Most rogues do their dirty work by using an overwhelming number of detections (some, and maybe most, are false positives) to scare a novice into purchasing the rogue to remove what was either not there in the first place, or is trivial (like a tracking cookie or a missing help file).
Some like the one I am about to discuss, only showed a few…but those few strike terror in the mind of a novice.
The rogue programs on maxpcsecure (http://maxpcsecure.com/) cover the full spectrum of these “free scans”: “Max Spyware Detector”, “Max Registry Cleaner”, “Max RAM Optimizer”, and about eight more with the typical titles.
I was prompted to test some of these programs (using my VM and Sandboxie) because of a “review” made on the McAfee Site Advisor page (http://www.siteadvisor.com/sites/maxpcsecure.com/msgpage/showthread.php?p=3652575&posted=1) by a user with the screen name of “Rachnap”. I won’t quote the whole thing here, but it begins “Mywot.com is a hoax site having fake reviewers.” (For the full “review”, go to the link I just provided). That was enough to energize me to do my due diligence on this maxpcsecure.
Here are some of the things I found running these scans:
The following two screenshots display the completed scan. I ran SuperAntiSpyware, MalwareBytes, and Spybot S&D afterward. Other than the usual inconsequential tracking cookies, THE RESULTS OF THOSE SCANS DID NOT SHOW ANY TROJAN SPYWARE:
Here is where maxpcsecure is one of those that only show a few detections, but those few may scare novices into purchasing the removal program. My sense is that novices would be terrified by the use of the word “Trojan”, and consequently make the purchase. Notice also the descriptive paragraph on the left (it’s the same for both “Trojan.WebSearch”, and “Trojan.scar.pcp”.) It begins with “A destructive program”.
While that’s generally true of Trojans, if a novice reads that in conjunction with these bogus detections, they would likely get more terrified.
And, guess who can provide for removal of these Trojans? You got it!:
I also ran the “Max Registry Cleaner” scan:
This is a more typical rogue with hundreds of detections. If I had 1431 “invalid entries”, most of them shown as “high risk”, the machine wouldn’t even boot. Granted, there can be a high number of TRIVIAL “invalid entries”, but this beast shows most of them as high risk.
I would award maxpcsecure a blue ribbon in the “Rogue Hall of Shame“.
Finally, this Rachnap person, in a “review” post on SA (http://www.siteadvisor.com/sites/maxpcsecure.com/msgpage?page=3#reviews), made this remark:
“we invite our critics to prove us wrong and we will give a free copy of our product”
I would claim my “free copy”, but I don’t want any crapware/scareware/rogue on my machine.
So sad to see people take advantage of novices just to earn money or make a sale.
Andrew,
It’s like that in life. There are people who prey on the weak.
There’s a special place in Hell for these criminals.
Bob,
It’s a great article and hopefully it will help others from being the next victim.
Nice article I hope TechJaws readers do not become victims if this Scareware fashioned “free software.”
Also, since WOT was defamed, I thought it would be nice for others to review the topic Shazza started on the WOT Forum along with Bob’s more detailed and highly graphical review.
http://www.mywot.com/forum/5430-maxpcsecure-com-attack-on-mywot
g7w,
Thank you for the comment and keep on doing what you do best – “catch the bad guys!”
Good Job Frank! As always, impressed! It’s hard to determine for the novice what’s good and what’s bad, it sucks that people waste the time and energy to do this.
Susie,
Thank Bob J for this one!
Unfortunately these things are becoming much more pervasive. Plus some of them can mess up a computer. I’ve seen some examples of these rogues ScareWare programs causing computers to break the Login process and prevent a user from logging in. The damage causes the user to be logged off immediately after starting to log in. Does the same thing even in Safe Mode. Not fun.
@Mike,
There are consequences to some of this rogue nonsense that, to me anyway, is even worse than messing up a computer. Some of these things lead to credit card fraud and even take it a step further to identity theft. maxpcsecure, for example, likely extracts PII from the purchase . . . and who knows what happens to it then . . . I’m sure they sell it, but they may also use it for other nefarious purposes.
I did a piece on Uniblue/iutilities here on TechJaws not too long ago, and I actually had a friend that was duped into purchasing their “RegistryBooster”, and he ended up having his credit card info stolen and had fraudulent purchases on it (Uniblue/iutilities likely sold it).
That’s why I said that there’s a special place in hell for these morons.
It’s bad enough to have your machine messed up, but you can always recover from that with a clean install (PITA). Recovering from credit card fraud and/or ID Theft is a lot more serious.
Please don’t misunderstand . . . I’m not trivializing your comment that they mess up machines. Just saying that they may do more than that.