http://news.softpedia.com/news/114-Windows-Antivirus-to-Avoid-at-All-Costs-130245.shtml This year alone they will be responsible for infecting in excess of 25 million computers worldwide, but they could come close to compromising as much as 30 million machines. At the root of this epidemic lay simple social engineering tactics designed, through various methods, to convince victims to pay for peace of mind. Responsible for the actual infections are pieces of malicious code that the software industry refers to under a variety of monikers, including rogue antivirus, fake antivirus, scareware, etc.Microsoft has put together a list containing no less than 114 AV rogues which are detected by the companyÃ¢â‚¬â„¢s antivirus products, including Microsoft Security Essentials, Forefront Client Security, etc. It is important to note that the list contains only the official label provided by the software giant. Each of the items featured below come in a variety of packages and under a plethora of brands, which actually makes the number of fake antivirus in the wild much larger. Users that have doubts related to a security solution that is being aggressively advertised to them should first check to make sure that the offering is indeed genuine. Microsoft, but also additional members of the security industry, constantly update information on threats posed to end users, including rogue antivirus, and publish it on websites that are available to the public. These details are available to the public, and are essentially no more than a search away, at any given time. Ã¢â‚¬Å“On page 100 of our Security Intelligence Report volume 7, we observed that rogues remained a significant threat even though they trended down to 13.4 million infected computers in 1H09 from 16.8 million in 2H08. (Internet Explorer 8 SmartScreen Filter, a browser-based security feature, contributed to part of the decline),Ã¢â‚¬Â revealed Scott Wu, from MMPC. Modus Operandi Ã¢â‚¬Å“Rogue security softwareÃ¢â‚¬â€software that displays false or misleading alerts about infections or vulnerabilities on the victimÃ¢â‚¬â„¢s computer and offers to fix the supposed problems for a priceÃ¢â‚¬â€has become one of the most common methods that attackers use to swindle money from victims. These are programs that masquerade as legitimate security programs offering protection from malware, spyware, and other threats, but actually use social engineering to obtain money from victims, and offer poor or nonexistent protection,Ã¢â‚¬Â the Redmond company reveals in SIRv7. Fake antivirus will take it upon itself to run a scan of computers belonging to unsuspecting users. Of course that the scan itself and the results offered are both fake. Rogue AV doesnÃ¢â‚¬â„¢t actually analyze machines, nor is it capable of detecting any malware, or to remove it. ItÃ¢â‚¬â„¢s all smoke and mirrors, a show put on to trick users into thinking that their computers is infected with malicious code. Ã¢â‚¬Å“Rogue security software programs typically mimic the general look and feel of legitimate security software, claiming to detect a large number of nonexistent threats and urging the user to Ã¢â‚¬Å“activateÃ¢â‚¬Â the software to remove them. Some families emulate the appearance of the Windows Security Center or unlawfully use trademarks and icons to misrepresent themselves. Rogue security software spreads through familiar malware distribution mechanisms, like spam and exploits, and through customized tactics, like a fake Webbased security scanner. After installation, some rogue security software families take other actions to evade detection or to frighten the user into paying,Ã¢â‚¬Â Microsoft explains. Once installed on a Windows PC, fake antivirus programs will attempt to scare the user into believing that various infections were detected. Rogue security solutions are designed to look very similar to genuine AV products, often copying at least elements of the graphical user interface, if not the whole UI, as well as using brands and labels mimicking, or even plagiarizing valid security offerings. And integral part of the social engineering tactics deployed is to convince the user that the rogue AV is a genuine security solution, when in fact, much to the contrary, it is only masquerading as such. The fake AV will bombard users with alerts, and annoying, repetitive, incessant notifications, reporting inexistent infections. At the same time, the rogue AV advertises the possibility of removing the fake infections, provided that users buy the software. Once a license is acquired, the fake AV ceases from delivering fake reports, creating the illusion that whatever malware had compromised the computer, was removed. Obviously, in this scenario, the users have been scammed into paying for protection against an inexistent threat. Ã¢â‚¬Å“Though fooling users into paying for worthless software remains the primary goal of most rogue security software, several recently released families have begun to branch out and exhibit behaviors common to other threats, such as downloading additional malware to a victimÃ¢â‚¬â„¢s computer. Win32/Winwebsec has been observed to download Win32/KoobfaceÃ¢â‚¬â€ which itself sometimes displays pop-up advertisements for rogue security software. Win32/InternetAntivirus, which was added to the MSRT in June 2009, downloads the password stealer Win32/Chadem,Ã¢â‚¬Â the company added. Protection Ã¢â‚¬Å“As we have done in the past, we again encourage our readers to run a complete, up to date AV product such as Microsoft Security Essentials to protect their computers from these rogues, especially if located in English speaking countries - the regions where these rogues appear most active (as highlighted in the SIR). MSRT is a baseline tool we provide for the ecosystem to remove prevalent threats such as high profile rogues. With Security Essentials, on the other hand, you get the benefit of the complete AV signature set from the MMPC and you get the essential protection features an AV solution needs Ã¢â‚¬â€œ real time, kernel mode detection, scheduled scan, complicated cleaning functionalities to address the em114 Windows Ã¢â‚¬Å“antivirusÃ¢â‚¬Â to avoid at all costs 1. Win32/FakeXPA Ã¢â‚¬â€œ Aliases: Win-Trojan/Downloader.56320.M (AhnLab), Win32/Adware.XPAntivirus (ESET), not-a-virusownloader.Win32XpAntivirus.b (Kaspersky), FakeAlert-AB.dldr (McAfee), W32/DLoader.FKAI (Norman), Mal/Generic-A (Sophos), XPAntivirus (Sunbelt Software), Downloader.MisleadApp (Symantec), XP Antivirus (other), Antivirus 2009 (other), Antivirus 2010 (other), Antivirus 360 (other), Total Security (other), AntivirusBEST (other), GreenAV (other), Alpha Antivirus, other), AlphaAV (other), Cyber Security (other), Cyber Protection Center (other), Nortel (other), Eco AntiVirus (other), MaCatte (other), Antivirus (other), Antivir (other), Personal Security (other). 2. Trojan:Win32/FakePowavÃ¢â‚¬â€œ Aliases: Win Antivirus 2008 (other), SpyShredder (other), WinXProtector (other), Rapid Antivirus (other), Security 2009 (other), Power Antivirus 2009 (other), WinXDefender (other), SpyProtector (other), SpyGuarder (other), MSAntiMalware (other). 3. Program:Win32/MalwareBurn 4. Program:Win32/UnSpyPc 5. Program:Win32/DriveCleaner Ã¢â‚¬â€œ Aliases: DriveCleaner (McAfee), W32/WinFixer.NU (Norman), DriveCleaner (Sunbelt Software), DriveCleaner (Symantec), Freeloa.8F4CBEAA (Trend Micro). 6. Trojan:Win32/DocrorTrojan 7. Program:Win32/Winfixer Ã¢â‚¬â€œ Aliases: DriveCleaner (McAfee), W32/WinFixer.NU (Norman), DriveCleaner (Sunbelt Software), DriveCleaner (Symantec), Freeloa.8F4CBEAA (Trend Micro), Win32/Adware.WinFixer (ESET), not-a-virusownloader.Win32.WinFixer.o (Kaspersky), WinFixer (McAfee), Adware_Winfixer (Trend Micro), Program:Win32/DriveCleaner (other), Program:Win32/SecureExpertCleaner (other). 8. Trojan:Win32/FakeScanti Ã¢â‚¬â€œ Aliases: Windows Antivirus Pro (other), Windows Police Pro (other), Win32/WindowsAntivirusPro.F (CA), FakeAlert-GA.dll (McAfee), Adware/WindowsAntivirusPro (Panda), Trojan.Fakeavalert (Symantec). 9. Program:Win32/Cleanator 10. Program:Win32/MalwareCrush 11. Program:Win32/PrivacyChampion 12. Program:Win32/SystemLiveProtect 13. Win32/Yektel 14. Trojan:Win32/FakeSmoke Ã¢â‚¬â€œ Aliases: SystemCop (other), QuickHealCleaner (other), TrustWarrior (other); SaveArmor (other), SecureVeteran (other), SecuritySoldier (other), SafeFighter (other), TrustSoldier (other), TrustFighter (other), SoftCop (other), TRE AntiVirus (other), SoftBarrier (other), BlockKeeper (other), BlockScanner (other), BlockProtector (other), SystemFighter (other), SystemVeteran (other), SystemWarrior (other), AntiAID (other), Win32/WinBlueSoft.A (CA), Trojan-Downloader.Win32.FraudLoad.vtgpk (Kaspersky), WinBlueSoft (other), WiniBlueSoft (other), Winishield (other), SaveKeep (other), WiniFighter (other), TrustNinja (other), SaveDefense (other), BlockDefense (other), SaveSoldier (other), WiniShield (other), SafetyKeeper (other), SoftSafeness (other), SafeDefender (other), Trustcop (other), SecureWarrior (other), SecureFighter (other), SoftSoldier (other), SoftVeteran (other), SoftStronghold (other), ShieldSafeness (other). 15. Program:Win32/Spyguarder.A 16. Program:Win32/AntivirusGold 17. Program:Win32/SystemGuard2009 18. Program:Win32/WorldAntiSpy 19. Program:Win32/SpywareSecure Ã¢â‚¬â€œ Aliases: W32/SpyAxe.AMI (Norman), SpywareSecure (Panda), SpywareSecure (Sunbelt Software), SpywareSecure (Symantec). 20. Program:Win32/IEDefender Ã¢â‚¬â€œ Aliases: Win32/Burgspill.AD (CA), IEAntivirus (Symantec), Trojan.DR.FakeAlert.FJ (VirusBuster). 21. Program:Win32/MalWarrior 22. Program:Win32/Malwareprotector 23. Program:Win32/SpywareSoftStop 24. Program:Win32/AntiSpyZone 25. Program:Win32/Antivirus2008 Ã¢â‚¬â€œ Aliases: Trojan.FakeAlert.RL (BitDefender), Win32/Adware.Antivirus2008 (ESET), not-a-virusownloader.Win32.FraudLoad.ar (Kaspersky), WinFixer (McAfee), W32/DLoader.HDZU (Norman), Troj/Dwnldr-HDG (Sophos), ADW_FAKEAV.O (Trend Micro), Program:Win32/VistaAntivirus2008.A (other), MS Antivirus (CA). 26. Trojan:Win32/PrivacyCenter Ã¢â‚¬â€œ Aliases: Fake_AntiSpyware.BKN (AVG), Win32/FakeAV.ACR (CA), Win32/Adware.PrivacyComponents (ESET), not-a-virus:FraudTool.Win32.PrivacyCenter (other), not-a-virus:FraudTool.Win32.Agent.jn (Kaspersky), FakeAlert-CP (McAfee), Troj/PrvCnt-Gen (Sophos), SpywareGuard2008 (Symantec). 27. Program:Win32/SpyLocked 28. Program:Win32/Trojanguarder 29. Program:Win32/MyBetterPC 30. Program:Win32/NeoSpace 31. Win32/Winwebsec - Aliases: SystemSecurity2009 (other), System Security (other), Winweb Security (other), FakeAlert-WinwebSecurity.gen (McAfee), Mal/FakeAV-AK (Sophos), Troj/FakeVir-LB (Sophos), Adware/AntiSpywarePro2009 (Panda), Adware/UltimateCleaner (Panda), Adware/Xpantivirus2008 (Panda), Win32/Adware.SystemSecurity (ESET), Win32/Adware.WinWebSecurity (ESET), AntiVirus2008 (Symantec), SecurityRisk.Downldr (Symantec), W32/AntiVirus2008.AYO (Norman), Total Security (other), AntiSpyware Pro 2009 (other), FakeAlert-AntiSpywarePro (McAfee). 32. Trojan:Win32/FakeRemoc - Aliases: AntiMalwareSuite (other), VirusRemover2009 (other), PCAntiMalware (other), Total Virus Protection (other), SpywareRemover2009 (other), AntiMalwareGuard (other), Secure Expert Cleaner (other), Cleaner2009 Freeware (other), AVCare (other), AV Care (other). 33. Program:Win32/SpywareStormer 34. Program:Win32/SecurityiGuard 35. Program:Win32/DoctorCleaner 36. Program:Win32/UniGray 37. Win32/FakeSecSen Ã¢â‚¬â€œ Aliases: Micro AV (other), MS Antivirus (other), Spyware Preventer (other), Vista Antivirus 2008 (other), Advanced Antivirus (other), System Antivirus (other), Ultimate Antivirus 2008 (other), Windows Antivirus 2008 (other), XPert Antivirus (other), Power Antivirus (other). 38. Program:Win32/VirusRemover Ã¢â‚¬â€œ Aliases: Troj/FakeVir-DR (Sophos), VirusRemover2008 (Symantec), ADW_FAKEVIR (Trend Micro). 39. Program:Win32/Privacywarrior 40. Program:Win32/PrivacyProtector 41. Adware:Win32/SpyBlast 42. Trojan:Win32/FakeFreeAV 43. Win32/FakeRean - Aliases: XP AntiSpyware 2009 (other), XP Security Center (other), PC Antispyware 2010 (other), Home Antivirus 2010 (other), PC Security 2009 (other), ADW_WINREANIMA (Trend Micro), Win32/Adware.WinReanimator (ESET), not-a-virus:FraudTool.Win32.Reanimator (Kaspersky), WinReanimator (Sunbelt Software), XP Police Antivirus (other), FakeAlert-XPPoliceAntivirus (McAfee), Adware/XPPolice (Panda), AntiSpyware XP 2009 (other), Antivirus Pro 2010 (other). 44. Program:Win32/Antivirus2009 Ã¢â‚¬â€œ Aliases: Win32/Adware.XPAntivirus (ESET), FakeAlert-AB.gen (McAfee), MalwareWarrior (other), Antivirus2009 (other). 45. Program:Win32/AntiSpywareDeluxe Ã¢â‚¬â€œ Aliases: Adware.Fakealert-134 (Clam AV), Win32/Adware.AntiSpywareDeluxe (ESET), FraudTool.Win32.AntiSpywareDeluxe.a (Kaspersky), AntispyDeluxe (Symantec), TROJ_RENOS.CP (Trend Micro). 46. Program:Win32/Searchanddestroy 47. Program:Win32/AlfaCleaner 48. Program:Win32/WebSpyShield 49. Win32/InternetAntivirus Ã¢â‚¬â€œ Aliases: InternetAntivirus (Symantec), General Antivirus (other), Personal Antivirus (other), not-a-virus:FraudTool:Win32.GeneralAntivirus.b (Kaspersky), Mal/FakeAV-AC (Sophos), TrojanDownloader:Win32/Renos.gen!Z (other), Fraudtool.GeneralAntivirus.C (VirusBuster), Internet Antivirus Pro (other). 50. Trojan:Win32/Antivirusxp Ã¢â‚¬â€œ Aliases: Antivirus XP 2008 (other), Win32/Adware.WinFixer (ESET), Generic FakeAlert.a (McAfee), W32/WinFixer.BTB (Norman), Troj/FakeAV-AB (Sophos), AntiVirus2008 (Symantec), Program:Win32/Antivirusxp (other). 51. Program:Win32/ErrorGuard 52. Program:Win32/SpyCrush 53. Trojan:Win32/Fakeav 54. Program:Win32/Spyaway 55. Trojan:Win32/WinSpywareProtect Ã¢â‚¬â€œ Aliases: Win32/Adware.WinSpywareProtect (ESET), Trojan-Downloader.Win32.FraudLoad.aob (Kaspersky), WinSpywareProtect (Symantec), Program:Win32/WinSpywareProtect (other), Trojan.FakeAV.GP (BitDefender), Win32/Adware.MSAntispyware2009 (ESET), Packed.Win32.Katusha.a (Kaspersky), FaleAlert-BV (McAfee), Adware/MSAntiSpyware2009 (Panda), Fraudtool.MSAntispy2009.A (VirusBuster), MS Antispyware 2009 (other), AV Antispyware (other), Extra Antivirus (other). 56. Program:Win32/Fakerednefed Ã¢â‚¬â€œ Aliases: WinDefender 2008 (other), Program:Win32/Defendwin (other), Program:Win32/Windefender (other). 57. Program:Win32/Antispyware2008 58. Program:Win32/EZCatch 59. Program:Win32/EvidenceEraser 60. Program:Win32/Vaccine2008 61. Win32/FakeSpypro Ã¢â‚¬â€œ Aliases: FakeAlert-C.dr (McAfee), SpywareProtect2009 (Symantec), Troj/FakeAV-LS (Sophos), Win32/Adware.SpywareProtect2009 (ESET), .Win32.FraudPack.kho (Kaspersky), Spyware Protect 2009 (other), Antivirus System Pro (other), Security Central (other), Barracuda Antivirus (other). 62. Trojan:Win32/FakeCog Ã¢â‚¬â€œ Aliases: Win32/Adware.CoreguardAntivirus (ESET), not-a-virus:FraudTool.Win32.CoreGuard2009 (Kaspersky), FakeAlert-FQ (McAfee) , W32/Renos.FIP (Norman) , Mal/TDSSPack-L (Sophos), CoreGuardAntivirus2009 (Symantec), Fraudtool.CoreGuard2009.A (VirusBuster), CoreGuard Antivirus 2009 (other). 63. Program:Win32/AntiVirGear 64. Adware:Win32/VaccineProgram 65. Program:Win32/TrustCleaner 66. Program:Win32/SearchSpy 67. Program:Win32/AntiSpywareExpert Ã¢â‚¬â€œ Aliases: Win32/Adware.AntiSpywareMaster (ESET), Generic.Win32.Malware.AntiSpywareExpert (other), WinFixer (McAfee), AVSystemCare (Symantec), AntiSpywareExpert (Trend Micro), not-a-virus:FraudTool.Win32.AntiSpywareExpert.a (Kaspersky). 68. Program:Win32/VirusRanger Ã¢â‚¬â€œ Aliases: VirusRescue (Symantec) . 69. Program:Win32/SpyDawn 70. Program:Win32/UltimateFixer 71. Program:Win32/WinHound 72. Program:Win32/Spyshield 73. Program:Win32/SpySheriff Ã¢â‚¬â€œ Aliases: Win32.TrojanDownloader.IEDefender (Ad-Aware), MagicAntiSpy (Sunbelt Software), Adware.SpySheriff (Symantec), SpyShredder (Symantec), IEDefender (other), Malware Destructor (other), SpySheriff (other), SpyShredder (other). 74. Program:Win32/Antispycheck Ã¢â‚¬â€œ Aliases: Win32/Adware.AntiSpyCheck (ESET), AntiSpyCheck (Symantec). 75. Program:Win32/SpywareIsolator Ã¢â‚¬â€œ Aliases: not-a-virus:FraudTool.Win32.SpywareIsolator.ad (Kaspersky), SpywareIsolator (Symantec). 76. Program:Win32/SpyFalcon 77. Program:Win32/PrivacyRedeemer 78. Trojan:Java/VirusConst 79. Trojan:Win32/FakeVimes Ã¢â‚¬â€œ Aliases: FakeAlert-CQ (McAfee), Extra Antivirus (other), Ultra Antivirus 2009 (other), Malware Catcher 2009 (other), Virus Melt (other), Windows PC Defender (other). 80. Program:Win32/PCSave Ã¢â‚¬â€œ Aliases: Win-Trojan/Pcsave.339456 (AhnLab), PCSave (McAfee). 81. Program:Win32/PSGuard 82. Program:Win32/SpywareStrike 83. Program:Win32/Nothingvirus 84. Trojan:Win32/AVClean 85. Trojan:Win32/FakeIA.C - Aliases: Win32/FakeAlert.RW (CA), Dropped:Trojan.FakeAv.DS (BitDefender), FakeAlert-AB (McAfee), Trojan.Fakeavalert (Symantec), not-a-virus:FraudTool.Win32.Delf.d (Kaspersky). 86. Program:Win32/AntispyStorm 87. Program:Win32/Antivirustrojan 88. Program:Win32/XDef 89. Program:Win32/AntiSpywareSoldier 90. Program:Win32/AdsAlert 91. Program:Win32/AdvancedCleaner Ã¢â‚¬â€œ Aliases: AdvancedCleaner (Symantec). 92. Program:Win32/FakePccleaner - Aliases: Program:Win32/Pccleaner (other), Win32/Adwrae.PCClean (ESET), Backdoor.Win32.UltimateDefender.hu (Kaspersky), PCClean (Symantec), Program:Win32/UltimateCleaner (other). 93. Program:Win32/SpywareQuake 94. Program:Win32/WareOut Ã¢â‚¬â€œ Aliases: WareOut (McAfee), W32/WareOut (Norman), WareOut (Sunbelt Software), SecurityRisk.Downldr (Symantec), Adware.Wareout (AVG). 95. Program:Win32/Kazaap 96. Program:Win32/SystemDefender 97. Trojan:Win32/FakeSpyguard Ã¢â‚¬â€œ Aliases: Spyware Guard 2008 (other), Win32/Adware.SpywareGuard (ESET), FakeAlert-BM (McAfee), SpywareGuard2008 (Symantec), ADW_SPYWGUARD (Trend Micro), System Guard 2009 (other), Malware Defender 2009 (other). 98. Program:Win32/SpyHeal 99. Program:Win32/VirusBurst 100. Program:Win32/VirusRescue 101. Program:Win32/TitanShield 102. Program:Win32/Easyspywarecleaner 103. Trojan:Win32/Fakeinit Ã¢â‚¬â€œ Aliases: Trojan.FakeAlert.AUW (BitDefender), Win32/FakeAV.ABR (CA), Fraudtool.XPAntivirus.BCVY (VirusBuster), Adware/AntivirusXPPro (Panda), AntiVirus2008 (Symantec), Advanced Virus Remover (other), Win32/AdvancedVirusRemover.G (CA). 104. Program:Win32/AntiVirusPro 105. Program:Win32/CodeClean 106. Trojan:Win32/Spybouncer 107. Program:Win32/MalwareWar 108. Program:Win32/VirusHeat 109. Adware:Win32/SpyAxe Ã¢â‚¬â€œ Aliases: VirusHeat (other), ControVirus (other). 110. Program:Win32/Awola Ã¢â‚¬â€œ Aliases: not-virus:Hoax.Win32.Avola.a (Kaspersky), Generic FakeAlert.b (McAfee), W32/Awola.A (Norman), Awola (Symantec), JOKE_AVOLA.D (Trend Micro). 111. Program:Win32/MyNetProtector 112. Program:Win32/FakeWSC 113. Program:Win32/DoctorAntivirus 114. Program:Win32/UltimateDefender Ã¢â‚¬â€œ Aliases: Ultimate (McAfee), UltimateDefender (Symantec), ADW_ULTIMATED.ME (Trend Micro), Risktool.UltimateDefender.A.Gen (VirusBuster), Adware.UltimateX-15 (Clam AV), Win32/Adware.UltimateDefender (ESET). ergent threats, etc.,Ã¢â‚¬Â Wu stated.