The site powerfulvirusremover2008 .com is reported to have been using dodgy practices in order to push their product, and really, what's new? Yet another rogue antispyware on the loose.
Funny thing is though, it even has specific websites for different countries, so that they can cater to specific audiences. Here are some of the sites that they host for different countries:
jp.powerfulvirusremover2008 .com
Other versions include de, dk, es, fr, it, no, nl, and no.
And what's the difference for each? Oh, just the way they say "If you aren't redirected automatically, please click here" and the language of the webpage that strongbilling .com (the third party site it uses to process payments) uses on its page when the user wants to purchase the program. It gives the user a certain comfort level and the illusion that he actually understands what he is buying.
OK, so let's say the user (by some stroke of luckless chance, or courtesy of a trojan downloader) ends up with the demo installer of Rogue:W32/VirusRemover2008.C on their hands and it runs…
Enter the End User License Agreement (EULA). Who really reads the EULA nowadays? All we do is click, click, click, then done! Then we wonder why our computers are sputtering malware every day. And if we complain, the product pushers will just say, "You've been warned." But where? "In paragraph 100 of the EULA."
But really, the EULA actually does contain some of the indecencies that they do to your system. They have some nerve putting it there:
Exhibit A:
What kind of products? You mean my valid AV?
Exhibit B:
Lack of viruses? Oh, right. You mean those malware your product told me existed in my system — but actually don't?
Whoa! People should really start reading some of these stuff. It's pretty scary what they put there.
OK, say that, through the universal law of click-click-click, you skipped the EULA and happily installed the rogue antispyware… since it's the usual senseless stuff really… it'll do this:
1. Scans your system:
2. Tells you you have an infection:
And of course it comes with a link to buy the stuff, yada-yada.
Don't bother checking the files listed, they don't exist in your system. And you know where they exist? In a text file that they dropped into the system. A very readable text file!
