Antivirus Rogue

There is a company out there, God knows who they truly are, that produces a virus that acts like an antivirus program that falsely tells you you have dozens of infections and that you need to pay them to activate their program to clean the infections.  Technically they are right, you are infected…by them.  Do not provide them any identifying information or credit card details, they are (in my opinion) crooks and the FTC should have long since found a way to close them down nd seize their assets.

This company’s “product” has had many names and used to change names only once every six months to a year. These days they are changing almost weekly.  How do I know its the same “product”.  They use the same modus operandi behind the scenes as well as the general approach of being a fake antivirus program.  The registry settings and files they use to infect and control your computer have been the same since they last changed about a year ago.

The many faces of fraud have included:

  • Antimalware Doctor

  • AntiSpyware Pro

  • AntiSpyware Soft

  • Anti-Virus Number-1

  • AntiVir

  • Antivirus 7

  • AntiVirus AntiSpyware 2011

  • AntivirusGT

  • Antivirus Software Platinum

  • Desktop Security 2010

  • General Antivirus

  • Internet Protection

  • Internet Security 20XX

  • Live Security Suite

  • Microsoft Antivirus 20XX

  • My Security Shield

  • MS Tool

  • Palladium for Windows

  • PC Speed Boot

  • Personal Security

  • Security Tool 20XX with or without a date

  • System Tool 2011

  • ThinkPoint Security

  • Total Vista Security

  • Total Security

  • User Protection

  • Virus Protect

  • Windows Antivirus 20XX

  • Windows Protection

  • Windows XP Recovery

  • Windows Vista Restore

  • Wireshark Antivirus

  • XP Antivirus 20XX (use any numbers in the XX)

  • XP Deluxe Protector

  • XP Police Antivirus


…and growing.  As I recall or run across their newest fraudulent face, I\’ll update this list  If you have their “product on your PC, you\’re going to need help removing it. Even the latest greatest updated versions of any of the legitimate free and professional antivirus products don\’t get all the files installed and created by these antivirus rogues.  It takes a trained eye and skill to find them and remove them.

Update:  I ran across this alert at the FBI website.  At the end is a link to report your experience with this type of scam so the goverments investigation can put a dent into their profits.


12/11/09—An ongoing threat exists for computer users who, while browsing the Internet, began receiving pop-up security warnings that state their computers are infected with numerous viruses.

These pop-ups known as scareware, fake, or rogue anti-virus software look authentic and may even display what appears to be real-time anti-virus scanning of the user’s hard drive. The scareware will show a list of reputable software icons; however, the user cannot click a link to go to the actual site to review or see recommendations.

The scareware is intimidating to most users and extremely aggressive in its attempt to lure the user into purchasing the rogue software that will allegedly remove the viruses from their computer. It is possible that these threats are received as a result of clicking on advertisements contained on a website. Cyber criminals use botnets to push the software and use advertisements on websites to deliver it. This is known as malicious advertising or malvertising.

Once the pop-up appears it cannot be easily closed by clicking “close” or the “X” button. If the user clicks on the pop-up to purchase the software, a form is provided that collects payment information and the user is charged for the bogus product. In some instances, whether the user clicks on the pop-up or not, the scareware can install malicious code onto the computer. By running your computer with an account that has rights to install software, this issue is more likely to occur.

Downloading the software could result in viruses, Trojans, and/or keyloggers being installed on the user’s computer. The repercussions of downloading the malicious software could prove further financial loss to the victim due to computer repair, as well as, cost to the user and/or financial institutions due to identity theft.

The assertive tactics of the scareware has caused significant losses to users. The FBI is aware of an estimated loss to victims in excess of $150 million.

Be cautious—Cyber criminals use easy to remember names and associate them with known applications. Beware of pop-ups that are offer a variation of recognized security software. It is recommended that the user research the exact name of the software being offered.

Take precautions to ensure operating systems are updated and security software is current.

If a user receives these anti-virus pop-ups, it is recommended to close the browser or shut the system down. It is suggested that the user run a full, anti-virus scan whenever the computer is turned back on.

If you have experienced the anti-virus pop-ups or a similar scam, please notify the IC3 by filing a complaint at