New Scareware Holds Users To Ransom

This post was written by admin on March 22, 2009
Posted Under: Free PC Security,rogue software,Scareware

Antivirus2009 has been around for some time which used 'scare' tactics to exploit users and trick them into purchasing the fake program, which was a very lucrative business for the criminals behind it.

Now there is a new twist added to the scare tactics as AntiVirus2009, and probably others of the same family of rogue programs, have been modified so that when users are infected with this they receive a Windows alert that files contained in 'My Documents' are corrupt.

'Scareware' becomes 'Ransomware' to fool users into paying out more money to the criminal gangs behind these rogue programs.

Users are then redirected to a site to download a program called File Fixer Pro at a cost of $50 or more to decrypt the scrambled contents of 'My Documents'.

The criminals behind this hope to make a fortune from infected users who want to retrieve their photo's, documents, music and other contents of their folder which have been encrypted.

This is a very nasty development in the scareware programs and if you have been affected by this all is not lost.

There is a free service at FireEye where users who have had files encrypted can upload then to have them decrypted.

There is also a decryption tool made available by malzilla.org called Anti FileFix which can be downloaded here from Bleeping Computer.

Please follow the instructions on the page to remove the Trojan and the FileFix program.

Many thanks to Grinler from Bleeping Computer for the removal instructions, Julia Wolf from FireEye for creating the decryption and identification routines and Bobby from Malzilla.org, for the creation of the bulk decryption scanner.

Follow the steps given here and ensure that you also download malwarebytes antimalware

Related post:
Rogueware Sold Through ClickBank