Security Alert: ThinkPoint or MSE FakeAV infection

by Geek Squad Agent on ‎10-26-2010 03:01 PM (16,067 Views)

This virus is contracted in a method similar to other FakeAV infections, and runs a “scan” alerting you to several “security threats” on your PC.  These threats are fake; the only real infection on the PC is the FakeAV itself. 

 

This virus is typically contracted in the following manner: While browsing websites, you suddenly see a pop-up alerting you to an infection on your computer.  The pop-up offers the ability to scan the computer for you with one simple click.  At this point your PC is not infected; however, when you click the ‘scan’ link on the pop-up, it downloads and installs a worm on the PC. 

 

The worm then begins the process of installing the FakeAV and running a basic ‘scan’.  It hijacks several main system files the next time your PC is rebooted, allowing it core access to the system.  This allows the infection to run in an elevated mode, overriding the user when they try to stop the processes associated with the infection.  The ThinkPoint or MSE variant is of special concern because it is able to operate in Safe Mode also, providing a special challenge to even tech-savvy users who can typically clean their own PCs.

 

Tell Me More  Because these infections rely on the user allowing the pop-up to run the scan, it can by-pass most virus protection software.  These pop-ups almost exclusively come from a website but can sometimes look like a very convincing Windows or Microsoft Security alert.  If you see the pop-up, you can avoid the infection by pressing Alt+F4 to close the browser window, preventing the installation of the worm.  Immediately after closing the window, run a full virus scan on your computer.

 

Should I Be Worried?  While this infection is common online, with some basic best-practices you can avoid contracting the infection.  If you do receive an alert from a virus program that is not one you installed on your system; be suspicious.  Typically these infections profit by convincing people to ‘purchase’ the software; when in reality they are stealing your credit card information.  If you are browsing the web and receive a pop-up that tells you you’re infected; you probably aren’t yet.  Be sure to close the window immediately, ignoring any pop-ups that may warn you your system is infected.

 

What Do I Need to Do?  As always, ensure your virus protection is up to date and running scans on a regular basis.  Keeping an eye out for suspicious alerts will go a long way with this infection, as it requires you to install it.  If the alert isn’t from your virus protection software; it is fake and should be ignored.

 

Geek Squad Final Word  As FakeAV rapidly becomes the most popular way of infecting computers for profit, they have almost exclusively relied on the end-user to install the software themselves.  Be suspicious of any strange alerts you see on your computer; no matter how much they look like they may have come from Windows itself or legitimate virus protection software.  As always; if you have any concerns you can consult with us 24 hours a day, 7 days a week, 365 days a year.

Announcements
Welcome to our Best Buy Community Forums. The Insignia and Rocketfish communities have been merged into this forum, please click on the links directly below in our Community Browser area to access our Insignia and Rocketfish boards! Rocketfish and Insignia can be found under our Best Buy Brands boards.
Geek Squad Videos

Visit our Channel on   

 
Labels