Fake Antivirus and Forced Malware Installations

by Dev Duff on July 2, 2011

It has been reported by many computer users that while they were using their computer to browse over the internet, a window suddenly pops-up which looks like a legitimate Microsoft pop-up window. The pop-up gives the user some false information that their computer system is compromised and they need to install antivirus software. Either the user chooses to install the antivirus software which is actually malware! Or the user chooses to close the window. But these pop-up windows won’t close and the fake antivirus gets installed anyway. These windows are generally triggered by Browser Helping Objects (BHO), a component of your web browser or through java scripts. Although elements like BHO, java, flash, etc. are used to enhance the functionality of your computer, however, there is a downside to it too. Coming back to the topic, Fake Antivirus installations are on the rise and most of these fake antivirus calls triggered by your browser “forcefully install malware” on your computer.

(For our latest antivirus and security coupons, visit the antivirus coupons page)

A recent article Fake Antivirus Infections on the Increase at The University of Vermont blog shows what can you do in a situation when you see a pop-up on your computer screen that looks legitimate and asks you to install some software. The need of the moment is to understand these threats and learn how to cope up with such fake antivirus installation windows. Some of the malware that gets installed through such windows makes an entire computer system completely unusable. So it is better to take this problem seriously and know what to do in a situation like this.

How does fake antivirus install?

The user reports that they were just using a web browser, minding their own business when suddenly a window appears that looked like it came from Microsoft Windows, and which informed them that they were infected with everything under the sun. The window wouldn’t close when clicked and when they restarted their machine the fake antivirus software appeared to have become installed on their machine and couldn’t be removed, dire warnings of infections are appearing everywhere, pop-ups to embarrassingly raunchy websites are coming up and the machine is basically unusable. Worse, the software wants you to subscribe in order to remove these “infections”. If you subscribe, now the bad guys have your credit card number.

How to keep yourself safe?

Follow these steps to keep yourself safe when you see a pop-up coming out of nowhere and asks you to install some software.

  1. First off, when you see one of these windows, DO NOT CLICK on anything! Immediately shutdown your computer and restart it. Make sure to save your work and then shutdown or you would lose your important data.
  2. Another reason how these infections are getting to us is the TRUST factor. Most of us trust Google searches so much that we open up any website that comes through the Google search. Always be careful while clicking links and do not blindly trust the sites that we open through the search. Not all sites are clean in the Google search.
  3. Third, the bad guys know that everyone has certain third party plugins installed in their browsers so that they can use them for work, or to view animated media. These third parties are not always entirely secure and are not updated via the usual Windows or Software update mechanism. You must update these products yourself or you risk infection. The top three examples are Adobe Flash, Adobe Reader and Sun Java VM.
  4. A lot of times, BHO (Browser Helper Objects) are installed which may allow such infections to reach your computer. Periodically, check for bad BHOs using software like HijackThis. HijackThis is a popular tool used by millions of computer users around the globe. It is a small application that makes a log file of various different software installed on your computer. It also captures the log of BHOs. Since HijackThis is supported by a huge community, you can paste your log at the site and see other user’s views about different objects installed on your computer. HijackThis tool is also used to detect the presence of virus, spyware, malware or keyloggers on your computer.
  5. Use a good internet security software to keep your computer protected. Select any of these top ten antivirus and stay protected. Most internet security solution come with a module that checks links before they open on your computer. And if a link leads to a bad website that contains malware, you will be warned! This feature of internet security software can save you from malware infections.
  6. Most browsers are equipped with plugins and users are allowed to install plugins too. Keep checking which plugin needs an update or which plugin is no longer needed. If you use Firefox, you can check your plugins with the Firefox plugin checker tool.
  7. Beware of the toolbars! Many online services offer toolbars that you can install on your browser. Toolbars are a major source of infection! A lot of toolbars contain codes that install BHOs which can allow infection to your computer system. Even then if you wish to install some toolbar, check its authenticity before installing it on your computer.
  8. While installing a software component on your computer, be careful. Do not always click on “auto install”. Instead, choose “manual installation”. Sometimes, software components are bundled with toolbars that can harm your computer. For example: Lets say, you wish to install Yahoo Messenger on your computer. If you choose “auto installation”, the Yahoo toolbar gets installed automatically with the Messenger installation. However, if you choose “manual installation”, you will be given the option whether you wish to install the Yahoo toolbar or not. You can uncheck the Yahoo Toolbar and continue with the installation.
  9. Awareness can also help. Keep reading articles and collect information that can help you save your computer from such infections. This article precisely warns you of the potential risks that you may encounter while you are online. Please share this article with your friends and family. Sharing is caring!

Fake Antivirus and Forced Malware Installations Help

This fake antivirus software is a big business. Estimates run as high as half a million people a day are infected. The bad guys change the malware configuration so quickly that antivirus software vendors are having a hard time keeping up. So do not rely on your antivirus software completely that it will keep you protected no matter what! Antivirus software can only protect you from viruses. However, a complete robust internet security package can still provide you better protection and can block viruses, trojans, spyware, keyloggers, phishing attacks, forced malware installations and more. Even if you are using MacOS, it is NOT immune to these infections. There is a fake Macintosh Antivirus malware out there and we’ve seen one infection first hand already.

Last but not the least, if you ever get infected with a fake antivirus or you encounter a forced malware installation, RUN don’t wait! Waiting will only invite the malware to download more malware from the internet without your consent. The longer you wait, the harder it will be to remove the infection!

Watch this informative video from Chester Wisniewski, the Senior Security Avisor from Sophos. Chester explains how the Google Search is used to install fake antivirus on computers. He talks about the real details of what such fake antivirus can do to your computer. This is a very informative video, so please take the time to watch the whole video!

This post was written by...

– who has written 305 posts on Dev Duff.

Contact the author

{ 4 comments… read them below or add one }

Anti-Virus Blogger

For further reading I can highly recommend a recent in-depth article by Brian Krebs here about this topic:


Well worth a read – it includes the outcome of research by UCSB in which three Fake AV vendors were tracked over a 3 year period. The biggest was earning over $100 million.


Kids' Crafts

Just when I thought Avast, with their Free Antivirus, couldn’t create a safer browsing experience, now Avast has put out a related Firefox extension: it’s a “web reputation” plugin that displays bars next to a site’s search engine listing according to user feedback.


Terrelle Pryor

I have seen those installs myself and I am an IT professional. I could easily see users click on the installs and hope that they software is fixing their system instead of installing malware.


Nebraska Husker Apparel

That’s ridiculous that people can make so much money off fake antivirus software. I hope the people that are doing this get caught, no one wants to be a victim of a scam.


Leave a Comment

Previous post:

Next post: