The Latest in IT Security

FakeAV + Ransomware = Windows Expert Console

28
Nov
2013

During the last months we have been talking mainly about police virus infections, and more recently about CryptoLocker, the new major ransomware family. However that doesn’t mean that our good “old friends” known as FakeAV aren’t around. Fake antivirus have been infecting users for years and they have not disappeared, although it is true they are not as prevalent as they were in the past. This week we have seen a rise in FakeAV attacks using a new aggressive ransom-like approach.

The malicious file uses the following icon:

windows expert icono

Usually it gets in the computer under the name “cleaner.exe”, although we have seen it using different names. As soon as it is executed, it appears a screen where it shows the installation of a program called “Windows Expert Console”:

windows expert 1

It only takes a few seconds, and before user is able to react it restarts the computer. Once restarted the following screen will show up and we won’t be able to do anything:

windows expert_eng

If you try to get back to the desktop or run any application, you won’t be allowed. The only thing you can do is to click on that “Remove All” button, and that will take you to a different window in order to buy a license of this FakeAV. It costs $99.

At the same time we found this malware, we detected another variant, this one is less aggressive (it does not block your computer) although they share the same interface, the only difference is the name, this new one is called VirusBuster, the same as the historical antivirus company that closed last year. In this case you get this kind of warnings to make the user pay the license fee:

virusbuster3

As we mentioned, both programs share the same interface, and they are in 4 different languages (English, Spanish, German and French), in the following animated GIF you can see how they look like:

virusbuster-windows expert

In case you have been infected with any of these, you can use our free malware removal tool Panda Cloud Cleaner.

Leave a reply


Categories

SATURDAY, AUGUST 24, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks