Antivirus 2010 on the horizon…and how we’ll help destroy it!

I just put up a new site in anticipation of the latest nuisance that I only recently came into contact with: “Antivirus 2010.”  You can view the new site at removeantivirus2010.com, but be aware that it’s pre-release at the moment, which is why I haven’t done any SEO or cross-linking for it yet beyond this post.

Antivirus 2010 is the successor to the infamous beasts “Antivirus 2009″ and “XP Antivirus 2008.”  The scammers behind these fake security programs have literally raked in hundreds of millions of dollars, and I’m quite sick of seeing them on our customers’ computers.  The major problem with removing these kinds of beasties lies in their inner workings: they use rootkit tactics inside kernel-mode drivers loaded very early in the boot process to hide themselves from any and all anti-virus and anti-spyware solutions on the market.  The loaded driver’s name always starts with the capitalized string “TDSS” and the older versions use “TDSSserv.sys” as the name.  The ultimate problem is that there is no simple way to delete this driver because of the security manipulation done by this virus: the service registry key permissions are typically null, automatically meaning everything in Windows is denied access to it and successfully hiding it from programs like AutoRuns, StartupList, MSConfig, and HijackThis; furthermore, the virus hooks numerous key NT kernel system calls and “edits itself out of the list” whenever a directory listing or process list is requested by any program on the system, such as Task Manager, Windows Explorer, and even whatever antivirus solution you use.

Worst of all, it locks your system down like this even in safe mode, and its early boot loading means boot-time scanning solutions such as Avast’s can’t get rid of it either.  It’s a truly clever little booger, immune from all your favorite security software.

Spybot can’t get it, nor Ad-Aware or Malwarebytes.  We can get it all gone, but traditionally you had to call a very highly skilled and expensive local technician to get this stuff removed, because a clean boot environment is required as well as somewhat complicated knowledge about the inner workings of Windows and how viruses tend to slip up in the process of securing their presence on your system.  Antivirus 2010 makes almost no mistakes, so you’re currently stuck either getting that expensive local tech or reinstalling.

Until now.

I’m currently writing software that will give Tritech access to a 100% clean environment remotely–free from viruses and spyware, which enables us to perform these horribly difficult virus removals remotely.  The details will remain a secret, but suffice it to say that there are precisely zero computer service providers in the industry today that can perform this kind of service right now: the kind of custom software needed poses a significant barrier to entry, and the alternatives are so much easier and safer to rely on.

It’s revolutionary.  Plain and simple.  No one else we’ve found does anything like it.  We’ve checked.  Regardless of whether you need to remove Antivirus 2010, remove Antivirus 360, remove Antivirus 2009, remove SecurityCenter 2009, or remove any other disgusting infection, we’re rolling out a campaign that can get it done, regardless of your location.  You don’t have to find a local tech and you don’t have to pay out the yin-yang.

Imagine getting this done wherever you are in the world, even if you’re in a hotel in Germany, and paying as little as $30 to have it done.  Geek Squad charges a minimum of $199 (I really hate that whole “$999.99 can be advertised as under $1,000″ pricing scheme! GRR!!!) to do this in-store, and they don’t even offer over-the-internet virus and spyware removal.  PlumChoice charges nearly $90 just to hop on their “SmartPlan,” and they can’t do what we do without an on-site appointment either. iYogi…well, if you think you’ll get this kind of quality and experience at their pricing level, you deserve what you get…they’re like a version of Dell’s Indian tech support that you actually pay money for, and you shouldn’t be supporting the iYogi Craigslist spammers anyway.

Bottom line: only Tritech Computer Solutions in Siler City, North Carolina, USA can remove difficult infections of viruses and spyware over the Internet.  No one else does this, period.

(Edit: a commenter objected to this statement, indicating that it implies other remote computer service providers are ill-equipped to handle difficult virus infections.  The distinction lies in the fact that no one that we have looked at currently does anything like what we’re rolling out; they certainly COULD do it, but they don’t; that’s why it says “no one else does this” instead of “no one else is capable of doing this.”  What we’re rolling out is unique, and fills a niche currently worked around by hiring a local technician…which sort of negates the purpose of “remote computer support” in the first place.  See comments on this post for more information.)

The only bad news is that this is still a work in progress.  I’ll update this post when that changes, as well as post a new one.  We’re looking to have this support platform completely up and running within about two weeks; more testing is necessary before release to ensure maximum reliability, but when this service of ours officially opens for business, it’s going to completely pull the rug out from under all of our competitors, and we can literally say that NO ONE ELSE does it.  We’re truly one of a kind in this industry.

XP Antivirus 2008 and XP SecurityCenter

I swear, if I ever find the person who created these two fake antivirus programs, I will personally beat the tar out of him.  I went to two totally different small business clients today, both of whom had picked up XP Antivirus 2008 and one of which also managed to get XP SecurityCenter and SmitFraud, all at once.  What an annoyance this thing is becoming!

Let me be very explicitly clear: unless you know for a fact that a security product is a legitimate product from a company that operates on the up-and-up, such as avast! antivirus, you MUST NOT DOWNLOAD AND INSTALL IT.  There are literally hundreds of fake security solutions out there today, and they have been growing almost exponentially.  Before XP Antivirus 2008, it was WinAntiVirus 2006 and 2007, and other crummy little beasts like SpySheriff.  Where previously we would see fake or low-quality “registry cleaners” and “cookie washers” finding their way onto peoples’ computers under the guise of “boosting performance” and “fixing errors in the system configuration,” now we see these stupid fake security programs cropping up practically everywhere a Windows PC exists, and it’s maddening to have as many clients as Tritech does and still see a significant percentage of them end up with what I call “nagware” on their machines, despite not using Internet Explorer and generally staying infection-free for months or even years.  Despite my own best efforts to educate my clientele (because user education is the only true way to improve computer security, no software can its place), I am still receiving reports of these horrid little nuisances to this day.

The psychology of how these things work is very interesting.  Basically, computers have taken an ever-increasing prevalence in our lives since the Internet became accessible to home users en masse in the mid-90’s.  Computer security threats have become mainstream news items, and you can’t open one single PC magazine without seeing a plethora of ads for poor-quality (but nevertheless legitimate and somewhat effective) security software plastered all over the place.  With the amazing growth in identity theft awareness, the public’s perception of “what’s out there” must be no less than a step away from complete paranoia!

That’s where the fake security software comes in.  Playing on the conditioning of the common user to seek solutions in SOFTWARE to all of these immense and overwhelming threats, these products end up on computers after such trivial searches on major search engines as “free anti virus” or “free spyware cleaner” or “free trojan remover.”  Combining our fear of identity theft, hackers, scammers, spammers, fraudsters, and lotteries in Zimbabwe with the post-2000 “I want it all and I want it now” instant-gratification mentality, these products are a perfect storm to extort our hard-earned dollars through promises of “threat removal.”

You see, when you install one of these scummy programs on your PC (often by accident or by trickery), you’re greeted with warnings about the status of your computer.  I’ve seen pop-up balloons by the clock with messages that “Windows has detected spyware infection!  You should download the latest antispyware updates to fix them.  Click here to install antispyware!” (that’s not precise but it gets the point across), when in fact there is no such infection other than the software itself.  The “XP Antivirus” series likes to pop up a “scanning window” that shows “viruses” it “found” along with an explanation of why they’re dangerous, along with a fake “threat level” as well.  I called B.S. on the whole thing 100% for certain today, when it listed a virus about which it stated “this virus corrupts your system BIOS.”  If the machine had a virus that actually damaged the BIOS code, the machine wouldn’t boot!  If they meant the “CMOS RAM” instead (a misnomer but still the generally accepted term for where the BIOS stores its settings), the computer might complain a lot on boot, but otherwise would automatically reconfigure itself to sane defaults and boot right on up anyway.  But I digress.

The fake security programs ultimately will attempt to convince you that you have some kind of threat to your security on your computer that is quite serious, and then attempt to get you to pay up for the software or the repairs.  It’s such a simple modus operandi, but insanely clever.  Please don’t be fooled by promises of increased security.  If you’ve already been infected with this garbage and you’re in our service areas in North Carolina, you can check out our spyware and virus advice page or contact us to get it wiped out.  Otherwise, find a reputable independent technician or local computer service shop in your area to take care of it.  (Avoid major chains such as Geek Squad like the plague, because it’s hard to know what the skill level of the technician will be and their prices are usually quite ludicrous.)

As always, you can contact me directly if you have questions or feedback about this article.