Fake Firefox/Flash Update used by Rough Antivirus

For last few days something strange was happening on my system, Firefox to be exact. Once in a while when I open Firefox, it was prompting me for a flash player update. Even though this was unusual I didnt find it odd as it looks so similar to Firefox update page that comes whenever Firefox gets updated. Opening of that page matched exactly like a Firefox update page and hence I took it as normal.

I even clicked that  update link but thanks to Kaspersky Internet security, The URL was getting blocked. Even then I was unable to find what was the source of the URL which was getting blocked by KIS 2011. I tried to find out whats going on but it took me 2-3 whole days to find the culprit. When I saw the URL of that Flsh/Firefox update page, then I knew my system is infected.

Fake Firefox/Flash Update used by Rough Antivirus 1

As you can see, anyone will hardly suspect anything wrong here. If your Antivirus is not able to block it and you install that so called update, a rough  Antivirus as shown below will be installed.

Fake Firefox/Flash Update used by Rough Antivirus 2

Even though Kaspersky was able to block it, it was not able to remove it from the system. Hence, I had to check for other options and the best one that comes in my mind was Malwarebytes Antimalware. I ran a scan of full system and voilla, it found the infection which was causing the trouble. The infected was removed my Malwarebytes after a reboot.

Image Credits: F-Secure


0 comments… add one

Leave a Comment