Talk:Rogue security software
|WikiProject Software / Computing||(Rated C-class)|
|WikiProject Computer Security / Computing||(Rated C-class, High-importance)|
|This is the talk page for discussing improvements to the Rogue security software article.|
- 1 Fakeware
- 2 HijackThis
- 3 Funny thing in the screenshot
- 4 Registry Booster redirect?
- 5 Merger Proposal
- 6 Where's managedns404.com??
- 7 Screenshot!!!
- 8 I Made Some Edits
- 9 -Citations Needed-
- 10 Rogue software list issues?
- 11 Move?
- 12 Advanced Virus Remover
- 13 delinking spywareremove.com
- 14 "Personal Security" Malware - Uninstall Help
- 15 IP address and spyware-fix.net
- 16 The article links to the sites that will install viruses on your computer
- 17 Cleanup
- 18 Removal Section Issues-Misleading and Missing Information
- 19 Fake emulators and surveyware
Hijackthis will never "cripple" a computer, removing all the entries does not cripple anything, it would stop software that starts with windows, would strip all browser add-ons and possibly disable virus scanners etc... All of which can be re-installed afterwards with little effort. Saying that hijackthis can "cripple" a computer is simply not true, and quite frankly, displays ignorance of the subject the article relates to.
- Umm, according to Merijn Bellekom, HJT may possibly cripple your system, if the person chooses to fix everything. This is the creator of HJT, no offense I trust him more than anyone else. Now whether he is just CYA or not, if he says it I think it is a reliable source for saying as such. In respect of fairness I have copied and pasted the question and the FULL response, so you can see I am not misleading you. All I have done is bolded the initials before sentences and bolded probably cripple. While I agree that it is hard to think of how it would do so,I trust the creator of HJT knows his program inside and out. Also, I know it CAN disable your internet/network when trying to remove certain infections(removal of some dll's requires special fixes to remove their hooks from the TCP/IP stack or all network connectivity is lost. Source
Interview: (M.S.= Michael Simpson (interviewer) M.B. = Merijn Bellekom (creator of HJT)): M.S.:Ive read a number of articles where people say that it is safe to remove everything HJT finds. Would you say that is accurate?
M.B.:No, no, no. Absolutely not. HJT doesn't differentiate between 'good' items and 'bad' items, so "fixing" it all would disable numerous system components and probably cripple your system by disabling printer drivers, custom graphics card utilities, antivirus programs, firewalls etc. Do NOT fix everything HijackThis finds after a scan. After running HiJackThis If you have questions about what can or cannot be removed safely, you can check out Merijn's log tutorial or post your log file to one of the forums listed in his Help Forums.
- I have to agree, just as with registry cleaners, and even prominent Malware removal software, it is possible for system files to be corrupted or replaced to the point where removal by some programs could render the system unstable. i.e. if NTLDR, or BOOT.ini was replaced by malware, and then removed by HJt or anouther product. Sephiroth storm (talk) 00:11, 6 December 2008 (UTC)
Funny thing in the screenshot
On the screenshot, two rogue applications, Spydawn and Spylocked seem to detect a third rogue software, SpySheriff! Is this true? —Preceding unsigned comment added by 126.96.36.199 (talk) 22:25, 21 December 2007 (UTC)
Registry Booster redirect?
Why does this article redirect from Registry Booster, given that this program is not listed as rogue software? Even UniBlue, the apparent vendor, is not listed as a maker of rogue software. If it warrants redirecting to this article from "Registry Booster," shouldn't it be mentioned in the article? Otherwise, why the redirect? (188.8.131.52 (talk) 02:23, 5 October 2008 (UTC))
This article contains the same basic information as the List of fake anti-spyware programs article. It would be best to combine the two - making the list a subsection of this article. -DevinCook (talk) 14:53, 28 April 2008 (UTC)
This is a damn rogue software that disguises as a 404 error page (similar to the "The page cannot be found" one) and encourages you to download "AntiSpyware Shield", whici is a fake spyware remover.--184.108.40.206 (talk) 23:47, 7 October 2008 (UTC)
After some research, I find this interesting. The site itself is not Rouge Software obviously, while the endorsed products may be. I would not mind having an article on it, but I don't think that we can make it its own article, maybe adding a section on the articles of the promoted software. Thoughts? —Preceding unsigned comment added by Sephiroth storm (talk • contribs) 17:32, 9 October 2008 (UTC)
- And how about making an article about AntiSpyware Shield (the site manage404.com takes you to)? There we could write a section about this infamous dsguise.--220.127.116.11 (talk) 22:15, 2 November 2008 (UTC)
- Is it listed in the Rouge software article? If not, please feel free add it to the list, and we'll get on it as soon as possible. While you are at it, feel free to register and join the Wikipedia community.
I Made Some Edits
Hey, I am just mentioning I made some edits. Mainly I split apart the two separate parts dealing with how the program attempts to goad the user into installing the program (knowingly or otherwise) and how once installed the program attempts to get the user to buy the "full" version. The latter was most of the work as I attempted to list some of the common symptoms encountered such as false positives, security warnings etc. If you dislike my edit feel free to revert it. I hope I helped the quality of the article.PedroDaGr8 (talk) 00:20, 6 December 2008 (UTC)
Does anyone know what this is in reference to? Does it mean that the entries shown as being Rogue need to be sourced? If so I will get on that, or is it referring to symptoms?PedroDaGr8 (talk) 05:48, 28 February 2009 (UTC)
- Well the first column is done.PedroDaGr8 (talk) 03:25, 6 April 2009 (UTC)
- Column 2 is DONE!!!!!! PedroDaGr8 (talk) 03:28, 18 April 2009 (UTC)
- ALL ARE DONE!!!!!!!!! WHOO HOO! Now time to focus on citations in the article itself. That was a hard task, I removed several applications that had NO proof of malevolence, some websites that were just distributers of rogue software and not rogue software themselves etc.PedroDaGr8 (talk) 03:29, 18 April 2009 (UTC)
- Column 2 is DONE!!!!!! PedroDaGr8 (talk) 03:28, 18 April 2009 (UTC)
Rogue software list issues?
The list of rogue software seems to be a bit unorganized; would it help to rearrange the rogue programs as "families"? For example, maybe we could list Antivirus 360, Antivirus 2008, and other links that redirect to the MS Antivirus article under a family called "MS Antivirus"? ObbySnadles (talk) 13:23, 14 April 2009 (UTC)
- An interesting idea, though by grouping in families, you lose the ability to look for items by name. I wonder what others think about this. I think at minimum, the concept of families should be discussed in the article itself. Once I have finished citing all of the rogue products (having removed a legit and a few websites, the necessity of this citation is becoming sorely evident for me) I can begin this if someone else has not already begun it.PedroDaGr8 (talk) 00:30, 18 April 2009 (UTC)
Advanced Virus Remover
Why no mention of this particular malum in se malware? The first clue (if you know where to look) is a Advanced Virus Remover folder and executable PAVRM which apparently gets installed just by click yes or no a some pop-up. Then as it runs, it mutates, moves around, renames itself, insinuates in odd corners of the system, disables Task Manager, disable Command Line window, by the time you realize something's not kosher, making removal a pain.
- There's really only a few of these running around... they go by different names and have different skins, but the name is changed frequently to make it harder for users to track down removal information. I'm sorry... they can change the name faster then we can keep up. ---J.S (T/C/WRE) 00:57, 12 January 2010 (UTC)
This domain has a very bad reputation. Norton says the page is safe, but it's users say the software they are trying to peddle comes with quite a bit of spyware. MyWOT also ranks them as potentially unsafe. It might be a good idea to unlink this website. Thought? -----J.S (T/C/WRE) 01:20, 12 January 2010 (UTC)
- Sure, remove the references. WP:RS(simplifying a lot here) says that if it's not published by a reputable publisher, it has to be a recognized expert in the field. I'm not seeing it meeting either one. --HamburgerRadio (talk) 08:28, 12 January 2010 (UTC)
"Personal Security" Malware - Uninstall Help
After struggling for days to rid my computer of Personal Security malware, I thought I'd share the final (and ridiculously easy) solution with others.
I down-loaded various reputable (albeit the free versions) anti-virus and anti-malware software, none of which could get rid of this extremely frustrating and incapacitating malware. Then, during my web research I unexpectedly came across the answer in a computer-geek blog. Apparently someone (with the same problem) somehow managed to trace the sender and threaten them (I don't know how) until they simply told him. Below is a copy of their e-mail:
“Dear customer, Thank you for contacting Customer Support Center. Please follow my instructions to uninstall Personal Antivirus 1.Open My computer, choose Disk C; 2.Find C:\Program Files\Common Files\Uninstall\PAV\Uninstall.lnk 3.Run the Uninstall file. 4.Reboot your computer. There are other options to find the uninstall file:-paste the following string to Windows Explorer address bar and execute it (Press Enter key): C:\Program Files\Common Files\Uninstall\PAV\Uninstall.lnk or Start->Run->C:\Program Files\Common Files\Uninstall\PAV\Uninstall.lnk After that our product will be removed. If you have any questions concerning our software, please contact our Customer Support Service.”
I tried it almost as a joke and couldn't believe my eyes when it worked. The final links looked slightly different when I did it though, but somewhere in the “common files” folder you’re bound to see something that mentions “Uninstall”.
Hope this helps someone somewhere to spend slightly less of life's valuable hours on such nonsense. Is there some way to link this bit of advice to where Personal Security is mentioned in the list of malware in the Rogue security software article?
IP address and spyware-fix.net
Is anyone else concerned about the IP address 18.104.22.168 slowly replacing links with ones to spyware-fix.net? The link target is a bit worrisome too. All the contact information on spyware-fix.net is vague, and the domain is registered by proxy. --HamburgerRadio (talk) 22:08, 17 July 2010 (UTC)
Why would the article link to the sites that have the virus software?
The article has links to the sites that will install the viruses on your computer.
The list is kind of a mess when it comes to links. It needs to be fixed; e.g. sorting by family? --ÆAUSSIEevilÆ 05:50, 12 October 2010 (UTC)
- Seconded. I really wish the Symantec links at the bottom weren't broken, they look like interesting stories. Ivionday (talk) 08:15, 24 November 2010 (UTC)
- <Confused> The list was split into a separate article 6 days ago; there's only one external link, and it's not a Symantec one. Socrates2008 (Talk) 08:36, 24 November 2010 (UTC)
Removal Section Issues-Misleading and Missing Information
Closing the browser window does not remove a rogue security software program, although it is true that if the browser is closed the right way before the infection infiltrates the system, it can stop an infection before it starts. However, even in those rogues that affect the browser, simply closing the browser means that the infection is still there, and will continue to operate once the browser is reopened.
Using personal experience and in checking various sources, not one security software website I can find recommends closing the browser to remove a rogue program. However, they do recommend using a malware or anti-virus program to scan for infection.  This section also does not list any of the anti-virus/anti-malware programs that could potentially remove rogue security software, nor does it mention the need to scan the system after an attempted rogue infiltration such as an attempted download, fake warning, or other rogue activity to be sure the software did not install. Essentially, this section is missing some basic, important information, and contains severely misleading information - I will correct as soon as possible. JC.Torpey (talk) 21:04, 24 January 2012 (UTC)
Fake emulators and surveyware
Would such be classified as rogue software? Malwarebytes did an analysis of a supposed Xbox One emulator on their blog, and it did reek of the same modus operandi as with most emulator scams and supposed iOS jailbreak tools. Blake Gripling (talk) 03:03, 30 July 2013 (UTC)
- How to Geek, "How To Remove Antivirus Live and Other Rogue/Fake Antivirus Malware"  Retrieved 2012-01-24