Live Science Plus
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Delivered Daily
Daily Newsletter
Sign up for the latest discoveries, groundbreaking research and fascinating breakthroughs that impact you and the wider world direct to your inbox.
Once a week
Life's Little Mysteries
Feed your curiosity with an exclusive mystery every week, solved with science and delivered direct to your inbox before it's seen anywhere else.
Once a week
How It Works
Sign up to our free science & technology newsletter for your weekly fix of fascinating articles, quick quizzes, amazing images, and more
Delivered daily
Space.com Newsletter
Breaking space news, the latest updates on rocket launches, skywatching events and more!
Once a month
Watch This Space
Sign up to our monthly entertainment newsletter to keep up with all our coverage of the latest sci-fi and space movies, tv shows, games and books.
Once a week
Night Sky This Week
Discover this week's must-see night sky events, moon phases, and stunning astrophotos. Sign up for our skywatching newsletter and explore the universe with us!
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
There’s a new breed of malicious malware program spreading across the Web that tricks users into uninstalling the legitimate antivirus software on their computers. Computer experts have long been aware of the existence of such malware programs known as retroviruses that can kill or disarm security products. When activated, they unleash a world of hurt on the user’s computer and finances.
Called "AnVi Antivirus," the latest retrovirus was discovered by the response team at the security software developer Symantec. The virus is introduced through a software Trojan, which can be picked up by visiting rogue Web sites that show up in search results, through peer-to-peer file transfer or opening an infected email attachment, said Kevin Haley, Symantec’s director of security response.
"It’s introduced a new twist," he told TechNewsDaily. "It uses the software’s own uninstall program. This is what makes this one different."
Disabling defenses
The first sign of infection is the display of a message box on the computer screen that asks you to uninstall your existing legitimate antivirus programs because the software is “uncertified and will degrade the computer’s performance."
The box asks you to click "OK" to begin uninstalling the program. It doesn’t make any difference whether you click on the box or not, or whether you try to stop the process by clicking the "close" button. The uninstaller of the antivirus product still executes.
To do this, the malware roots around in your Windows registry to find and launch the uninstaller for your software, Symantec said. The AnVi Antivirus is equal-opportunity malware; it goes after many well-known security products by Symantec, Microsoft, AVG, Spyware Doctor and Zone Labs.
The hurt continues after your legitimate antivirus program is uninstalled. "The really bad news is you absolutely have no other anti-virus software," Haley said. "You’re wide open to any other malware out there."
Calling home
The retrovirus will then try to connect your computer to malicious websites to download the AnVi Antivurus, which is the newest member of the malware fraternity that attempts to lure users into opening their wallets to pay for bogus software and surrender sensitive credit card information. Once it downloads to your computer, AnVi Antivirus announces its presence by launching its installer window and a companion window that offers pricing options for the fake antivirus software.
If you fall for this ruse, you’re left without antivirus protection, a slightly lighter wallet and credit card details at risk.
The antidote to this and other malware attacks, said Symantec, is have legitimate antivirus software and keep it up to date.
“The good news is that as long as your antivirus software is up to date you’re OK,” said Haley.
