Computer technician blog Spyware Fake antivirus competition - is there a winner?

Fake antivirus competition - is there a winner?

Friday, 02 March 2012 15:31 | Written by
User Rating: / 15
PoorBest 
Computer technician blog - Spyware

security-sphere-2012Today by testing new malware and fake antivirus samples a great idea came to my mind. Remember that trick when you hit CTRL+A and ENTER on your friends computer? When all the programs, files, shortcuts and everything else that are on a desktop are executed at the same time and probably the only way to get back to normal work is restarting your computer.
The Idea - What if we do the same with lots of various fake antiviruses?
This was totally blowing my mind all day and at last I decided to take the challenge and do the test. I prepared my old Intel P4 computer with 512M of ram, restored it to fresh install and checked if everything works perfectly.

Meet the participants - Fake antiviruses

After spending some time when searching for various fake antivirus samples I selected 14 participants. All of them are fake antiviruses that tries to scare user into buying full versions by displaying fake warnings and errors. Some of them are old versions, some are recent.  Before starting a test I scanned all samples with AVG Antivirus free edition and one of them is even not detected by this antivirus with very recent updates.


So the participants are:

 

  • Internet Security
  • Internet Security 2012
  • System check
  • System Fix
  • Security Sphere 2012
  • Windows Diagnostic
  • XP Antivirus 2012 and other variants of this multi-named threat
  • Windows Attacks Preventor
  • Security Shield
  • Smart Protection 2012 and some other variants of this fake av family
  • Security Monitor 2012

fakeavtest_1 fakeavtest_2 fakeavtest_3

Ready! Set! GO!

When everything was set up, I selected all the files and pressed ENTER. Before doing this I opened task manager. You can see that CPU usage is almost 0 percent.

fakeavtest_4

When fake antivirus samples were executed task manager was closed immediately and there was no possibility to monitor CPU and memory load changes. But having in mind that hard drive sound was terrible and mouse cursor almost didn't move, CPU load average was near 100 percent.

fakeavtest_5

After about a minute the first error came out, saying "Unable to open script file" and Fake antivirus samples started to disappear one by one.

fakeavtest_6

After another few minutes Internet Security malware window showed up but quickly disappeared. Also Internet security icon appeared on the desktop and there was also a system tray icon of the same Internet security, saying that some other fake antivirus sample cannot be executed because it is infected. It may be the first time when this rogue program is saying truth :)
Another weird thing is that in fake antivirus folder a new .exe file appeared with a name "filesystemscan.exe". At this point 8 fake antivirus samples were left out of all 14 before the test. And one new executable file was created by one of these fake programs.

fakeavtest_7 fakeavtest_8 fakeavtest_9 fakeavtest_10

After about 5 minutes the situation was stable, hard drive sound was still terrible, but mouse moved and I was able to work with computer, but it was VERY slow. After clicking Internet Security icon Windows told me that the shortcut is broken and file isecurity.exe is missing. I tried to run task manager again and was surprised that it was not disabled and none of the running malware processes killed it. CPU load was spiking from 10% to 100% all the time.

fakeavtest_11 fakeavtest_12

My test was about coming to disappointment. None of the fake antiviruses showed up and none of them tried to scan my computer for errors. So, I decided to repeat the test with the remaining samples on my fake antivirus folder and with this newly created one. When all files were selected and ENTER was pressed, task manager showed permanent CPU load of 100% and after about half a minute blue screen of death appeared and my computer restarted by itself.. :(

fakeavtest_13 fakeavtest_14

And finally.. the winner is.... Security Sphere 2012!

When my old PC was trying to boot Windows again, I thought why none of the fake antiviruses showed up. But when I heard that windows start-up sound and saw that my desktop background was changed to blue solid color, there was a little hope that nonetheless we will have the winner of fake antivirus competition. And YES. Security Sphere 2012 showed up scanning my PC and displaying fake errors. The test came to success and now i know, that the most scaring and "best" fake antivirus is Security Sphere 2012.

fakeavtest_16 fakeavtest_17

 

Comments 

 
#1 loodaufo 2012-11-16 07:48
thanx for the test but what is your best antivirus?
Quote
 

Add comment

PCrisk.com is not responsible for the content of the comments.


Security code
Refresh


Was this helpful to you?
Recommend it!

New Virus Removal Guides

Subscribe to removal guides feedSubscribe to removal instructions feed

Global virus and spyware activity level today:

Medium threat activity
Medium

Increased attack rate of infections detected within the last 24 hours.


ABOUT SSL CERTIFICATES
Top Virus Removal Guides
Stay in touch with PCrisk
Top Anti-Spyware
Spyware forum

Spyware or virus infected your computer? Check out our spyware forum and discuss about removing spyware and viruses. Get help and help others to deal with spyware and virus infections.

Spyware Forum
Computer technician blog

Spyware infections scaring you? Don't have an idea how to protect your privacy? got infected and don't know what to do? This blog is just for you!

Computer Technician Blog
Newsletter
Subscribe to our newsletter and get the latest security news directly to your Inbox!
Internet threat news

Copyright © PCrisk.com, Any redistribution or reproduction of part or all of the contents in any form is prohibited.

Privacy policy | Site Disclaimer | Terms of use | Contact Us | Search this website