The Nasty & Profitable World of Viruses & AntiVirus Software
After going through what seems to have been several years without getting hit with a serious virus, this weekend I got nailed with a killer. It was one of those extremely annoying trojan viruses that digs it’s way into your system and causing some serious damage along the way. The fun worst part about this virus was how it would instantly activate itself upon windows starting up, then to make matters worse, it would instantly close out any applications you tried to open and wiped out internet access all together. The main goal of the virus was to not only infect your computer, but also to make money in the process.
This virus in particular is referred to as a “Security Alert Virus”. If you’ve ever had one of these viruses you already know what I’m talking about. If not, just think about any anti virus software like Norton or McAfee, and how the program gives you an alert when it finds an infected file on your computer. There are many different versions of this virus, but their concept is all the same, which is to look like an active anti virus solution currently on your system. To the advanced PC user and marketer, this may be obvious that it’s not your typical virus alert software… however it is quite convincing to the average PC user. You can see a preview of this concept the right.
No matter what application you try to open, the virus will close it out and say there is an infected file. You are then asked if you would like to delete the file using your anti virus software. If you click “YES”, you are then sent to their anti virus software web site, where you could then buy the software… which I’m sure wouldn’t work anyway. The amazing part here is how the virus pretty much wipes out all of your internet usage, except to access their site and buy the software. As sleazy and scummy as it is, it’s also pretty amazing… and I’m sure very effective!
On the flip side, there are tons of web sites cashing in on anti virus software without being bastards and having to infect computers with a virus to make their living. Web sites dedicated to providing information on how to remove these viruses are also cashing in. Many of these I had the pleasure of visiting while I was in the process of learning how to remove this particular virus for instance. Each site gives a run through of how to get your hands dirty to manually remove the virus, or how you can simply download their anti virus free trial software (which then leads to a sale). No one wants to start messing around with .dll and .exe files, as you can easily mess things up… so it’s not a hard sell for most of these sites since people visiting their sites are already infected and looking for a quick solution.
An excellent example of these sites can be seen at SpywareRemove.com. Nearly all of these sites share the same information on how the individual virus is spread through out the computer, and which individual files you will need to remove. Most of these sites are good information sources and can actually help in the virus removal process, but they all also seem to push their own (or affiliate related) anti virus software solutions.
So there you have two examples of how to make a killing in the anti virus world. One of them is hardcore nasty… not only infecting and destroying computers, possibly planting keystroke loggers in the process (stealing information), but also making money along the way by scaring users into buying their crap anti virus software. The other method, which many of us can relate to in the affiliate world, is to become prominent information and resources sites, while being an affiliate partner with hopefully a legitimate anti virus software (or selling your own).
In short, I was finally able to remove my infected virus by continually trying to stop operations as they started. A long process of restarting the computer, quickly bringing up task manager before applications started to run, once again gaining internet access and updating my virus removal software (though a lot more complicated then it sounds)… and finally removing the virus. Not only did everything turn out fine… but I also got the inspiration to write this post about the nasty and profitable world of viruses and anti virus software.
Wait... before you leave, consider these top resources:
The world of viruses and anti-virus software is indeed murky. The computer becomes slow. Access to the internet becomes snail slow. Applications don't work the way they should. You are then guided to an anti-virus website where you are totally confused. Finally you call the computer geek and end up spending a lot of money and time. It is indeed a harassing experience. But this could be a great opportunity for Operation Systems creators like Micrososft and others to create in-built 'virus defenders' !
Thanks for the useful post!
Great information.
Thank you very much Zac. I had similar problem few months ago but I knew it.
Thanks again.
Virus are the main reason why their programmers are earning money. Most of these viruses comes also from the makers of anti-viruses.
Actually had my first run in with a virus that brute forced it's way into my wireless router and setup static dns to a network based in Russia. Never noticed a problem until I had a bug that I could not get rid of on two seperate computers. Looking at an ipconfig /all, I didn't recognize the dns ip addresses. Checking the LAN adapter and making sure the host files were clean, I checked my wireless router on a hunch since it provides dhcp addresses for both ip and dns. The dns settings were hard coded on my router to the bad dns.
I had to reset my addresses on the router and all other devices that connected to that wifi router
I had to run cleaners on all devices.
I had to change every password I ever used online b/c even though I use different systems to do different things (work, bills, personal) all that were connected to my wifi router were infected and obviously using the bad dns.
I had to change two credit cards.
Rebuilt 2 of my main computers clean just to make sure.
Kicked my 17year old sister-n-laws a$$ for following every movie link she got on FB.
Now I know exactly what a prof meant back in college when he said "just wait til coders can turn a profit writing viruses". Long gone are the days of just causing havoc to get attention.
thanks for the heads up on this info zac!
Zac, one of my kids machines a couple months ago got hit with one that started doing *FAKE* pop-ups of *FAKE* porn sites, then alerting that there was a virus, and offering to purchase an antivirus package unlock key. I thought it was very strangely creative that they would do fake pop-up for fake porn sites considering the vast amount of porn sites out there.
More recently I got hit with something like a 0-Day Firefox exploit. Wrote about it here: https://negbox.com/firefox-3-6-3-exploit-is-out-th…
My key here is good backups. Most of my home backup needs are covered by Windows Home Server (OEM license is like $70 for a self-built machine). In the case of the kids computers and in the case of my encounter with a similar piece of crap I decided losing that day's work was easier than digging around and never being sure I got the thing completely removed… So I just popped in the network recovery CD and off it goes, 30 minutes later the machine is back to the previous night's state.
Might want to seriously invest in some form of backup there. This Home Server solution paid for itself about five hundred times over already.
Whoa, this is very interesting and rather scary, too, if you are a not very techy person like me. Thanks for all this info on viruses and anti-virus sites, it is good to know.
I had the exact same virus yesterday. I ran Malware Bytes but it was still there. In the end i ended up editing registry files and it worked! Was a bit messy but got there in the end.
I noticed that all the help sites use exactly the same information. Wonder how much money these sites make.
I got a virus once and the only way to wipe it out was to format the entire HD!! So I understand the problem; and indeed it is true that AntiVirus companies make a ton of money…
This is a major problem when it happens to you and they are finding more ways to infect your computer. There is one going at the moment where they hack in and steal the skype identity and then tell you to click on an address that starts with the word "skype….". I got the message but when I questioned it, I knew it was not the person I knew so I deleted the person all together. My suspicions proved correct.
Glad you resolved that issue Zac. Viruses are really a mess to my work environment. Spyware especially could demise all your work undone.
I too have had an amazing summer with viruses and having many of my sites get hacked with passwords being stolen… what a pain…
Very wonderful information you get here Zac. Last year I got a really worst virus/spyware which made me reformat my system. It makes files exponentially, consuming all my disk space. It was really annoying. If I get the same virus again, I'll try your suggestion above.
I'm glad you were able to clean the virus out and share your story through this post. I have been in a similar situation and it can be more than an annoyance. However I would never, never buy an antivirus program from a website that is obviously linked to if not the source of the problem. It's a criminal act and I ask anyone to never follow the recommendations of an intruder program.
Just think about it for a moment. If a business is dishonest enough to do harm to your computer system do you really want to hand your hard earned money to those bandits? Besides would you risk giving them your credit card information so they can ruined your credit or wipe out your bank account?
I DON'T THINK SO!!
The solution is to get a good antivirus & firewall and always keep those programs up-to-date. So far 2 companies have provided great service and entire satisfaction in that domain: PC Tools (PC Doctor) and Sunbeltsoftware (Vipre).
My advise is to never trust any suspicious alerts that pop up suddenly out of nowhere. Just run your trusted AV application to deep-scan your computer if you suspect an infection.
You have to think that if those same people applied their skill to something legal they could make a good amount of money and still be able to sleep at night!
I can't tell you how many times friends and family have come to me with this kind of virus problem. It's usually because of an ad they clicked not knowing it was an ad.
There are only two products I really trust when it comes to removing these things. Symantec Antivirus and Lavasoft's Ad-Aware.
Boot the computer in safe mode and run each of these. Also, open the file c:/windows/system32/drivers/etc/hosts with Notepad and remove all but the line that reads 127.0.0.1 localhost
You'll be up and running in no time and virus free again.
@James Wilcox:
Adaware is pure class for spyware. Antivirus wise Avast, AVG and even Microsoft Security Essentials are some good free alternatives.
Sounds nasty! I use a Mac, so am (for now) protected against the wrath of viruses. I wouldn't wish the destruction that a virus can cause on anyone!
I have used Avast! for the last five years and I've never had trouble with virus or trojans. It's the one I install of computers left in my care and it's the one I recommend to people, even before paid AV subscriptions.
@Dinesh Takyar:
Agree. Great time for the security companies to step up their game.