Home Malware Programs Rogue Anti-Spyware Programs Fake Eclipse Antivirus

Fake Eclipse Antivirus

Posted: March 4, 2011

Eclipse AntivirusFake Eclipse Antivirus is completely lacking in all its advertised features as an anti-virus application and is ousted for a mere rogue anti-virus program by its use of false positives and Trojan-based installation. Information and money given away to register Fake Eclipse Antivirus will be misused by criminals for identity theft and fraud; registering the rogue anti-virus program itself gives no security benefits to your computer. As with all rogue anti-virus products, you should delete Fake Eclipse Antivirus if it's on your computer since Eclipse Antivirus actively fights your computer's security instead of assisting it.

You Will Not See Eclipse Antivirus Coming

Rogue anti-virus software like Fake Eclipse Antivirus are primarily spread by Trojans that infect your PC through malicious websites and corrupted  .exe files; these Trojans then deliver a rogue anti-virus application payload automatically or through fake infection alerts. Trojans tend to be difficult to see in and of themselves, which places emphasis on having good security software up to thwart such malware passively.
 
After being dropped, Eclipse Antivirus will add entries to your Windows registry to let Eclipse Antivirus run when Windows starts up in the normal booting mode. This places Fake Eclipse Antivirus in a good position to instill fear in the user by taking priority even over the system's desktop. Major problems associated with PC threats similar to Eclipse Antivirus often include symptoms like these:

  • Desktop alerts about infections and system problems that aren't actually present. Reporting corruption in the baseline system components like lsass.exe or real security programs is common. Equally frequent is the use of false positives for keyloggers and password-stealing viruses. If you've never seen these errors before and popular anti-malware scanners don't pick them up, then the errors are likely fakes.
  • A forced scanning display followed by extremely negative infection rate results. This is a trick often used by Fake Eclipse Antivirus and other rogue anti-virus products when the computer has just started up, and usually contains a link to the rogue anti-virus program's website. Don't try to register Fake Eclipse Antivirus; none of the infections Eclipse Antivirus fingers are real, and your credit card number is severely at risk the minute you give it to the criminals who designed this dangerous PC threat.
  • Crashing security applications and Windows tools like the Registry Editor and Task Manager. Such crashes are usually caused by rogue anti-virus tools like Fake Eclipse Antivirus, which keep these applications from running because they could remove the rogue anti-virus program itself.

Some sources also report that Fake Eclipse Antivirus is able to download other components to allow access by remote attackers and that Eclipse Antivirus can continue running even after seemingly being closed.

How to Handle This Unruly PC Intruder

Removing Fake Eclipse Antivirus is a job best left in the hands of dedicated security programs or PC threat experts. Along with its registry entries, Fake Eclipse Antivirus also registers .dll files and may install or download other components not yet identified. If you remove Fake Eclipse Antivirus partially and fail to remove the Trojan that delivered it, Fake Eclipse Antivirus will likely pop right back on your screen again the next time you use your computer.
 
Always prevent malware like Fake Eclipse Antivirus from running before you try to remove Eclipse Antivirus, and always conduct a full scan of your system if you suspect infection. Cleaning out all Trojans and other infections is just as vital for your system's well-being as deleting Fake Eclipse Antivirus.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %PROGRAM_FILES%\Fake Eclipse Antivirus
    2 c:\Documents and Settings\All Users\Fake Eclipse Antivirus\
    3 c:\Documents and Settings\All Users\Start Menu\Fake Eclipse Antivirus\
    4 c:WINDOWS.dll
    5 c:WINDOWS.exe
    6 c:WINDOWSsystem32.dll
    7 c:WINDOWSsystem32.exe
    8 c:WINDOWSsystem32drivers.dll
    9 c:WINDOWSsystem32drivers.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\Software\Fake Eclipse AntivirusHKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "Eclipse Antivirus rogue"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows "AppInit_DLLs" = ".dll"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows "LoadAppInit_DLLs" = "1"
Loading...