “Ultimate Antivirus”, another would be more likely to install “Vista Antivirus 2008”. It may even lead to the same person being duped by the same rogue more than once. Here’s a list of names Win32/FakeSecSen has gone by recently:
Micro AV
MS Antivirus
Spyware Preventer
Vista Antivirus 2008
Advanced Antivirus
System Antivirus
Ultimate Antivirus 2008
XPert Antivirus
Power Antivirus
Micro Antivirus 2009
Windows Antivirus 2009
Power Antivirus
Ultra Antivirus 2009
Vista Antivirus

Each of these variants uses slightly different file and directory names, but underneath they are virtually identical. The most significant difference is immediately apparent when you run a couple of them:

The makers of this rogue have gone to significant effort to make it easy for them to change the look of their interface. Most of the interface elements are represented using GIF and JPEG images stored inside the file’s resources; in other words, it is “skinable”. For more examples of FakeSecSen’s various “skins”, have a look at our encyclopedia entry.

You may notice that some of FakeSecSen’s skins look similar to the Windows Security Center. This is no coincidence. FakeSecSen even goes as far as adding its own imitation Security Center applet to the control panel, usually called “MS AV”, which just launches the fake scanner.

Symptoms may exhibit themselves in a variety of ways. The most obvious are visible symptoms such as unexplained icons, pop-ups or unidentified program links in your startup menu :-

or changes to registry settings
Symptoms vary among different distributions of Program:Win32/FakeSecSen, however, the presence of the following system changes (or similar) may indicate the presence of this program:

• Presence of the following files, or similar (for example):
  %program_files%\vav\vav.cpl
  %program_files%\vav\vav.exe
  %program_files%\vav\vav.ooo
  %program_files%\vav\vav0.dat
  %program_files%\vav\vav1.dat
  c:\documents and settings\administrator\desktop\vista antivirus 2008.lnk
  %program_files%\spp\spp.exe
  %program_files%\spp\spp.ooo
  %program_files%\spp\spp1.dat
  %program_files%\spp\spp1.dat
  c:\documents and settings\administrator\desktop\spyware preventer.lnk
  %program_files%\ms antivirus\msa0.dat
  %program_files%\ms antivirus\msa1.dat
  %program_files%\ms antivirus\msa.ooo
  %program_files%\ms antivirus\msa.exe
  %program_files%\ms antivirus\msa.cpl
  %program_files%\ms antivirus\ms antivirus.lnk
  %program_files%\microantivirus\microav0.dat
  %program_files%\microantivirus\microav1.dat
  %program_files%\microantivirus\microav.ooo
  %program_files%\microantivirus\microav.exe
  %program_files%\microantivirus\microav.cpl
  c:\documents and settings\administrator\desktop\microantivirus.lnk
• Presence of the following registry modifications or similar (for example):
  Under key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  Sets value: "Antivirus"
  With data: "%program files%\VAV\vav.exe"
  Under key: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  Sets value: "Antivirus"
  With data: "%program files%\VAV\vav.exe"
  Under key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  Sets value: "Antivirus"
  With data: "%program files%\SPP\SPP.exe"
  Under key: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  Sets value: "Antivirus"
  With data: "%program files%\SPP\SPP.exe"
  Under key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  Sets value: "ANTIVIRUS"
  With data: "%program files%\MS Antivirus\MSA.exe"
  Under key: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  Sets value: "ANTIVIRUS"
  With data: "%program files%\MS Antivirus\MSA.exe"
  Under key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  Sets value: "ANTIVIRUS"
  With data: " %program files%\MicroAntivirus\microAV.exe"
  Under key: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  Sets value: "ANTIVIRUS"
  With data: " %program files%\MicroAntivirus\microAV.exe"
  Under key: HKLM\SOFTWARE\Classes\.key
  Sets value: "(default)"
  With data: "0"

Some say imitation is the sincerest form of flattery, but for anti-malware providers like Microsoft, the trust and confidence of our customers is vital and we hate to see anyone taken in by this sort of thing. So please use a real anti-malware product - check with an independent testing authority, like Virus Bulletin or AV-Test.org to make sure it’s legitimate.

Compiled from: -
Microsoft® Malware Protection Center
Malware Protection Center - Entry: Win32/FakeSecSen

Hey everyone here are the current members:
Neverhavemoney
Brink
mansrm81
barman58
.Joe
NormCameron

If you wish to post paid-for security tools, you may but you need to include a price for a single license though




Also i am asking everyone to post FREE security tools and i will include them in the nightly post of members. If you are using these let me know and i will put your name beside the program. Here is the current list:

• Ad-Aware 2008 - mansrm81
• A-Squared Free -
• Avast Antivirus Home Edition - mansrm81
• Avira AntiVir Personal -
• AVG Antivirus -
• Comodo Internet Security - Neverhavemoney
• Comodo Memory Firewall -
• MalwareBites - Neverhavemoney
• Spybot Search & Destroy - mansrm81, Neverhavemoney
• SpywareBlaster -
• Spyware Terminator -
• SUPERAntiSpyware -
• WinPatrol -

I use avast, spybot search and destroy, and ad-aware 2008 and do a weekly scan of my computer.

Hey everyone,
I had that horrid rouge trojan that has infected over 3 million people!!!! and i got rid of it with help from some very smart people. Here is the link to the whole forum about it what i did and everything i had to go through. It may not be in the same location as me but you can locate it through windows defender very easily just look at what i did and you should be able to find an answer. It helped me get my computer back to what i wanted. Pop-up free and no more viruses or any of that crap
Malware Hiding on me?
It is very very helpful
Ben

There are a number of good sites that describe PC Virus's. One of these is Snopes

"Virus Hoaxes & Realities

Computers are not only now an integral part of our daily lives, they've also become the primary means by which urban legends and other pieces of misinformation are now spread — everything from "stupid computer user" stories to virus warning hoaxes (and the occasional real warning).

Listed below are a list of known Virus's and Hoaxes, with descriptive links

Read More"

snopes.com: Computers (Virus Hoaxes & Realities)

Hey everyone,
We are having a very hard time attracting new people to this group. Tell anyone that you know who has some security backround. Also when someone has a BIG problem you can tell them to post it here so WE ALL know it is a real threat.
Thanks everyone,
BEN

Originally Posted by mike-cow

Originally Posted by NormCameron

That's like saying 99% of people don't give a damn about securing their private property, it's bunkum. This thread is for those who do give a damn. Security becomes a problem for people who have valuable data stored on their computer. The notion that most people don't care is totally incorrect, otherwise Antivirus and Anti Spyware companies would go out of business. What is true is that most people don't know what they should be doing to protect themselves. We are hoping to educate and provide assistance to the unlucky ones who do get caught. Comments like this are unhelpful and inaccurate.

Most people buy the first security suite they are recommended. After installing they won't switch, unless there is some serious problem with it that affects them directly. They won't visit this site, because they wouldn't know how to find it. Seriously, MOST people who buy a computer have no clue about how to maintain it. I will be proven right when onecare gets available for the entire world... It'll likely be the "most popular" suite out there, and anyone who really care knows it's crap (at least currently).

People want to feel safe, most don't care enough to make sure that they *are*.

Sorry but I don't agree with you, yes I want to be safe but I don't go out and just buy the first thing that I see. I look around and find help sites, look at newsgroups see what programs get recommended the most, see which ones seem to cause most problems.

Most of the people I know do want to look after their machines, after all it's an expensive piece of equipment not just a cheap throw away item, so it's in their interest to do the best they can to keep it working as it should.

I don't think anyone can say they know it all, they would be lying if they did, the technology is always moving forward so there is always something new to learn, and this old fogey keeps trying to catch up

I can honestly say my security on my PC is maxed out. You cant disable the AV, firewall or even elevate anything without re-typing my username and password. The HDD is encrypted with 256-AES so you cant just boot from CD to crack the SAM and I even have a little self-destruct program which will activate at log in of an administrator and you have 30 seconds to enter a code before the HDD is formatted. Even though formatting is not a secure way to erase data, with the encryption I would welcome anyone to try to restore the encrypted data when the master keys etc are wiped.

Am I an idiot or can this be classified as "secure" in terms of a 16 year old kid whos most sensitive piece of data is school work?