Save $99 on eero Pro 6 + Install. Use Code EEROINSTALL

Fake or Rogue Antivirus – How to Protect Yourself From Malware Disguised as Security Software

fake antivirus

Unless you’re an experienced power user who knows how to get by around computers, you need a security solution to secure your digital life. Your basic protection comes from an antivirus, and there are plenty of choices available. Some are free to use, while others require a paid subscription. Some work as a standalone program, while others are part of a security suite. And while some offer genuine protection, there are some that only pretend to be the real deal. Yes, fake antivirus does exist.

What Is a Fake or Rogue Antivirus?

Simply put, a fake antivirus is any software that looks like security software but functions otherwise. In most cases, fake antiviruses are malicious programs designed to manipulate users into spending money in exchange for cleaning a supposed computer infection. Fake antiviruses are related to the class of malware known as scareware.

What Are Some Examples of Fake Antivirus?

Oftentimes, rogue security software sounds generic and may use “antispyware,” “antivirus,” “defender,” “protection,” “security” and other related words as part of its name. Examples include Security Scan 2009, Internet Defender 2011 and System Tool 2011. Many rogue antiviruses are actually variations of one specific malware. Cybercriminals regularly alter the appearance and name of their malware to create new variants that are distinct enough from the ones already recognized by users and neutralized by legit security software.

Some fake antivirus disguise themselves as built-in tools of Windows and pretend to offer security updates from Microsoft. An example is Antivirus XP 2008, which may also go by a different name like Antivirus XP Pro, Windows Antivirus or System Care Antivirus.

How Do You Recognize a Fake Antivirus?

At first glance, a well-designed fake antivirus looks authentic. Its user interface or dashboard has many of the interface elements of a genuine antivirus: a status page that shows the security level of your computer, a section for your settings and updates, and buttons for scanning your computer. If you take a closer look, however, you may notice that some things are a bit off. For instance, you may find spelling and grammar errors in the texts. The user interface may show odd button placements and visual glitches.

Perhaps the biggest clue that an antivirus is fake is that it incessantly disrupts you from your normal activities by automatically initiating a “scan” without your approval. In addition, it frequently displays pop-up dialog boxes, warning messages and other distractions. Granted, some legit antiviruses (particularly the free ones) can be bothersome when sending you notifications and promotional offers, but fake antiviruses are even worse.

If you’re unsure, you can always look up your antivirus online and see if it’s legit or fake. You should be able to find genuine product pages for antiviruses from known security vendors. If you search for rogue software, on the other hand, you’ll likely find links to discussion forums and article guides that provide solutions on how to remove the rogue software.

How Does a Fake Antivirus Infect Your Computer?

If you look for security solutions online via search engines, you might stumble upon malicious URLs. Cybercriminals make use of search engine optimization so that their malicious websites that host fake antiviruses consistently rank higher in search results. Users who visit these websites risk getting a rogue antivirus as a drive-by download—a download that occurs without user awareness. The websites may also mislead users into believing that their systems have been compromised and convince them to download fake antivirus software directly. Cybercriminals also employ online advertising and phishing emails to spread their fake antivirus software.

Once the download is complete, the rogue software is capable of installing itself by exploiting existing vulnerabilities of different file formats, such as PDF, SWF and SQL.

What Does a Fake Antivirus Do?

The primary objective of a fake antivirus is to cause panic and tempt the victimized user to pay for services or purchase additional software. To accomplish this, the fake antivirus regularly feigns a virus scan and provides the user with a detailed report, which would claim that a huge number of viruses or pornographic files have been found in the computer. In addition, the fake antivirus may discreetly modify various settings of the operating system and the user’s programs, and later present these changes as problems. More cunning variants of fake antiviruses even mimic system crashes and the infamous blue screen of death to sow feelings of fear and anxiety to the user even further.

Like other pieces of malware, a fake antivirus may slow down your computer’s performance, add new desktop shortcuts, redirect you to adult sites and change the browser homepage. A fake antivirus anticipates the user eventually realizing that he has a malware infection, which is why it also alters systems settings to thwart any attempts of uninstallation.

How Do You Remove a Fake Antivirus?

Removal process may vary between variants of fake antiviruses. If your computer is infected, the general steps below can help remove the rogue programs.

First, run a full system scan using an updated antivirus, such as Windows Defender and Microsoft Safety Scanner. You may also use legit, standalone virus removal tools from third-party developers. Examples include RogueKiller by Tigzy and Malwarebytes Antimalware.

If the fake antivirus actively blocks your attempts to run your removal tools, use utilities like Process Explorer to terminate rogue processes first before trying again.

If the infection persists, restart your computer in Safe Mode with Networking, and repeat running a full system scan.

Open every Web browser installed in your computer and reset their settings.

How Can Your Protect Yourself From Further Fake Antivirus Infections?

If a website warns you that your computer is infected, ignore it and close the browser window or tab that’s showing the warning message. Remember, your antivirus do not need to use your Web browser to send you a warning, and a legitimate antivirus can only alert you about malware detections if it’s already installed on your computer. Do not visit websites with questionable reputation, as they’re more likely to show you fake virus warnings.

Install an updated antivirus and firewall. Having pop-up blocking software also helps you avoid unwanted pop-up messages.

Be skeptic of high pressure sale tactics that convince you to take action immediately and purchase products and services. Do not click on links or open email attachments without determining whether they’re clean or dangerous. If you need online help from your antivirus vendor, proceed directly to their official website and look for contact details there. Be cautious of links in search engine results, even if they rank high in search results.

Was this article helpful?

Thanks for your feedback, add a comment here to help improve the article