Skip navigation

All posts tagged with "Internet Explorer"

XP Anti-Virus 2011 is a very clever virus

Have you ever had one of those fake antivirus things pop up on your computer? You know the type, "50,000 infections found! Click here to remove! *click* Pay $$$ to remove or you have viruses!!1". They're very convincing; usually they look like legitimate programs and/or parts of Windows. They prey on novice PC users who jump at the word 'virus' and think they have done something wrong.

I recently had the misfortune to meet one called XP Anti-Virus 2011 (not my computer that was infected, I was just tasked with fixing this particular one). This virus - and yes, I am calling it a virus even though it technically isn't one - is the nastiest rogue software I have seen yet, though I'm sure it's not the only one to run as it does. It's not new, despite the name - it's been around for years under various different names, mainly comprising of your version of Windows and the current year. So under Windows XP, you'd get XP Anti-Virus 2011 and under Vista you'd get Vista Anti-Virus 2011...etc.

Why is this particular one clever? Well, as I said, it's probably not just this one, but what this program does is to change how .exe files are run on your computer. On Windows, .exe files are normally programs; nearly all executable files will have that extension. Mr Nasty Virus here reroutes all .exe files to run through itself - and it'll block any it doesn't like. Those it doesn't like include almost all legitimate antivirus/antispyware scanners and certain web browsers as well - it didn't seem to stop Chrome but it put a stop to Internet Explorer in any case and kept reopening itself informing me that the computer had too many viruses and I must click here to register and remove threats. That of course makes removing this piece of rubbish a right pain since, well, it doesn't let you. :P Of course, it did everything else these fake programs do - nice threatening messages, cloned the Windows Security Center but plonked itself there instead, typical antivirus program look... All very lovely.

I removed it by following a mixture of guides online - this guide is one of many that explains the basic steps (note the insertion of the license key in those steps - once you do this the program will act as if it removes the viruses and/or itself. Ha - I restarted and it came back up an hour later saying my registration needed confirming and I still had threats). Once you've got rid of it, make sure to update your real antivirus/antispyware protection and run a full scan to make sure it really has gone. A lot of those guides keep trying to push a download of SpywareDoctor (normally labelled as the "remover" for the viruses)... I've never found that program anything more than bloat, personally - I removed the items manually then ran MalwareBytes' Anti-Malware on a full scan to make sure all traces had gone.

How do you protect yourself from getting fake antivirus software on your computer? Here are a few tips:

  1. Know what your real antivirus software is (and firewall, if you have one), what it looks like and how to run it. If a window pops up saying you have viruses but it doesn't look like your normal AV software, it is more than likely fake.
  2. Use a browser other than Internet Explorer, or if you like IE, keep it up to date. XP Anti-Virus and its variants creep in through unpatched vulnerabilities in browsers - mostly IE.
  3. Keep Windows up to date. I know, Windows Update is a right pain and sometimes its updates take ages to download/install and sometimes break things. However, some of the updates do fix holes in the operating system so that fake AV stuff can't get in as easily.
  4. Don't click on dodgy links. Got some weird email from your friend with a link in it? Might be worth checking they really sent it and didn't get their email account hacked with virus-infested site links now being distributed through it (it happened to me last year - my email account got hacked and my contacts all received some virusy links :( )
  5. If a message does pop up about viruses on your computer, read what it says carefully. In most cases, fake AV software is in broken English with poor grammar and spelling (e.g. "threat is been discovered on your computer"). If your computer's primary language isn't English and this rubbish shows up in English, that's also a giveaway right there.
  6. If you do happen to get one of these fake programs on your computer, don't click on any notice it gives you. Click the X button at all times, don't click any buttons it gives you on screen - in getting rid of the millions of popups it was giving me, I inadvertently clicked on what I thought was a cancel button - it tried to send me to some dodgy website. Ick.


So, the first beta of IE8 is out... Looks no different to IE7 but apparently it passed the acid test and it's standards compliant!1!11 WOW!!1! So obviously I had to try it and review it just like I did for IE7.

Well first of all I can't spot any of the old CSS bugs (OMG I can't have been looking properly, seriously) but there are a few general bugs. If you view this site in it, the title of the page or blog entry kind of jumps when you hover over the navigation. Also, dropdown menus can't seem to decide whether they are as wide as the text inside them or as wide as the CSS says they should be. It seems if you click the menu, it is the correct width (i.e. that of the CSS) but if you click inside another field, it goes back to the width of the text inside.

Other than that, I couldn't find anything majorly wrong. I highly doubt I tested it fully, but still: could this be the end of IE hacks and having to make a separate stylesheet for IE because it interprets everything differently? Well, that certainly seems like an exciting prospect. The only thing I wonder is why Microsoft haven't done it before now.

Oh, and it has a handy "emulate IE7" button which is good only really for cross-browser checking... Can't easily install more than one IE on a computer so that's kind of useful. :P


So the first public IE7 beta has come out (source). Of course, I had to download and try it straight away.

...And guess what, I'm disappointed. Why? Because Microsoft haven't fixed half the bugs that IE6 had. I was reorganising this site's CSS earlier to get rid of IE hacks since IE7 doesn't like them (yes, that was the reason for the red text. Sorry if I blinded you) and these are the mistakes I found IE7 still to have:

  1. The float bug still exists.
  2. This bug exists too - when you quote a comment on this here site, the "Orginally posted by" text goes missing for some unknown reason. Could also be because of this, I'm not sure which it is.
  3. Some block-level elements still don't default to display: block; without specifying so in the CSS (and likewise for some inline elements)
  4. This bug has been slightly rectified but it still caused me a major headache because IE was refusing to "listen" to margins specified by #id element when #id > element was also specified - even when the former was written afterwards. In Firefox/Opera/Safari, it doesn't matter whether you write it as #id element or #id > element - if the former is written after the latter, it will override it (I think? I actually haven't tested it! >.< ).

There are more, but I can't be bothered to list them. In short, I had hoped the old peek-a-boo thing would be resolved but it hasn't been, neither have the weird floating problems or width/padding/margin bugs. Blah. Oh, and they (Microsoft) completely ripped off Firefox with their "new features". Tabbed browsing? Live bookmarks? Damn, IE, where have you been?!
/geeky subjects

And now I must go and install a new guestbook on a site I've done for someone because hey guess what, it's being spammed to death. The site's been up for 2 years and only in August did I allow it and my brother's site to be listed on search engines. Now look what happens, spam! Part of the reason why I think this site's been rather lucky in terms of comment/form spam is that it's not indexed by Google or any other major search engine. It's listed, but definitely not indexed (that I'm aware of). Any sub-domains are spammable since they don't have the robots.txt file in their root directories. I did try putting some in, but hostees kept deleting them thinking they were spam or something and anyway it didn't seem to work. The whole disallow / part seemed to make the bots think I meant / of my domain rather than the subdomain and indexed it anyway. So yes, I'm prepared to sacrifice search engine listings for having less spam. Grrrrr. Think I'll go for another installation of Jem's BellaBook. Hopefully blocking some common words should mean stupid porno spammers keep the hell out. Having said that though, they leave "genuine" messages with no specific keywords. Katy blogged about this a while ago - "normal" messages such as:

Hello admin! your site it is so great and useful! I have definitely bookmarked it and will come again! Great work!

...are too similar to genuine ones and are therefore almost impossible to block. ARGH.