Windows Fake AV Programs - How to prevent installation?

I am posting here to get knowledgeable feedback. I have had a few friends hit by this the latest being ThinkPoint AV. I am Mac User so bear with me. Do this fake AV programs that appear to be web browser pop-ups triggered from compromised websites require the the naive Windwos computer user to have 'local admin' rights? TIA

Reply to
Loading thread data ...

Judging from what a quick search turned up, this particular malware installs itself into the user's profile. So, no, admin privileges are not required.

You can easily get rid of it, though, by killing the respective processes and renaming the user's profile directory as an admin user. Next time the user logs in a new profile is created. Afterwards you can selectively migrate files and settings from the old profile to the new profile. Make sure to copy files instead of moving them to avoid keeping old permissions and ownership.


Reply to
Ansgar -59cobalt- Wiechers

The best way to avoid the pervasive scourge of rogue AV programs (and other nastiness) is to patch. Easy to say, harder to get people to do.

You need to not only have Windows Updates current (assuming IE use), or to have Firefox current (if that's in use) but also have every plugin that touches the web browser at its most current level. Adobe Reader, Adobe Flash, Adobe Shockwave, Apple Quicktim, Java .... modern exploit packs fingerprint all this stuff in javascript, and willy happily redirect browsers to a relevant exploit, and voila, drive-by downloads occur.

Secunia PSI makes a handy piece of software to run on a personal windows box to alert users to the perils of having out of date software on their machines. Free for personal use.

formatting link

Reply to
Regis Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.