Antivirus 2012

Most internet users should have a pretty good idea of the inherent risks of landing on a virus.  Through trial and error, most of us have learned how to avoid computer viruses; at the very least, we should have a good idea how to reduce our chances of catching an infection.

This week I’m changing my article style a little bit to talk about one of the biggest epidemics to hit the internet within the last three years.  Antivirus 2012 ranks as one of the most dangerous viruses I’ve seen in my history of working on computers.  When hit, computers will automatically load a fake antivirus software and start scanning the target computer.

In the past, similar spoof antivirus software simply loaded on the computer and it was fairly easy to uninstall.  Historically the malware manufacturers asked for a credit card and persisted until either the virus was removed or the credit card was entered.  Antivirus 2012 is particularly bad because it tricks the computer into thinking it’s legitimate software.

Most of the time this software latches into Windows and has a pretty unique fingerprint.  Antivirus 2012 forces the computer to route data through it before connecting to the internet.  From everything I’ve seen, this rogue software is designed to capture data on the computer as well as data travelling over the internet.  In other words, it was designed to mine user data.

Technically speaking, Antivirus 2012 creates a unique three letter name and embeds itself into Windows.  After embedding itself and running for the first time it patches the Windows registry and takes over certain functions of the computer.  Pretty much everything done using the infected computer may be exported somewhere.

The uniqueness of how this virus performs is what makes it difficult to remove.  Legitimate virus software does not see this as a threat and allows it to install and run.  Once running, the software tricks Windows into thinking Antivirus 2012 is the virus software.  Typically, all the major startup portions of the infected computer are taken over.

By taking over at the start-up of the computer, the virus is able to run amuck without hindrance.  Because the legitimate virus software has been compromised; it incapacitates the complete function of the computer.  We, at the computer store, have found no software utilities that are able to prevent this virus.

We are constantly being asked to track when and where the virus comes from.  Most of the time this pest initiates from a link contained in an e-mail.  The sender’s e-mail was compromised and used to send website links to everyone on their contact list.  Due to human nature, it’s probable the receiver will click the link because it was sent from a familiar name.

Prevention is the number one question we receive after the virus is removed.  It’s kind of a catchall answer, but eliminating the internet is the only way to prevent viruses.  Second best, is to be leery of everything for which the computer is to be used.  If you receive an uninitiated link from a friend you should never just click.  Question the link and if necessary question your friend.  There’s a good possibility they may not have generated the e-mail.

Antivirus 2012 is probably the worst threat I’ve come across in the last couple years.  Not only does it inhibit the functionality of the computer, it compromises the user’s privacy.  Nearly all data on the machine is captured and could be used illegitimately.  Unfortunately, the creators of this malware have not only figured out how to bypass legitimate virus software, but have also figured out how to take over the computer.

 (Jeromy Patriquin is the President of Laptop & Computer Repair, Inc. located at 509 Main St. in Gardner.  You can text him at (978) 413-2840 or call him directly at (978) 919-8059.)