There has been a lot of Fake Antivirus, it has been a trend that , the name of these softwares were always named in such a way that it can be confused with a Windows or Microsoft software. The latest one is “Win 8 Security System” it can be very easily confused with a software program or some software related to the upcoming Windows 8, by general computer users.
The Win 8 Security System works by installing a rootkit driver that takes the control of all the process of the operating system.
The rootkit is installed in the C:\Windows\system32\drivers\51991c15f7a6834.sys (note the numbers are random, your may be a different filename but the location is the same) The rootkit is of two variant the 64bit , the rootkit disables the Windows 64bit kernel-mode driver signing. The cyber criminals also went ahead and slef signed the rootkit driver, note that the certificate date starts from 30th August (yesterday) !
The virus also creates a Fake Action Center which shows the user that the computer is not fully protected.
Browser Hijack, the proxy settings gets changed it happens both IE and Chrome , so whatever you type in the address bar it gives a fake warning.
The main purpose of these fake antivirus is to scare the user and ask them to pay money and says that if you pay money the will get it out of your system and you should know this they wont! even if you have submitted your credit card (which is taken by the cyber criminals) I have seen many people who have regretted submitting their credit card. So, my request is that please do not submit your credit card, they will steal your money and not fix your computer.
Clicking the shortcut icon to buy the software will add this to your computer registry Target: C:\WINDOWS\system32\reg.exe add “HKCU\SOFTWARE\Microsoft\Windows NT” /v FrameworkBuild /t REG_DWORD /d 0 /f that will open the shopping cart