Install Program threat "Fake...

User 596588 Photo


Registered User
42 posts

Starting with the last two update releases - When I run the install program, Stopzilla and Symantec report several instances of a threat called "Fake Antivirus", which are promptly deleted. It seems unlikely that the install program is bringing in a threat, but it does only occur WHILE installing new versions.

The install is otherwise successful and SCC Pro runs properly.

I suppose the suggestion will be shut down all antivirus while installing?

Anyway, I thought I should report this.

Ken
User 103173 Photo


VP of Software Development
0 posts

Well that is not good. ;)

I am running Norton Anti-virus 2011 and I am not getting any alerts here. I also just installed STOPZilla (v 5.0.80.44 definition 5.0.80.18) and nothing was reported either.

Not too sure on why you would get those alerts though. If it does not go away, you may want to contact them directly and see if they can offer any insights.
Learn the essentials with these quick tips for Responsive Site Designer, Responsive Email Designer, Foundation Framer, and the new Bootstrap Builder. You'll be making awesome, code-free responsive websites and newsletters like a boss.
User 113629 Photo


Registered User
36 posts

Yankee, you need to look at the location of the files when you get the report. There are several variants of the "fake antivirus" infection and there are several different trojans that hide and continue to download the malware. The installer is probably triggering an infected DLL on your computer that is only in use during an install process so don't turn off your antivirus software.

Make sure you have the latest version of your antivirus software in addition to the daily pattern database updates. This sounds like a really good time to run a full scan on your computer. Even though you already have Symantec antivirus on your computer, it never hurts to scan with a couple other online AV products when you know you have had an infection.

I browse the av-test.org (independent lab) latest testing reports and use the free online scanners of the top ranked software companies on their list. Occasionally the scanners will find something on one of our laptops that our antivirus software missed.

http://www.av-test.org/certifications.php
User 596588 Photo


Registered User
42 posts

Yes, after the latest update of SCC Pro and SCD Pro, I had 72 occurances of Fake Antivirus again, so it is some dll or other code used only by the installer program. Stopzilla catches it and cleans it right up, but does not get the source.

I have seen some removal instructions on the net, I will look them up again.

Thanks,

Ken
User 364143 Photo


Guest
5,410 posts

http://www.malwarebytes.org/
CoffeeCup... Yeah, they are the best!

Have something to add? We’d love to hear it!
You must have an account to participate. Please Sign In Here, then join the conversation.