Difference between revisions of "A-Fast Antivirus Scam"
m |
m |
||
Line 65: | Line 65: | ||
[[Category:Windows]] | [[Category:Windows]] | ||
[[Category:Security]] | [[Category:Security]] | ||
+ | [[Category:Malware]] | ||
+ | [[Category:Virus]] |
Revision as of 21:50, 21 March 2011
A-Fast Antivirus is a rogue anti-spyware program that uses misleading methods to scare users into thinking that their computers are infected with malware. It uses javascript and css within your web browser, including MSIE and Firefox, to mimic another well known antivirus program. It has been dubbed "scareware" by some writers.
A web site has malicious javascript code that causes an interface to appear, mimicking a legitimate looking antivirus scanning software. If you click one of the popups it installs a rogue security application.
A-Fast is known by other names:
- Critical System Warning!
- Fast Windows Antivirus
Files
c:\Desktop\A-fast Antivirus.lnk
Folders
c:\ProgramFiles\A-fast
Registry entries
Key: HKEY_CURRENT_USER\Software\A-fast Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System Value: DosableTaskMgr Data: 01, 00, 00, 00 Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Value: fast Data: C:\Program Files\A-fast\A-fast.exe Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfileAuthorizedApplications\List Value: C:\Program Files\A-fast\A-fast.exe Data: C:\Program Files\A-fast\A-fast.exe:*:Enabled:afast Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List Value: C:\Program Files\A-fast\A-fast.exe Data: C:\Program Files\A-fast\A-fast.exe:*:Enabled:afast
- See this article at Spyware.com.
- BleepingComputer.com http://www.bleepingcomputer.com/virus-removal/remove-a-fast-antivirus
Example
There are more than one variants of A-Fast, so it may look slightly different depending on what version you encounter. The following is the version that I encountered. Although I didn't get infected, I proceeded enough to do some research and get some screen captures.
This is the popup you will encounter (Firefox Example) and you have no choices other than "OK". Here is where it is recommended you use Windows Task Manager and simply kill the web browser process to close your browser before anything is installed.
If you click OK on the dialog box above, you will see this Fake Antivirus scan. It is actually your web browser after being hijacked by Javascript and CSS to mimic the look of a legitimate antivirus application.
If you try to navigate away from the page or close the browser window another popup will urge you to proceed with the scan. Remember, these are ALL FAKE WARNINGS designed to scare you and trick you into allowing a virus to be installed on your system.