Scareware came by its name honestly (or perhaps dishonestly). The particular strain of malware we are looking at here (distributed as UltraDefragger and SystemRecovery) attempts to ensnare unwary users by displaying sensational and frightening alerts.
As Symantec recently discovered, the bad guys have added a new twist to their fake disk defragmentation tools: falsely notifying users that a hard drive is about to fail. Like so many other rogue applications, this "recovery tool" is designed to trick users into purchasing a paid application which can fix the problems that were detected. In truth, of course, there were no problems and there is no fix.
This malware goes beyond mere sensational alerts, however. Symantec notes that it moves files from All Users and the current Windows user's profile into a temporary location, making it appear as though problems with the hard drive are causing files to disappear. It also disables a user's ability to change wallpaper images and sets registry keys to hide certain icons — giving the impression that programs are going missing as well (check out the video to see it in action).
If there's one thing which incites panic in the average computer user, it's the thought of losing important files. When a rogue application does as convincing a job as this one does, it's really not surprising that the panic button gets pushed and purchases are made. So just how much would you have to shell out to undo the damage caused by this phantom hard drive crash? $79.50.
Hang on to your money, people. This malware doesn't remove any files, and it's not going to "recover" anything if you pay for it. Instead, point your browser to www.malwarebytes.org or www.superantispyware.com and download a good, free malware removal tool and perform a full scan on your system. You'll still be able to get your files back with a little bit of digging (just fire up the Windows search tool or open Windows Explorer and browse to %temp%\smtemp) and the malicious program will be uprooted with minimal fuss.
--
Thanks for being part of "PoliticalForum" at Google Groups.
For options & help see http://groups.google.com/group/PoliticalForum
* Visit our other community at http://www.PoliticalForum.com/
* It's active and moderated. Register and vote in our polls.
* Read the latest breaking news, and more.
No comments:
Post a Comment