Trusteer Rapport "security software" says my computer is infected

I'm sure I'm not the first person to come across this, but here in the UK it seems every major bank (e.g. HSBC, NatWest, etc.) are getting their customers to install Trusteer's Rapport software before they do any sort of online banking. The idea being that this software protects their customer's credentials when logging on to their banking service.

This is all well and good, but I got tired of having it installed on my system, and during a tidy-up I decided to uninstall it... Except I got the following message telling me my computer was infected with malicious software:

alt text

Clicking on the "more info" link takes you here: http://www.trusteer.com/infected

There is no further information on what this supposed threat is, or why this threat would no longer be "quarantined" if I uninstalled Rapport, or even why malware scanners would not find it.

The whole thing smacks of scareware. Has anyone had any experiences with this software or this company? My instinct is to get rid of anything that attempts such tactics. Any advice?

Thanks!

Django Reinhardt

Posted 2010-08-29T12:44:28.410

Reputation: 4 183

Rapport is described as "snake oil" here: http://broadcast.oreilly.com/2008/12/snake-oil-legitimate-vendors-s.html Hmm!

– Django Reinhardt – 2010-08-29T13:02:52.657

1Well here's an update: I tried to uninstall their software again, just now, and I DIDN'T get the above message. They may have been telling the truth the first time around (I've since tidyied up my computer more since then) or they fixed their software in the meantime. That's somewhat good then, but it's still very bad that they don't inform the user as to WHAT malicious software they've found on your machine, only that you won't be protected if you remove their software. That, to me, IS scareware tactics, even if it's a milder version of what I originally thought. – Django Reinhardt – 2010-09-11T13:44:06.847

Answers

The easiest test to do would be to have a VM and install this software there.

If you then try and un-install on the VM and it gives you the same message then chances are (unless of course you manage to get infected in 5 minutes) this is the default message that it gives.

Stephen

Posted 2010-08-29T12:44:28.410

Reputation: 1 302

-2

This message appears only if Rapport has identified malicious software on your computer. Rapport does not remove malicious software as this can cause errors, file corruption or simply leave the door open for the Malware to install itself again.

Thus, Rapport blocks the Malware from accessing sensitive information. Removing Rapport enables the Malware to operate normally again.

If you would like to know exactly what Rapport has identified and why this message has appeared, please contact us at support@trusteer.com and provide your Rapport ID, which can be found under "More settings" in the Rapport console. The Rapport console can be opened through the start menu.

Best Regards,

Trusteer Support Team

user47965

Posted 2010-08-29T12:44:28.410

Reputation: 1

3I have done this, but apparently your software is having difficulty sending the required information to you. I find it unacceptable to say things like, "If you remove Trusteer Rapport, this malicious software will become active once again", but to not provide any additional information to the user. It sounds remarkably like scareware tactics, intentionally or not. – Django Reinhardt – 2010-08-30T12:40:52.577

@user4796 - I will call your software for what it is, useless, and something somebody should remove from their system. The message clearly provide no information, which simply means, the system was never infected. – Ramhound – 2014-01-24T23:57:18.903

-2

I use Gdata anti virus which seems to work OK. I downloaded Rapport on the advice of HSBC. Immediately Gdata told me they had found malware and that I should perform a reboot CD. They told me this twice and warned that I should not do any online banking in the meantime. The strange thing is that when I check the Gdata logs, there is no record of this malware being found and they assure me that everything is running fine. Also the language used in the warning was not typical of Gdata. I also suspect scaremongering.

tim

Posted 2010-08-29T12:44:28.410

Reputation: 1

2This does not really answer the user's question. – Ramhound – 2014-01-24T23:55:50.303