223:
2011, and 360, AntiMalware GO, Internet
Antivirus Plus, System Antivirus, Spyware Guard 2008 and 2009, Spyware Protect 2009, Winweb Security 2008, Antivirus 10, Total Antivirus 2020, Live Protection Suite, System Security, Malware Defender 2009, Ultimate Antivirus2008, Vista Antivirus, General Antivirus, AntiSpywareMaster, Antispyware 2008, XP AntiSpyware 2008, 2009 and 2010, Antivirus Vista 2010, Real Antivirus, WinPCDefender, Antivirus XP Pro, Anti-Virus-1, Antivirus Soft, Vista Antispyware 2012, Antispyware Soft, Antivirus System PRO, Antivirus Live, Vista Anti Malware 2010, Internet Security 2010, XP Antivirus Pro, Security Tool, VSCAN7, Total Security, PC Defender Plus, Disk Antivirus Professional, AVASoft Professional Antivirus, System Care Antivirus, and System Doctor 2014. Another MS Antivirus clone is named ANG Antivirus. This name is used to confuse the user of the software into thinking that it is the legitimate
248:
the computer and gives a false spyware report claiming that the computer is infected with spyware. Once the scan is completed, a warning message appears that lists the spyware ‘found’ and the user either has to click on a link or a button to remove it. Regardless of which button is clicked -- "Next" or "Cancel"—a download box will still pop up. This deceptive tactic is an attempt to scare the
Internet user into clicking on the link or button to purchase MS Antivirus. If the user decides not to purchase the program, then they will constantly receive pop-ups stating that the program has found infections and that they should register it in order to fix them. This type of behavior can cause a computer to operate more slowly than normal.
353:, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus has fooled over one million people into purchasing the software marketed as security products. The court also froze the assets of the companies in an effort to provide some monetary reimbursement to affected victims. The FTC claims the companies established an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements.
305:) nor critically harm a system. However, the software will act to inconvenience the user by frequently displaying popups that prompt the user to pay to register the software in order to remove non-existent viruses. Some variants are more harmful; they display popups whenever the user tries to start an application or even tries to navigate the hard drive, especially after the computer is restarted. It does this by modifying the
47:
309:. This can clog the screen with repeated pop-ups, potentially making the computer virtually unusable. It can also disable real antivirus programs to protect itself from removal. Whichever variant infects a computer, MS Antivirus always uses system resources when running, potentially making an infected computer run more slowly than before.
247:
Each variant has its own way of downloading and installing itself onto a computer. MS Antivirus is made to look functional to fool a computer user into thinking that it is a real anti-virus system in order to convince the user to "purchase" it. In a typical installation, MS Antivirus runs a scan on
312:
The malware can also block access to known spyware removal sites and in some instances, searching for "antivirus 2009" (or similar search terms) on a search engine will result in a blank page or an error page. Some variants will also redirect the user from the actual Google search page to a false
222:
Many clones of MS Antivirus that include slight variations have been distributed throughout the web. They are known as XP Antivirus, Vitae
Antivirus, Windows Antivirus, Win Antivirus, Antivirus Action, Antivirus Pro 2009, 2010, 2017 or simply just Antivirus Pro, Antivirus 2007, 2008, 2009, 2010,
214:. It attempts to scam the user into purchasing a "full version" of the software. The company and the individuals behind Bakasoftware operated under other different 'company' names, including Innovagest2000, Innovative Marketing Ukraine, Pandora Software, LocusSoftware, etc.
236:
259:
over the screen and then display a fake startup image telling the user to buy the software. The malware may also block certain
Windows programs that allow the user to modify or remove it. Programs such as Regedit can be blocked by this malware. The
313:
Google search page with a link to the virus' page that states that the user has a virus and should get
Antivirus 2009. In some rare cases, with the newest version of the malware, it can prevent the user from performing a system restore.
288:
In addition, in an attempt to make the software seem legitimate, MS Antivirus can give the computer symptoms of the "viruses" that it claims are on the computer. For example, some shortcuts on the desktop may be changed to links of
636:
429:
325:
known as NeoN hacked the
Bakasoftware's database, and posted the earnings of the company received from XP Antivirus. The data revealed the most successful affiliate earned
57:
338:
544:
255:
on that computer and the alert prompts the user to activate or purchase the software in order to stop the attack. More seriously it can paste a fake picture of a
752:
770:
629:
356:
According to the FTC complaint, the companies charged in the case operated using a variety of aliases and maintained offices in the countries of
788:
71:
of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be
723:
601:
166:
Bakasoftware (developer name:Gavril
Danilkin alias "krab"), Innovagest2000, Innovative Marketing Inc.(Jain Shaileshkumar, Bjorn Daniel, etc)
673:
622:
470:
764:
251:
MS Antivirus will also occasionally display fake pop-up alerts on an infected computer. These alerts pretend to be a detection of an
437:
142:
123:
846:
95:
679:
102:
758:
281:
Depending on the variant, the files have different names and therefore can appear or be labeled differently. For example,
68:
35:
552:
685:
264:
is also modified so the software runs at system startup. The following files may be downloaded to an infected computer:
815:
342:
109:
729:
717:
322:
301:
Most variants of this malware will not be overtly harmful, as they usually will not steal a user's information (as
64:
805:
91:
80:
851:
697:
346:
345:
against
Innovative Marketing, Inc. and ByteHosting Internet Services, LLC after receiving a request from the
810:
207:
691:
825:
776:
410:
256:
31:
372:, Marc D’Souza, Kristy Ross, and James Reno in its filing, along with Maurice D’Souza, who is named
183:
598:
116:
369:
252:
76:
478:
519:
240:
239:
SWP '09 "protecting" the user from microsoft.com. Notice that the font is different than what
211:
176:
72:
667:
373:
365:
306:
261:
171:
782:
605:
493:
709:
385:
188:
235:
840:
224:
574:
17:
290:
614:
161:
645:
609:
457:
204:
350:
201:
Spyware
Protect 2009 and Antivirus XP 2008/Antivirus2009/SecurityTool/etc
655:
Numbers in brackets are the years of the initial release of the product.
390:
361:
302:
210:
which purports to remove virus infections found on a computer running
357:
63:
Please help to demonstrate the notability of the topic by citing
746:
618:
326:
40:
545:"Bakasoftware Russian Scareware Named and Shamed By Hacker"
599:
XP Antivirus 2009 Description and
Removal instructions
368:. The complaint also names defendants Daniel Sundin,
349:(FTC). According to the FTC, the combined malware of
798:
739:
707:
660:
182:
170:
160:
430:"MS Antivirus 2008 morphed from XP Antivirus 2008"
364:(Kyiv). ByteHosting Internet Services is based in
458:ANG AntiVirus 09 Remover at Spyware Removal Tools
339:U.S. District Court for the District of Maryland
58:notability guidelines for products and services
630:
577:. Federal Trade Commission. December 10, 2008
8:
155:
551:. SecPoint. 31 October 2008. Archived from
637:
623:
615:
376:, for receiving proceeds from the scheme.
154:
321:In November 2008, it was reported that a
143:Learn how and when to remove this message
234:
402:
789:Enhanced Mitigation Experience Toolkit
724:System Center Data Protection Manager
7:
520:"Rogue Antivirus Dissected - Part 2"
575:"Court Halts Bogus Computer Scans"
285:has the .exe file name a2009.exe.
25:
494:"MS Antivirus in SpyWareLoop.com"
45:
680:Malicious Software Removal Tool
1:
759:Microsoft Security Essentials
36:Microsoft Security Essentials
686:Microsoft Defender Antivirus
411:"How to remove MS Antivirus"
816:Mandatory Integrity Control
343:temporary restraining order
92:"MS Antivirus" malware
868:
718:Exchange Online Protection
674:Baseline Security Analyzer
492:Vincentas (16 July 2013).
65:reliable secondary sources
54:The topic of this article
29:
806:Data Execution Prevention
753:Threat Management Gateway
653:
460:Accessed October 24, 2010
337:On December 2, 2008, the
56:may not meet Knowledge's
698:Microsoft Safety Scanner
347:Federal Trade Commission
30:Not to be confused with
847:Rogue security software
811:Kernel Patch Protection
227:before downloading it.
27:Rogue security software
821:MS Antivirus (malware)
771:Unified Access Gateway
765:OneCare Safety Scanner
244:
692:Microsoft SmartScreen
329:$ 158,000 in a week.
238:
231:Symptoms of infection
826:User Account Control
777:Windows Live OneCare
257:Blue Screen of Death
32:Microsoft Anti-Virus
157:
604:2009-05-10 at the
555:on 10 January 2010
293:websites instead.
245:
60:
18:Antivirus pro 2009
834:
833:
648:security products
297:Malicious actions
291:sexually explicit
241:Internet Explorer
212:Microsoft Windows
194:
193:
177:Microsoft Windows
153:
152:
145:
127:
55:
16:(Redirected from
859:
730:Identity Manager
668:Windows Firewall
639:
632:
625:
616:
586:
585:
583:
582:
571:
565:
564:
562:
560:
549:IT Security NEWS
541:
535:
534:
532:
530:
515:
509:
508:
506:
504:
489:
483:
482:
477:. Archived from
467:
461:
455:
449:
448:
446:
445:
436:. Archived from
428:Seltzer, Larry.
425:
419:
418:
415:BleepingComputer
407:
374:Relief Defendant
366:Cincinnati, Ohio
307:Windows registry
208:rogue anti-virus
172:Operating system
158:
148:
141:
137:
134:
128:
126:
85:
49:
48:
41:
21:
867:
866:
862:
861:
860:
858:
857:
856:
852:Windows malware
837:
836:
835:
830:
794:
783:RootkitRevealer
735:
703:
656:
649:
643:
606:Wayback Machine
595:
590:
589:
580:
578:
573:
572:
568:
558:
556:
543:
542:
538:
528:
526:
517:
516:
512:
502:
500:
491:
490:
486:
469:
468:
464:
456:
452:
443:
441:
427:
426:
422:
409:
408:
404:
399:
382:
335:
319:
299:
233:
220:
199:(also known as
149:
138:
132:
129:
86:
84:
62:
50:
46:
39:
28:
23:
22:
15:
12:
11:
5:
865:
863:
855:
854:
849:
839:
838:
832:
831:
829:
828:
823:
818:
813:
808:
802:
800:
799:Related topics
796:
795:
793:
792:
791:[2009]
786:
785:[2006]
780:
779:[2006]
774:
773:[2007]
768:
767:[2006]
762:
761:[2009]
756:
755:[1997]
750:
749:[1993]
743:
741:
737:
736:
734:
733:
732:[2010]
727:
726:[2007]
721:
720:[2007]
714:
712:
710:Windows Server
705:
704:
702:
701:
700:[2011]
695:
694:[2006]
689:
688:[2006]
683:
682:[2005]
677:
676:[2004]
671:
670:[2001]
664:
662:
658:
657:
654:
651:
650:
644:
642:
641:
634:
627:
619:
613:
612:
594:
593:External links
591:
588:
587:
566:
536:
518:Stewart, Joe.
510:
484:
481:on 2009-01-13.
471:"MS Antivirus"
462:
450:
420:
401:
400:
398:
395:
394:
393:
388:
386:Rogue software
381:
378:
334:
331:
318:
315:
298:
295:
283:Antivirus 2009
279:
278:
275:
272:
269:
232:
229:
219:
216:
192:
191:
189:Rogue software
186:
180:
179:
174:
168:
167:
164:
151:
150:
53:
51:
44:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
864:
853:
850:
848:
845:
844:
842:
827:
824:
822:
819:
817:
814:
812:
809:
807:
804:
803:
801:
797:
790:
787:
784:
781:
778:
775:
772:
769:
766:
763:
760:
757:
754:
751:
748:
745:
744:
742:
738:
731:
728:
725:
722:
719:
716:
715:
713:
711:
706:
699:
696:
693:
690:
687:
684:
681:
678:
675:
672:
669:
666:
665:
663:
659:
652:
647:
640:
635:
633:
628:
626:
621:
620:
617:
611:
607:
603:
600:
597:
596:
592:
576:
570:
567:
554:
550:
546:
540:
537:
525:
521:
514:
511:
499:
495:
488:
485:
480:
476:
472:
466:
463:
459:
454:
451:
440:on 2008-09-12
439:
435:
431:
424:
421:
416:
412:
406:
403:
396:
392:
389:
387:
384:
383:
379:
377:
375:
371:
367:
363:
359:
354:
352:
348:
344:
340:
333:Court actions
332:
330:
328:
324:
316:
314:
310:
308:
304:
296:
294:
292:
286:
284:
276:
273:
270:
267:
266:
265:
263:
258:
254:
249:
243:usually uses.
242:
237:
230:
228:
226:
225:AVG Antivirus
217:
215:
213:
209:
206:
202:
198:
190:
187:
185:
181:
178:
175:
173:
169:
165:
163:
159:
147:
144:
136:
125:
122:
118:
115:
111:
108:
104:
101:
97:
94: –
93:
89:
88:Find sources:
82:
78:
74:
70:
66:
59:
52:
43:
42:
37:
33:
19:
820:
740:Discontinued
579:. Retrieved
569:
557:. Retrieved
553:the original
548:
539:
527:. Retrieved
523:
513:
501:. Retrieved
498:Spyware Loop
497:
487:
479:the original
474:
465:
453:
442:. Retrieved
438:the original
433:
423:
414:
405:
355:
336:
320:
311:
300:
287:
282:
280:
268:MSASetup.exe
250:
246:
221:
200:
197:MS Antivirus
196:
195:
162:Developer(s)
156:MS Antivirus
139:
130:
120:
113:
106:
99:
87:
661:For Windows
529:24 February
524:SecureWorks
434:PC Magazine
69:independent
841:Categories
581:2009-01-19
444:2008-09-23
397:References
133:March 2020
103:newspapers
77:redirected
646:Microsoft
610:About.com
341:issued a
205:scareware
67:that are
602:Archived
380:See also
370:Sam Jain
351:WinFixer
262:registry
559:8 March
503:28 July
391:Malware
362:Ukraine
303:spyware
277:MSx.exe
274:MSA.cpl
271:MSA.exe
203:) is a
117:scholar
81:deleted
475:ca.com
358:Belize
323:hacker
253:attack
119:
112:
105:
98:
90:
73:merged
218:Names
124:JSTOR
110:books
79:, or
747:MSAV
708:For
561:2010
531:2016
505:2013
360:and
184:Type
96:news
608:on
327:USD
34:or
843::
547:.
522:.
496:.
473:.
432:.
413:.
75:,
638:e
631:t
624:v
584:.
563:.
533:.
507:.
447:.
417:.
317:G
146:)
140:(
135:)
131:(
121:·
114:·
107:·
100:·
83:.
61:.
38:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.