Another FakeAV, for Windows 7!

1 minute read

With Windows 7 becoming increasingly popular, more and more software companies have begun to upgrade their interface for the latest Microsoft operating system. Manufacturers seem to understand the need for a beautiful user interface for their products. However, not all software behaves as good as it looks.

Today, I saw a Fake Antivirus program with a newer, more jazzed up interface, which we detect as Troj/FakeAle-RK.

This malware specifically targets users of Windows 7 and appears in the form of a pop-up dialogue box, which attempts to tell you that your Windows 7 PC has many serious threats. When a user clicks “Remove all Threats immediately”, another pop-up will be generated asking them to download a file called win_protection_update.exe.

This file is malicious and is yet another Fake Antivirus program, which we proactively detect as Mal/FakeAV-AA.

Needless to say, the user will be offered the option of paying money to update the expired license, which in turn would fix all their computer’s ‘problems’. Those problems were never there in the first place.

The interesting thing is that the malware’s author makes a careless spelling mistake (see the red circle).

Obviously, I won’t enter my credit card details at all. Neither should you.