GFI Software Finds Fake Trojan-Eliminating Toolkit

According to researchers at GFI Software (earlier called Sunbelt) a security company, they've discovered one fresh kit that falsely claims to remove Trojans.

Says Christopher Boyd, security researcher at GFI, the Trojan-eliminating kit on Windows PCs effectively compromises computers with the help of a malicious program called ThinkPoint. Infosecurity.com reported this on November 30, 2010.

Also according to Boyd, ThinkPoint at times pretends to be Microsoft Security Essentials, authentic anti-virus software that Microsoft offers for free. But, once the malicious program infects a PC and the latter starts up, the affected user will find that he can't access his desktop any more.

Boyd warns that if the executable is installed it can mean trouble as a standard user may find a false 'Blue Screens of Death' as also screens nagging for payment. Softpedia.com published this on November 30, 2010.

The consequences of the above installation occurs since just as any other fake security software, ThinkPoint too asserts that it's incapable of cleaning the malware it spotted unless the user buys a more sophisticated product. Meanwhile, Boyd says that the detection rate of ThinkPoint is nearly 50% by anti-malware programs.

Currently, the file is being offered through the usual 'false malware scan' websites like microsoftwindowssecurity152.com. This fake site has the tendency for remaining on domains same as the one just mentioned, points out Boyd.

Luckily, there's one solution for computer-users towards cleaning the malware, which GFI has detected as Trojan.Win32.Generic.pak!cobra that was first discovered in 2010 beginning. This is to open Settings menu of the program followed with activating the "allow unprotected startup" link that will help unlock the screen and thus make way for the cleaning process.

Worryingly, it's fairly common to find social engineering tactics that tend to make believe a malware as malware-eliminating software. Previously during October 2010, security investigators cautioned end-users of a damaging Trojan that was passed as software for removing the Stuxnet virus that erased the entire lot of data stored on the system panel.

Eventually, it's recommended that users should take down free security software only from reputed anti-virus companies' websites alternatively authorized portals that offer 'downloads.'

Related article: GPU Processes Fast to Crack Passwords

» SPAMfighter News - 12/11/2010