Last week I alerted you to a common trojan trap that is surfacing all over the web under a variety of names. AntiSpyware XP2009 is just one name. Rather than update the original post, I have decided to post this once again because of the EXTREME DANGER this type of threat poses.
A colleague of mine recently passed away. While searching for news about him, I navigated to a site where I was greeted by this pop-up window:
Pretty scary huh? It gets better. It matters not how you exit the pop-up message, as soon as you do, a fake "scan" animation is displayed that makes it appear your system is being scanned. It is important to note that the script is NOT PERFORMING A SCAN. What you see is only an animated webpage made to resemble an actual scan. A full size screen capture of this scan animation is displayed here
So how do we know the scan is a fake? Well for starters, the fake animation displays only 2 Local Disk drives and a DVD-RAM drive. In reality, there are 9 Disk drives on my computer and one DVD-RW drive. Secondly, while "local disk" is the name Windows assigns Hard Disk Drives during installatioin, I rename all my drives to unique names. It's a neat little trick that can help you spot these fake screens. Renaming HDD's to a friendly name will be the subject of a future post. And lastly, we know this is a fake screen because the layout is based on a Windows XP Explorer window, I'm actually using Windows 7 Beta on this computer.
Finally, take a close look at the final screen capture below:
Under no circumstances should you select the "OK" option to install. Clicking on the X, or the Alt-F4 keystroke combination just puts you in a repeated error message loop. Close the actual BROWSER window to cut this trojan off at the knees.
It's easy to be fooled by these tricks and a lot harder to clean up after, so surf smart. Don't panic when you see a pop up like this, but if you get taken in, call the St. George UT PC doctor for disaster cleanup.