Windows 7 114 Windows “Antivirusâ€Â￾ to Avoid at All Costs

Discussion in 'Windows Security' started by whoosh, Dec 21, 2009.

  1. whoosh

    whoosh Cooler King
    Staff Member Premium Supporter

    Joined:
    Apr 15, 2009
    Messages:
    25,718
    Likes Received:
    380
    http://news.softpedia.com/news/114-Windows-Antivirus-to-Avoid-at-All-Costs-130245.shtml
    This year alone they will be responsible for infecting in excess of 25 million computers worldwide, but they could come close to compromising as much as 30 million machines. At the root of this epidemic lay simple social engineering tactics designed, through various methods, to convince victims to pay for peace of mind. Responsible for the actual infections are pieces of malicious code that the software industry refers to under a variety of monikers, including rogue antivirus, fake antivirus, scareware, etc.
    Microsoft has put together a list containing no less than 114 AV rogues which are detected by the company’s antivirus products, including Microsoft Security Essentials, Forefront Client Security, etc. It is important to note that the list contains only the official label provided by the software giant. Each of the items featured below come in a variety of packages and under a plethora of brands, which actually makes the number of fake antivirus in the wild much larger.

    Users that have doubts related to a security solution that is being aggressively advertised to them should first check to make sure that the offering is indeed genuine. Microsoft, but also additional members of the security industry, constantly update information on threats posed to end users, including rogue antivirus, and publish it on websites that are available to the public. These details are available to the public, and are essentially no more than a search away, at any given time.

    “On page 100 of our Security Intelligence Report volume 7, we observed that rogues remained a significant threat even though they trended down to 13.4 million infected computers in 1H09 from 16.8 million in 2H08. (Internet Explorer 8 SmartScreen Filter, a browser-based security feature, contributed to part of the decline),â€Â￾ revealed Scott Wu, from MMPC.

    Modus Operandi

    “Rogue security softwareâ€â€￾software that displays false or misleading alerts about infections or vulnerabilities on the victim’s computer and offers to fix the supposed problems for a priceâ€â€￾has become one of the most common methods that attackers use to swindle money from victims. These are programs that masquerade as legitimate security programs offering protection from malware, spyware, and other threats, but actually use social engineering to obtain money from victims, and offer poor or nonexistent protection,â€Â￾ the Redmond company reveals in SIRv7.

    Fake antivirus will take it upon itself to run a scan of computers belonging to unsuspecting users. Of course that the scan itself and the results offered are both fake. Rogue AV doesn’t actually analyze machines, nor is it capable of detecting any malware, or to remove it. It’s all smoke and mirrors, a show put on to trick users into thinking that their computers is infected with malicious code.

    “Rogue security software programs typically mimic the general look and feel of legitimate security software, claiming to detect a large number of nonexistent threats and urging the user to “activateâ€Â￾ the software to remove them. Some families emulate the appearance of the Windows Security Center or unlawfully use trademarks and icons to misrepresent themselves. Rogue security software spreads through familiar malware distribution mechanisms, like spam and exploits, and through customized tactics, like a fake Webbased security scanner. After installation, some rogue security software families take other actions to evade detection or to frighten the user into paying,â€Â￾ Microsoft explains.

    Once installed on a Windows PC, fake antivirus programs will attempt to scare the user into believing that various infections were detected. Rogue security solutions are designed to look very similar to genuine AV products, often copying at least elements of the graphical user interface, if not the whole UI, as well as using brands and labels mimicking, or even plagiarizing valid security offerings.

    And integral part of the social engineering tactics deployed is to convince the user that the rogue AV is a genuine security solution, when in fact, much to the contrary, it is only masquerading as such. The fake AV will bombard users with alerts, and annoying, repetitive, incessant notifications, reporting inexistent infections.

    At the same time, the rogue AV advertises the possibility of removing the fake infections, provided that users buy the software. Once a license is acquired, the fake AV ceases from delivering fake reports, creating the illusion that whatever malware had compromised the computer, was removed. Obviously, in this scenario, the users have been scammed into paying for protection against an inexistent threat.

    “Though fooling users into paying for worthless software remains the primary goal of most rogue security software, several recently released families have begun to branch out and exhibit behaviors common to other threats, such as downloading additional malware to a victim’s computer. Win32/Winwebsec has been observed to download Win32/Koobfaceâ€â€￾ which itself sometimes displays pop-up advertisements for rogue security software. Win32/InternetAntivirus, which was added to the MSRT in June 2009, downloads the password stealer Win32/Chadem,â€Â￾ the company added.

    Protection

    “As we have done in the past, we again encourage our readers to run a complete, up to date AV product such as Microsoft Security Essentials to protect their computers from these rogues, especially if located in English speaking countries - the regions where these rogues appear most active (as highlighted in the SIR). MSRT is a baseline tool we provide for the ecosystem to remove prevalent threats such as high profile rogues. With Security Essentials, on the other hand, you get the benefit of the complete AV signature set from the MMPC and you get the essential protection features an AV solution needs – real time, kernel mode detection, scheduled scan, complicated cleaning functionalities to address the em114 Windows “antivirusâ€Â￾ to avoid at all costs

    1. Win32/FakeXPA – Aliases: Win-Trojan/Downloader.56320.M (AhnLab), Win32/Adware.XPAntivirus (ESET), not-a-virus:Downloader.Win32XpAntivirus.b (Kaspersky), FakeAlert-AB.dldr (McAfee), W32/DLoader.FKAI (Norman), Mal/Generic-A (Sophos), XPAntivirus (Sunbelt Software), Downloader.MisleadApp (Symantec), XP Antivirus (other), Antivirus 2009 (other), Antivirus 2010 (other), Antivirus 360 (other), Total Security (other), AntivirusBEST (other), GreenAV (other), Alpha Antivirus, other), AlphaAV (other), Cyber Security (other), Cyber Protection Center (other), Nortel (other), Eco AntiVirus (other), MaCatte (other), Antivirus (other), Antivir (other), Personal Security (other).

    2. Trojan:Win32/FakePowav– Aliases: Win Antivirus 2008 (other), SpyShredder (other), WinXProtector (other), Rapid Antivirus (other), Security 2009 (other), Power Antivirus 2009 (other), WinXDefender (other), SpyProtector (other), SpyGuarder (other), MSAntiMalware (other).

    3. Program:Win32/MalwareBurn

    4. Program:Win32/UnSpyPc

    5. Program:Win32/DriveCleaner – Aliases: DriveCleaner (McAfee), W32/WinFixer.NU (Norman), DriveCleaner (Sunbelt Software), DriveCleaner (Symantec), Freeloa.8F4CBEAA (Trend Micro).

    6. Trojan:Win32/DocrorTrojan

    7. Program:Win32/Winfixer – Aliases: DriveCleaner (McAfee), W32/WinFixer.NU (Norman), DriveCleaner (Sunbelt Software), DriveCleaner (Symantec), Freeloa.8F4CBEAA (Trend Micro), Win32/Adware.WinFixer (ESET), not-a-virus:Downloader.Win32.WinFixer.o (Kaspersky), WinFixer (McAfee), Adware_Winfixer (Trend Micro), Program:Win32/DriveCleaner (other), Program:Win32/SecureExpertCleaner (other).

    8. Trojan:Win32/FakeScanti – Aliases: Windows Antivirus Pro (other), Windows Police Pro (other), Win32/WindowsAntivirusPro.F (CA), FakeAlert-GA.dll (McAfee), Adware/WindowsAntivirusPro (Panda), Trojan.Fakeavalert (Symantec).

    9. Program:Win32/Cleanator

    10. Program:Win32/MalwareCrush

    11. Program:Win32/PrivacyChampion

    12. Program:Win32/SystemLiveProtect

    13. Win32/Yektel

    14. Trojan:Win32/FakeSmoke – Aliases: SystemCop (other), QuickHealCleaner (other), TrustWarrior (other); SaveArmor (other), SecureVeteran (other), SecuritySoldier (other), SafeFighter (other), TrustSoldier (other), TrustFighter (other), SoftCop (other), TRE AntiVirus (other), SoftBarrier (other), BlockKeeper (other), BlockScanner (other), BlockProtector (other), SystemFighter (other), SystemVeteran (other), SystemWarrior (other), AntiAID (other), Win32/WinBlueSoft.A (CA), Trojan-Downloader.Win32.FraudLoad.vtgpk (Kaspersky), WinBlueSoft (other), WiniBlueSoft (other), Winishield (other), SaveKeep (other), WiniFighter (other), TrustNinja (other), SaveDefense (other), BlockDefense (other), SaveSoldier (other), WiniShield (other), SafetyKeeper (other), SoftSafeness (other), SafeDefender (other), Trustcop (other), SecureWarrior (other), SecureFighter (other), SoftSoldier (other), SoftVeteran (other), SoftStronghold (other), ShieldSafeness (other).

    15. Program:Win32/Spyguarder.A

    16. Program:Win32/AntivirusGold

    17. Program:Win32/SystemGuard2009

    18. Program:Win32/WorldAntiSpy

    19. Program:Win32/SpywareSecure – Aliases: W32/SpyAxe.AMI (Norman), SpywareSecure (Panda), SpywareSecure (Sunbelt Software), SpywareSecure (Symantec).

    20. Program:Win32/IEDefender – Aliases: Win32/Burgspill.AD (CA), IEAntivirus (Symantec), Trojan.DR.FakeAlert.FJ (VirusBuster).

    21. Program:Win32/MalWarrior

    22. Program:Win32/Malwareprotector

    23. Program:Win32/SpywareSoftStop

    24. Program:Win32/AntiSpyZone

    25. Program:Win32/Antivirus2008 – Aliases: Trojan.FakeAlert.RL (BitDefender), Win32/Adware.Antivirus2008 (ESET), not-a-virus:Downloader.Win32.FraudLoad.ar (Kaspersky), WinFixer (McAfee), W32/DLoader.HDZU (Norman), Troj/Dwnldr-HDG (Sophos), ADW_FAKEAV.O (Trend Micro), Program:Win32/VistaAntivirus2008.A (other), MS Antivirus (CA).

    26. Trojan:Win32/PrivacyCenter – Aliases: Fake_AntiSpyware.BKN (AVG), Win32/FakeAV.ACR (CA), Win32/Adware.PrivacyComponents (ESET), not-a-virus:FraudTool.Win32.PrivacyCenter (other), not-a-virus:FraudTool.Win32.Agent.jn (Kaspersky), FakeAlert-CP (McAfee), Troj/PrvCnt-Gen (Sophos), SpywareGuard2008 (Symantec).

    27. Program:Win32/SpyLocked

    28. Program:Win32/Trojanguarder

    29. Program:Win32/MyBetterPC

    30. Program:Win32/NeoSpace

    31. Win32/Winwebsec - Aliases: SystemSecurity2009 (other), System Security (other), Winweb Security (other), FakeAlert-WinwebSecurity.gen (McAfee), Mal/FakeAV-AK (Sophos), Troj/FakeVir-LB (Sophos), Adware/AntiSpywarePro2009 (Panda), Adware/UltimateCleaner (Panda), Adware/Xpantivirus2008 (Panda), Win32/Adware.SystemSecurity (ESET), Win32/Adware.WinWebSecurity (ESET), AntiVirus2008 (Symantec), SecurityRisk.Downldr (Symantec), W32/AntiVirus2008.AYO (Norman), Total Security (other), AntiSpyware Pro 2009 (other), FakeAlert-AntiSpywarePro (McAfee).

    32. Trojan:Win32/FakeRemoc - Aliases: AntiMalwareSuite (other), VirusRemover2009 (other), PCAntiMalware (other), Total Virus Protection (other), SpywareRemover2009 (other), AntiMalwareGuard (other), Secure Expert Cleaner (other), Cleaner2009 Freeware (other), AVCare (other), AV Care (other).

    33. Program:Win32/SpywareStormer

    34. Program:Win32/SecurityiGuard

    35. Program:Win32/DoctorCleaner

    36. Program:Win32/UniGray

    37. Win32/FakeSecSen – Aliases: Micro AV (other), MS Antivirus (other), Spyware Preventer (other), Vista Antivirus 2008 (other), Advanced Antivirus (other), System Antivirus (other), Ultimate Antivirus 2008 (other), Windows Antivirus 2008 (other), XPert Antivirus (other), Power Antivirus (other).

    38. Program:Win32/VirusRemover – Aliases: Troj/FakeVir-DR (Sophos), VirusRemover2008 (Symantec), ADW_FAKEVIR (Trend Micro).

    39. Program:Win32/Privacywarrior

    40. Program:Win32/PrivacyProtector

    41. Adware:Win32/SpyBlast

    42. Trojan:Win32/FakeFreeAV

    43. Win32/FakeRean - Aliases: XP AntiSpyware 2009 (other), XP Security Center (other), PC Antispyware 2010 (other), Home Antivirus 2010 (other), PC Security 2009 (other), ADW_WINREANIMA (Trend Micro), Win32/Adware.WinReanimator (ESET), not-a-virus:FraudTool.Win32.Reanimator (Kaspersky), WinReanimator (Sunbelt Software), XP Police Antivirus (other), FakeAlert-XPPoliceAntivirus (McAfee), Adware/XPPolice (Panda), AntiSpyware XP 2009 (other), Antivirus Pro 2010 (other).

    44. Program:Win32/Antivirus2009 – Aliases: Win32/Adware.XPAntivirus (ESET), FakeAlert-AB.gen (McAfee), MalwareWarrior (other), Antivirus2009 (other).

    45. Program:Win32/AntiSpywareDeluxe – Aliases: Adware.Fakealert-134 (Clam AV), Win32/Adware.AntiSpywareDeluxe (ESET), FraudTool.Win32.AntiSpywareDeluxe.a (Kaspersky), AntispyDeluxe (Symantec), TROJ_RENOS.CP (Trend Micro).

    46. Program:Win32/Searchanddestroy

    47. Program:Win32/AlfaCleaner

    48. Program:Win32/WebSpyShield

    49. Win32/InternetAntivirus – Aliases: InternetAntivirus (Symantec), General Antivirus (other), Personal Antivirus (other), not-a-virus:FraudTool:Win32.GeneralAntivirus.b (Kaspersky), Mal/FakeAV-AC (Sophos), TrojanDownloader:Win32/Renos.gen!Z (other), Fraudtool.GeneralAntivirus.C (VirusBuster), Internet Antivirus Pro (other).

    50. Trojan:Win32/Antivirusxp – Aliases: Antivirus XP 2008 (other), Win32/Adware.WinFixer (ESET), Generic FakeAlert.a (McAfee), W32/WinFixer.BTB (Norman), Troj/FakeAV-AB (Sophos), AntiVirus2008 (Symantec), Program:Win32/Antivirusxp (other).

    51. Program:Win32/ErrorGuard

    52. Program:Win32/SpyCrush

    53. Trojan:Win32/Fakeav

    54. Program:Win32/Spyaway

    55. Trojan:Win32/WinSpywareProtect – Aliases: Win32/Adware.WinSpywareProtect (ESET), Trojan-Downloader.Win32.FraudLoad.aob (Kaspersky), WinSpywareProtect (Symantec), Program:Win32/WinSpywareProtect (other), Trojan.FakeAV.GP (BitDefender), Win32/Adware.MSAntispyware2009 (ESET), Packed.Win32.Katusha.a (Kaspersky), FaleAlert-BV (McAfee), Adware/MSAntiSpyware2009 (Panda), Fraudtool.MSAntispy2009.A (VirusBuster), MS Antispyware 2009 (other), AV Antispyware (other), Extra Antivirus (other).

    56. Program:Win32/Fakerednefed – Aliases: WinDefender 2008 (other), Program:Win32/Defendwin (other), Program:Win32/Windefender (other).

    57. Program:Win32/Antispyware2008

    58. Program:Win32/EZCatch

    59. Program:Win32/EvidenceEraser

    60. Program:Win32/Vaccine2008

    61. Win32/FakeSpypro – Aliases: FakeAlert-C.dr (McAfee), SpywareProtect2009 (Symantec), Troj/FakeAV-LS (Sophos), Win32/Adware.SpywareProtect2009 (ESET), .Win32.FraudPack.kho (Kaspersky), Spyware Protect 2009 (other), Antivirus System Pro (other), Security Central (other), Barracuda Antivirus (other).

    62. Trojan:Win32/FakeCog – Aliases: Win32/Adware.CoreguardAntivirus (ESET), not-a-virus:FraudTool.Win32.CoreGuard2009 (Kaspersky), FakeAlert-FQ (McAfee) , W32/Renos.FIP (Norman) , Mal/TDSSPack-L (Sophos), CoreGuardAntivirus2009 (Symantec), Fraudtool.CoreGuard2009.A (VirusBuster), CoreGuard Antivirus 2009 (other).

    63. Program:Win32/AntiVirGear

    64. Adware:Win32/VaccineProgram

    65. Program:Win32/TrustCleaner

    66. Program:Win32/SearchSpy

    67. Program:Win32/AntiSpywareExpert – Aliases: Win32/Adware.AntiSpywareMaster (ESET), Generic.Win32.Malware.AntiSpywareExpert (other), WinFixer (McAfee), AVSystemCare (Symantec), AntiSpywareExpert (Trend Micro), not-a-virus:FraudTool.Win32.AntiSpywareExpert.a (Kaspersky).

    68. Program:Win32/VirusRanger – Aliases: VirusRescue (Symantec) .

    69. Program:Win32/SpyDawn

    70. Program:Win32/UltimateFixer

    71. Program:Win32/WinHound

    72. Program:Win32/Spyshield

    73. Program:Win32/SpySheriff – Aliases: Win32.TrojanDownloader.IEDefender (Ad-Aware), MagicAntiSpy (Sunbelt Software), Adware.SpySheriff (Symantec), SpyShredder (Symantec), IEDefender (other), Malware Destructor (other), SpySheriff (other), SpyShredder (other).

    74. Program:Win32/Antispycheck – Aliases: Win32/Adware.AntiSpyCheck (ESET), AntiSpyCheck (Symantec).

    75. Program:Win32/SpywareIsolator – Aliases: not-a-virus:FraudTool.Win32.SpywareIsolator.ad (Kaspersky), SpywareIsolator (Symantec).

    76. Program:Win32/SpyFalcon

    77. Program:Win32/PrivacyRedeemer

    78. Trojan:Java/VirusConst

    79. Trojan:Win32/FakeVimes – Aliases: FakeAlert-CQ (McAfee), Extra Antivirus (other), Ultra Antivirus 2009 (other), Malware Catcher 2009 (other), Virus Melt (other), Windows PC Defender (other).

    80. Program:Win32/PCSave – Aliases: Win-Trojan/Pcsave.339456 (AhnLab), PCSave (McAfee).

    81. Program:Win32/PSGuard

    82. Program:Win32/SpywareStrike

    83. Program:Win32/Nothingvirus

    84. Trojan:Win32/AVClean

    85. Trojan:Win32/FakeIA.C - Aliases: Win32/FakeAlert.RW (CA), Dropped:Trojan.FakeAv.DS (BitDefender), FakeAlert-AB (McAfee), Trojan.Fakeavalert (Symantec), not-a-virus:FraudTool.Win32.Delf.d (Kaspersky).

    86. Program:Win32/AntispyStorm

    87. Program:Win32/Antivirustrojan

    88. Program:Win32/XDef

    89. Program:Win32/AntiSpywareSoldier

    90. Program:Win32/AdsAlert

    91. Program:Win32/AdvancedCleaner – Aliases: AdvancedCleaner (Symantec).

    92. Program:Win32/FakePccleaner - Aliases: Program:Win32/Pccleaner (other), Win32/Adwrae.PCClean (ESET), Backdoor.Win32.UltimateDefender.hu (Kaspersky), PCClean (Symantec), Program:Win32/UltimateCleaner (other).

    93. Program:Win32/SpywareQuake

    94. Program:Win32/WareOut – Aliases: WareOut (McAfee), W32/WareOut (Norman), WareOut (Sunbelt Software), SecurityRisk.Downldr (Symantec), Adware.Wareout (AVG).

    95. Program:Win32/Kazaap

    96. Program:Win32/SystemDefender

    97. Trojan:Win32/FakeSpyguard – Aliases: Spyware Guard 2008 (other), Win32/Adware.SpywareGuard (ESET), FakeAlert-BM (McAfee), SpywareGuard2008 (Symantec), ADW_SPYWGUARD (Trend Micro), System Guard 2009 (other), Malware Defender 2009 (other).

    98. Program:Win32/SpyHeal

    99. Program:Win32/VirusBurst

    100. Program:Win32/VirusRescue

    101. Program:Win32/TitanShield

    102. Program:Win32/Easyspywarecleaner

    103. Trojan:Win32/Fakeinit – Aliases: Trojan.FakeAlert.AUW (BitDefender), Win32/FakeAV.ABR (CA), Fraudtool.XPAntivirus.BCVY (VirusBuster), Adware/AntivirusXPPro (Panda), AntiVirus2008 (Symantec), Advanced Virus Remover (other), Win32/AdvancedVirusRemover.G (CA).

    104. Program:Win32/AntiVirusPro

    105. Program:Win32/CodeClean

    106. Trojan:Win32/Spybouncer

    107. Program:Win32/MalwareWar

    108. Program:Win32/VirusHeat

    109. Adware:Win32/SpyAxe – Aliases: VirusHeat (other), ControVirus (other).

    110. Program:Win32/Awola – Aliases: not-virus:Hoax.Win32.Avola.a (Kaspersky), Generic FakeAlert.b (McAfee), W32/Awola.A (Norman), Awola (Symantec), JOKE_AVOLA.D (Trend Micro).

    111. Program:Win32/MyNetProtector

    112. Program:Win32/FakeWSC

    113. Program:Win32/DoctorAntivirus

    114. Program:Win32/UltimateDefender – Aliases: Ultimate (McAfee), UltimateDefender (Symantec), ADW_ULTIMATED.ME (Trend Micro), Risktool.UltimateDefender.A.Gen (VirusBuster), Adware.UltimateX-15 (Clam AV), Win32/Adware.UltimateDefender (ESET).

    ergent threats, etc.,â€Â￾ Wu stated.
     

Share This Page

Loading...