• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

New Variant of "FAKE" Security Essentials to be aware of!

Messages
418
#1
Some of you may remember the 2010 version of the fake Microsoft Security Essentials. In the last a totally new Aero styled twist to the previously known "protector.exe" trojan dropper that saw the fake SE or Windows Doctor scamware placed on your system has a new cousin to watch out for!

This latest malware will easily slip past any effect web guard as well as just about any av program! The user will unwittingly expose themselves to this by whatever form disguishes it to begin with.

The now called "protector-xfg.exe" trojan dropper downloads several trojans along with a fake "Security Essentials - Windows Defender". Note when trying to bring up the taskmanager to find out what process is new to end it you will find the SE along with a "Windows Process Manager" which basically takes over the taskmanager entirely preventing the disable of the scamware as well as the protector-xfg.exe trojan dropper.

Removal is basic as far as the main exe file by booting into safe mode to manually delete the file found under the user account sub folders once you have opened the file location. Here on one infected 7 laptop the protector-xfg.exe bug was first moved into a temp folder out from the user account while still being active prior to the reboot into safe mode.

With the VIPRE AV Home Premium version of that software installed and having removed several trojans already the fake SE still continued to indicate they were present risks. The obvious design of the malware was to point to already known about bugs in order to get people to buy the fake SE!

Unfortunately the laptop needed charging the first time it was looked at and the followup scan by VIPRE however revealed the quaranteened and then removed trojans as well as Fake SE seen as the last item in the scan results here.



The fake SE is dark almost black background in color with the look of any more recent software with the Aero style appearance with yellow and red coloring for text. That's quite a bit different in appearance from the 2010 version of a fake MS SE seen in the link above.
 

My Computer

System One

  • Manufacturer/Model
    Custom built desktops =2 Toshiba replace HP laptop
    CPU
    AMD Phenom II X4 975 Deneb core 3.6ghz
    Motherboard
    Gigabyte GA-790XTA-UD4
    Memory
    Kingston Hyper X 1.5v DDR3 PC12800 1600mhz 16gb
    Graphics Card(s)
    MSI Radeon HD 5750 1tb
    Sound Card
    Creative X-Fi XtremeAudio PCIe
    Monitor(s) Displays
    Asus 19" HP 20" second lcd main HP 20" remote pc.
    Screen Resolution
    1440x900, 1600x900 main - 1600x900 2nd desktop
    Hard Drives
    WD Black Edition 1tb Sata II -2
    WD SAS "Heavy Duty" RE class 2tb - 2
    External usb/eSata WD Black 1tb main -1
    External usb only WD Green Power 1tb -1
    PSU
    Corsair 750w 750TX main - Corsair 600w remote
    Case
    Antec 900-2 - SSD compatible eSata ports 2 - NZXT Vulcan 2nd
    Cooling
    Zalman CNPS9900A cpu, twin front 120s, top 200cm, rear 120
    Mouse
    MSI Interceptor D200
    Keyboard
    AZIO Ilumminated keys gaming keyboard/volume control usb
    Internet Speed
    30mbps upgrade

Users Who Are Viewing This Thread (Users: 1, Guests: 0)