spot and avoid fake antivirus

We all know that the internet is rife with hackers and fraudsters, and their toolkits: trojans, viruses, crypto-miners, etc., that all want a piece of you and your personal information. That’s why most of us run antivirus software on our computers. Antivirus software is usually your first line of defense against the “internet bad guys”.

But much like Prada handbags, there are fake antivirus applications out there. And installing one of those won’t do anything to keep viruses out and may well wreak havoc on your computer, or worse, funnel away your personal information for fraud, identity theft, and other fun things.

So how do you distinguish a real antivirus program from a fake one?

Fake antivirus

First off, your fake antivirus will be of one of two types: legitimate antivirus software that has been modified or fake antivirus software built from scratch by an obscure company you likely never heard of.

So, of course, don’t turn to The Pirate Bay for your antivirus software. Buy it. And buy an antivirus produced by a reputable company and purchase it from a reputable outlet.

You don’t want to install an antivirus program from a company you’ve never heard of. And you certainly don’t want to install a copy of McAfee that comes from a torrent site, regardless of the number of seeders it has.

Fake antivirus notifications

OK, so you won’t download an antivirus torrent and won’t buy an obscure antivirus program from a dodgy shop you just walked into for the first time. Good. Now, what else do you need to look out for to avoid being scammed by fake antivirus software?

The most common way people get scammed into installing fake antivirus software is through an alarming antivirus pop-up window appearing in their browser, claiming that their computer has been infected by something really bad and that they need to take immediate action and CLICK HERE – or words to that effect.

That tactic preys on people’s insecurity, especially those who are less tech-savvy. And ironically, there’s a good chance the pop-up would never have appeared if you had a proper antivirus installed…

Those less experienced with technology might believe the pop-up was displayed by their operating system, think there’s a legitimate issue, and click the link in the pop-up. Others, with a bit more confidence, might opt to try and close the pop-up window, only to find that attempting to close the window generates more pop-ups until their screen is filled with them.

Pro tip: If your screen is filled with dodgy pop-up windows, just close your browser, clear your cache and run a real antivirus scan on your computer. Your computer may just have been compromised.

But what happens if you clicked the link to buy the junk antivirus program?

Well, this is clearly a case in which the solution is worse than the problem.

If you’re lucky, you only lost the money it took to buy the fake program and the software is useless but innocuous. If you’re not so lucky, you not only lost money on junk software, but you installed a fake antivirus program that’s a gateway to more problems: more malware or viruses, slow-downs, lock-ups, and compromised personal/financial information.

Identifying fake antivirus programs

There are two things here: the behavior of the junk software itself and the junk it places on your computer, i.e. malware, viruses, crypto-miners, etc. They may be part of the same problem, but they’re distinct components when trying to identify fake antivirus software.

What I mean is that any virus, malware, etc. you end up with on your system will essentially behave in the same way as it would behave had your machine been infected by other means than a fake antivirus program. So all of the issues that these can cause: lock-ups, slow-downs, rogue processes running, frequent junk pop-up ads appearing, weird toolbars added to your browser, or a good old browser redirect changing your homepage (yep, they’re still here in 2020…), etc., can be a sign that you have junk antivirus software. Or not.

If you already know you installed a fake antivirus, then there’s a good chance the two are linked. If you know you didn’t install such software, then they’re not related – though they’re still a problem you should solve with legitimate antivirus software.

Fake antivirus programs have a tendency to overcompensate their ineffectiveness by appearing to find more issues than any legitimate software ever would. And advertising that fact to you with, you guessed it, more pop-ups that may ask for yet more money to fix your “issues”.

This could be to lull users into thinking the antivirus program is working correctly to increase the likelihood of remaining installed on the computer. It could be to try and up-sell further junk security products. Or it could be both reasons. But regardless as to why, with a fake antivirus, odds are you will see many more pop-ups than you did before.

Fake antivirus software might serve as a Trojan, downloading even more malware onto your device. Because you’ve installed the fake antivirus as a trusted program, these downloads won’t be flagged by your operating system.

So if your antivirus software is “detecting” new infections every few hours, something might be up.

Here’s what to look out for when detecting fake antivirus:

  • You have an antivirus program on your computer that you never installed.
  • You cannot shut down or uninstall your antivirus software.
  • Your antivirus software keeps detecting issues and displaying pop-up windows.
  • The issues it finds can only be fixed by purchasing an upgraded subscription or additional software.

Things that may be related:

  • Constant lock-ups & slow-downs
  • Rogue processes running
  • Frequent junk pop-up ads appearing
  • Weirdo toolbars added to your browser
  • Hijacked homepage in your browser

Removing fake antivirus software from your system

There are different ways to remove a fake antivirus program from your system. And the method you should choose depends on the fake antivirus itself and how it was put together.

However, there is one method that will work for any fake antivirus (or anything else for that matter). But it does require that you have a backup of all of your important files. The solution is simply to format your hard drive, reinstall your OS and your programs and copy your backed-up files back onto the system. It’s a hassle, but it works and leaves no artifacts of the infection behind. You’ll have a clean system that will likely run much better than it did before.

I do understand, however, that this won’t be feasible for everyone. So how can you remove the junk software without reformatting your system and starting from scratch?

Well, you may need to do some research on the fake antivirus that you installed. In some cases, a system restore or factory reset will do the trick. But there are software tools that you can download and run on your system that may get rid of it for you.

Sometimes, installing a real antivirus program and running a scan will detect and remove the fake antivirus. But this is by no means always the case. Which specific piece of software you need to download depends on your infection, which is why you’ll need to research it a little bit. In many cases, just the name of the fake is enough. Here’s an example of such a tool. There are many more.

If you’re running Windows 7, 8, 8.1 or 10, then our dedicated post on how to remove malware on Windows may help you to recover your system.

I would suggest you download your removal tool from a reputable website otherwise, you might be pulling a double whammy on yourself.

Once you’ve found the correct anti-malware tool, download it from an uninfected system, copy it over to a USB drive and install it onto the infected system from USB. Then, follow the on-screen instructions and you should be able to remove the fake program without losing or damaging your files.

And if you can’t find a suitable removal tool, while it may not be how you planned to spend your Saturday afternoon, there’s always option one.

Mitigating the threat

Thankfully, there are several things you can do to reduce the risk of inadvertently installing a fake antivirus program on your system:

  • Use a firewall – All major operating systems have a built-in incoming firewall. Enable it.
  • Never click on pop-ups. No, really. Never. Just don’t do it.
  • If your browser displays a warning about a website you are trying to access you should pay attention and get the information you need elsewhere.
  • Never download pirated software – free products may sound enticing but remember that those who upload them are often looking to make money, either through compromising your system themselves or by selling your information on to other web crooks.
  • Only buy well-reviewed and genuine security software from legitimate vendors.
  • Only open email attachments if you trust the sender and you’re sure that you can verify their identity – viruses do come in the mail and that’s why it’s always a good idea to scan all your incoming mail with an antivirus program.

As people become more aware of the need for antivirus software, fake antivirus software will only become more prevalent. While it’s good that an ever-increasing number of people realize they need antivirus programs, cybercriminals have also taken notice and reacted accordingly.

It’s a bit like an arms race. As our means of protection get more sophisticated, so do the attacks we try to protect ourselves from. And in any battle, you want to avoid shooting yourself in the foot. Don’t install a fake antivirus.

See also: