Misleading applications use various techniques such as fake security scans or exaggerated “malware found” reports to scare users to purchase their so-called solutions. To take this to next step, one such example of a misleading app—called “System Security”—is forcing users to purchase it because it can render a system nearly unusable. Once System Security is installed on a machine it terminates most of the active user processes such as Firefox, antivirus programs, Acrobat Reader, and others. Internet Explorer is spared from this list.
If the user tries to run Task Manager, antivirus software, or any other executable binary except Internet Explorer, this misleading application reports that the respective binary is infected and blocks access.
Terminating most of the active processes and blocking users from executing any binary except IE results in this application forcing users to pay for a “subscription.”
Even after system reboot, the rogue app takes over the system by terminating other processes and by prohibiting users to terminate it or to execute any other processes except Internet Explorer. As always, we encourage users to download applications directly from vendors’ websites or legitimate partners.
Symantec detects this misleading application as Trojan.Fakeavalert, and advises customers to ensure that their antivirus software and definitions are kept up to date.