contadores de paginas web Saltar al contenido

Antispyware 2012 on fake XXX pages

descarga-video-falso

There are several ways to infect computers to make money, two of the most effective are fake antivirus and fake adult pages. When put together, the result can be thousands of infected users.

The following screenshots are from a fake adult site:

Fake pages with adult content (click to enlarge)

Both screenshots are from the same site that sometimes loads one page layout and sometimes another, randomly. In one of them copy YouTube style and when you try to watch any of the videos the download of a fake flash update which is actually a trojan.

In the other design, the Trojan pretends to be the video to watch on the PC. Something interesting about the latter is that the link at first glance really looks like a .mpeg video (see screenshot) however it is a executable .exe file.

This is what the download looks like in Windows:

Downloading the alleged video (.mpeg.exe)

The file has a double extension .mpeg.exe To trick users who don't have extensions view enabled, here you can see how to activate them.

The Trojan that is downloaded installs a fake antivirus called Antispyware 2012. This fraudulent program infects the system and displays various alerts to trick users into purchasing a license:

Fake antivirus XP Antispyware 2012 XP Antispyware 2012 simulating finding infections

On other occasions I have commented on how the market for false antivirus works, it is a millionaire business with which they not only infect and sell licenses for programs that are useless, many times they also steal credit cards.

Therefore, if you are one of the victims and bought the license, it is important that you control the activity of your card since it is possibly used by cybercriminals to make purchases under your name. Contacting the bank is ideal.

The following screenshots show the window from which victims must purchase the license:

The program requests the purchase of a fake license

Remove Antispyware 2012:

This fake antivirus is an old acquaintance that has multiple variants, changes its name according to the operating system (XP, Vista, 7) and can also be found as Home Security, Anti-Virus, Internet Security and Total Security (versions 2011 and 2012).

It can be easily removed with Malwarebytes, if you need help do not hesitate to leave a comment here or in the forum.

The license for this family of bogus programs 2012 is 2233-298080-3424 (courtesy of S! Ri.URZ):

License of this family of fake antivirus

Use it can help during the cleaning process since some Windows functions that are blocked by the fake antivirus are recovered. Keep in mind that activating the program and then uninstalling it does not disinfect the machine, to ensure you must perform a full scan with a legitimate antivirus.

See also: Links to fake photos download Trojans. Kit to create fake Facebook applications. Program that creates malicious pages to infect with Java.