A recent surge in fake anti virus software seem to harass and upset several of my clients. These malware are not detected by many anti virus applications such as Avira, Microsoft Security Essentials etc. Yet they cause endless issues for the end user. Take a look at this error screen a client sent me:
The red arrows are my annotations. At first glance this could be mistaken for a real BSOD error - indeed, I fell for it initially. But upon trying to identify the location of the file SPCMDCOM.sys I realised that this file did not exist - already a sign something is fishy. Compare the spelling to the last line - the file's name is misspelt! Now read through the actual text - and you will realise this is not a Microsoft error but rather a fake message from the malware application itself, instilling fear and forcing you to purchase the fake malware to "remove" the virus and clean your computer.
Compare this to a real BSOD:
In the end there is nothing wrong with the computer other than running unwanted, irritating software. A program such as MalwareBytes and SUPERAntiSpyware should get rid of these irritations. The reason why antivirus applications do not pick up on these is most likely because these are not viruses. They are normal applications trying to scam you for money.
Searching the internet for this file resulted in this hit.
An unsuspecting user would then continue to click on the link in the article to download this file as the article suggests this file has become corrupted and is required by Windows. But it is a continuation of the lie. This file does not exist, never existed and is certainly not part of Windows. The scam extends deep into the depths of what is now a common resource for information - the internet. The software tricks your computer into producing false symptoms, then the internet is sprinkled with false solutions just aggravating the issue. You are being attacked on multiple fronts. So who do you trust? How do you know the difference between a real issue and a fake issue? Assuming that eventually these idiots will learn to spell properly, one day one cannot rely on a simple metric such as picking up on spelling mistakes to identify good from bad. And what then? Who do you trust? Soon fake cloud solution providers will start becoming commonplace and steal companies' corporate data - that would be trivial to do! I see a dark future.