fbpx
Wikipedia

MS Antivirus (malware)

January 01, 1970

Not to be confused with Microsoft Anti-Virus or Microsoft Security Essentials.

MS Antivirus (also known as Spyware Protect 2009 and Antivirus XP 2008/Antivirus2009/SecurityTool/etc) is a scareware rogue anti-virus which purports to remove virus infections found on a computer running Microsoft Windows. It attempts to scam the user into purchasing a "full version" of the software. The company and the individuals behind Bakasoftware operated under other different 'company' names, including Innovagest2000, Innovative Marketing Ukraine, Pandora Software, LocusSoftware, etc.

MS Antivirus
Developer(s)Bakasoftware (developer name:Gavril Danilkin alias "krab"), Innovagest2000, Innovative Marketing Inc.(Jain Shaileshkumar, Bjorn Daniel, etc)
Operating systemMicrosoft Windows
TypeRogue software

[1]

Names edit

Many clones of MS Antivirus that include slight variations have been distributed throughout the web. They are known as XP Antivirus,[2] Vitae Antivirus, Windows Antivirus, Win Antivirus, Antivirus Action, Antivirus Pro 2009, 2010, 2017 or simply just Antivirus Pro, Antivirus 2007, 2008, 2009, 2010, 2011, and 360, AntiMalware GO, Internet Antivirus Plus, System Antivirus, Spyware Guard 2008 and 2009, Spyware Protect 2009, Winweb Security 2008, Antivirus 10, Total Antivirus 2020, Live Protection Suite, System Security, Malware Defender 2009, Ultimate Antivirus2008, Vista Antivirus, General Antivirus, AntiSpywareMaster, Antispyware 2008, XP AntiSpyware 2008, 2009 and 2010, Antivirus Vista 2010, Real Antivirus, WinPCDefender, Antivirus XP Pro, Anti-Virus-1, Antivirus Soft, Vista Antispyware 2012, Antispyware Soft, Antivirus System PRO, Antivirus Live, Vista Anti Malware 2010, Internet Security 2010, XP Antivirus Pro, Security Tool, VSCAN7, Total Security, PC Defender Plus, Disk Antivirus Professional, AVASoft Professional Antivirus, System Care Antivirus, and System Doctor 2014. Another MS Antivirus clone is named ANG Antivirus. This name is used to confuse the user of the software into thinking that it is the legitimate AVG Antivirus before downloading it.[3]

Symptoms of infection edit

 
SWP '09 "protecting" the user from microsoft.com. Notice that the font is different than what Internet Explorer usually uses.

Each variant has its own way of downloading and installing itself onto a computer. MS Antivirus is made to look functional to fool a computer user into thinking that it is a real anti-virus system in order to convince the user to "purchase" it. In a typical installation, MS Antivirus runs a scan on the computer and gives a false spyware report claiming that the computer is infected with spyware. Once the scan is completed, a warning message appears that lists the spyware ‘found’ and the user either has to click on a link or a button to remove it. Regardless of which button is clicked -- "Next" or "Cancel"—a download box will still pop up. This deceptive tactic is an attempt to scare the Internet user into clicking on the link or button to purchase MS Antivirus. If the user decides not to purchase the program, then they will constantly receive pop-ups stating that the program has found infections and that they should register it in order to fix them. This type of behavior can cause a computer to operate more slowly than normal.

MS Antivirus will also occasionally display fake pop-up alerts on an infected computer. These alerts pretend to be a detection of an attack on that computer and the alert prompts the user to activate or purchase the software in order to stop the attack. More seriously it can paste a fake picture of a Blue Screen of Death over the screen and then display a fake startup image telling the user to buy the software. The malware may also block certain Windows programs that allow the user to modify or remove it. Programs such as Regedit can be blocked by this malware. The registry is also modified so the software runs at system startup. The following files may be downloaded to an infected computer:[4]

  • MSASetup.exe
  • MSA.exe
  • MSA.cpl
  • MSx.exe

Depending on the variant, the files have different names and therefore can appear or be labeled differently. For example, Antivirus 2009 has the .exe file name a2009.exe.[citation needed]

In addition, in an attempt to make the software seem legitimate, MS Antivirus can give the computer symptoms of the "viruses" that it claims are on the computer.[5] For example, some shortcuts on the desktop may be changed to links of sexually explicit websites instead.

Malicious actions edit

Most variants of this malware will not be overtly harmful, as they usually will not steal a user's information (as spyware) nor critically harm a system. However, the software will act to inconvenience the user by frequently displaying popups that prompt the user to pay to register the software in order to remove non-existent viruses. Some variants are more harmful; they display popups whenever the user tries to start an application or even tries to navigate the hard drive, especially after the computer is restarted. It does this by modifying the Windows registry. This can clog the screen with repeated pop-ups, potentially making the computer virtually unusable. It can also disable real antivirus programs to protect itself from removal. Whichever variant infects a computer, MS Antivirus always uses system resources when running, potentially making an infected computer run more slowly than before.

The malware can also block access to known spyware removal sites and in some instances, searching for "antivirus 2009" (or similar search terms) on a search engine will result in a blank page or an error page. Some variants will also redirect the user from the actual Google search page to a false Google search page with a link to the virus' page that states that the user has a virus and should get Antivirus 2009. In some rare cases, with the newest version of the malware, it can prevent the user from performing a system restore.

Earnings edit

In November 2008, it was reported that a hacker known as NeoN hacked the Bakasoftware's database, and posted the earnings of the company received from XP Antivirus. The data revealed the most successful affiliate earned USD$158,000 in a week.[6][7]

Court actions edit

On December 2, 2008, the U.S. District Court for the District of Maryland issued a temporary restraining order against Innovative Marketing, Inc. and ByteHosting Internet Services, LLC after receiving a request from the Federal Trade Commission (FTC). According to the FTC, the combined malware of WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus has fooled over one million people into purchasing the software marketed as security products. The court also froze the assets of the companies in an effort to provide some monetary reimbursement to affected victims. The FTC claims the companies established an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements.

According to the FTC complaint, the companies charged in the case operated using a variety of aliases and maintained offices in the countries of Belize and Ukraine (Kyiv). ByteHosting Internet Services is based in Cincinnati, Ohio. The complaint also names defendants Daniel Sundin, Sam Jain, Marc D’Souza, Kristy Ross, and James Reno in its filing, along with Maurice D’Souza, who is named Relief Defendant, for receiving proceeds from the scheme.[8]

See also edit

References edit

  1. ^ "How to remove MS Antivirus". BleepingComputer.
  2. ^ Seltzer, Larry. . PC Magazine. Archived from the original on 2008-09-12. Retrieved 2008-09-23.
  3. ^ ANG AntiVirus 09 Remover at Spyware Removal Tools Accessed October 24, 2010
  4. ^ . ca.com. Archived from the original on 2009-01-13.
  5. ^ Vincentas (16 July 2013). "MS Antivirus in SpyWareLoop.com". Spyware Loop. Retrieved 28 July 2013.
  6. ^ Stewart, Joe. "Rogue Antivirus Dissected - Part 2". SecureWorks. Retrieved 24 February 2016.
  7. ^ . IT Security NEWS. SecPoint. 31 October 2008. Archived from the original on 10 January 2010. Retrieved 8 March 2010.
  8. ^ "Court Halts Bogus Computer Scans". Federal Trade Commission. December 10, 2008. Retrieved 2009-01-19.

External links edit

January 01, 1970
antivirus, malware, confused, with, microsoft, anti, virus, microsoft, security, essentials, topic, this, article, meet, wikipedia, notability, guidelines, products, services, please, help, demonstrate, notability, topic, citing, reliable, secondary, sources, . Not to be confused with Microsoft Anti Virus or Microsoft Security Essentials The topic of this article may not meet Wikipedia s notability guidelines for products and services Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention If notability cannot be shown the article is likely to be merged redirected or deleted Find sources MS Antivirus malware news newspapers books scholar JSTOR March 2020 Learn how and when to remove this message MS Antivirus also known as Spyware Protect 2009 and Antivirus XP 2008 Antivirus2009 SecurityTool etc is a scareware rogue anti virus which purports to remove virus infections found on a computer running Microsoft Windows It attempts to scam the user into purchasing a full version of the software The company and the individuals behind Bakasoftware operated under other different company names including Innovagest2000 Innovative Marketing Ukraine Pandora Software LocusSoftware etc MS AntivirusDeveloper s Bakasoftware developer name Gavril Danilkin alias krab Innovagest2000 Innovative Marketing Inc Jain Shaileshkumar Bjorn Daniel etc Operating systemMicrosoft WindowsTypeRogue software 1 Contents 1 Names 2 Symptoms of infection 3 Malicious actions 4 Earnings 5 Court actions 6 See also 7 References 8 External linksNames editMany clones of MS Antivirus that include slight variations have been distributed throughout the web They are known as XP Antivirus 2 Vitae Antivirus Windows Antivirus Win Antivirus Antivirus Action Antivirus Pro 2009 2010 2017 or simply just Antivirus Pro Antivirus 2007 2008 2009 2010 2011 and 360 AntiMalware GO Internet Antivirus Plus System Antivirus Spyware Guard 2008 and 2009 Spyware Protect 2009 Winweb Security 2008 Antivirus 10 Total Antivirus 2020 Live Protection Suite System Security Malware Defender 2009 Ultimate Antivirus2008 Vista Antivirus General Antivirus AntiSpywareMaster Antispyware 2008 XP AntiSpyware 2008 2009 and 2010 Antivirus Vista 2010 Real Antivirus WinPCDefender Antivirus XP Pro Anti Virus 1 Antivirus Soft Vista Antispyware 2012 Antispyware Soft Antivirus System PRO Antivirus Live Vista Anti Malware 2010 Internet Security 2010 XP Antivirus Pro Security Tool VSCAN7 Total Security PC Defender Plus Disk Antivirus Professional AVASoft Professional Antivirus System Care Antivirus and System Doctor 2014 Another MS Antivirus clone is named ANG Antivirus This name is used to confuse the user of the software into thinking that it is the legitimate AVG Antivirus before downloading it 3 Symptoms of infection edit nbsp SWP 09 protecting the user from microsoft com Notice that the font is different than what Internet Explorer usually uses Each variant has its own way of downloading and installing itself onto a computer MS Antivirus is made to look functional to fool a computer user into thinking that it is a real anti virus system in order to convince the user to purchase it In a typical installation MS Antivirus runs a scan on the computer and gives a false spyware report claiming that the computer is infected with spyware Once the scan is completed a warning message appears that lists the spyware found and the user either has to click on a link or a button to remove it Regardless of which button is clicked Next or Cancel a download box will still pop up This deceptive tactic is an attempt to scare the Internet user into clicking on the link or button to purchase MS Antivirus If the user decides not to purchase the program then they will constantly receive pop ups stating that the program has found infections and that they should register it in order to fix them This type of behavior can cause a computer to operate more slowly than normal MS Antivirus will also occasionally display fake pop up alerts on an infected computer These alerts pretend to be a detection of an attack on that computer and the alert prompts the user to activate or purchase the software in order to stop the attack More seriously it can paste a fake picture of a Blue Screen of Death over the screen and then display a fake startup image telling the user to buy the software The malware may also block certain Windows programs that allow the user to modify or remove it Programs such as Regedit can be blocked by this malware The registry is also modified so the software runs at system startup The following files may be downloaded to an infected computer 4 MSASetup exe MSA exe MSA cpl MSx exe Depending on the variant the files have different names and therefore can appear or be labeled differently For example Antivirus 2009 has the exe file name a2009 exe citation needed In addition in an attempt to make the software seem legitimate MS Antivirus can give the computer symptoms of the viruses that it claims are on the computer 5 For example some shortcuts on the desktop may be changed to links of sexually explicit websites instead Malicious actions editMost variants of this malware will not be overtly harmful as they usually will not steal a user s information as spyware nor critically harm a system However the software will act to inconvenience the user by frequently displaying popups that prompt the user to pay to register the software in order to remove non existent viruses Some variants are more harmful they display popups whenever the user tries to start an application or even tries to navigate the hard drive especially after the computer is restarted It does this by modifying the Windows registry This can clog the screen with repeated pop ups potentially making the computer virtually unusable It can also disable real antivirus programs to protect itself from removal Whichever variant infects a computer MS Antivirus always uses system resources when running potentially making an infected computer run more slowly than before The malware can also block access to known spyware removal sites and in some instances searching for antivirus 2009 or similar search terms on a search engine will result in a blank page or an error page Some variants will also redirect the user from the actual Google search page to a false Google search page with a link to the virus page that states that the user has a virus and should get Antivirus 2009 In some rare cases with the newest version of the malware it can prevent the user from performing a system restore Earnings editIn November 2008 it was reported that a hacker known as NeoN hacked the Bakasoftware s database and posted the earnings of the company received from XP Antivirus The data revealed the most successful affiliate earned USD 158 000 in a week 6 7 Court actions editOn December 2 2008 the U S District Court for the District of Maryland issued a temporary restraining order against Innovative Marketing Inc and ByteHosting Internet Services LLC after receiving a request from the Federal Trade Commission FTC According to the FTC the combined malware of WinFixer WinAntivirus DriveCleaner ErrorSafe and XP Antivirus has fooled over one million people into purchasing the software marketed as security products The court also froze the assets of the companies in an effort to provide some monetary reimbursement to affected victims The FTC claims the companies established an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements According to the FTC complaint the companies charged in the case operated using a variety of aliases and maintained offices in the countries of Belize and Ukraine Kyiv ByteHosting Internet Services is based in Cincinnati Ohio The complaint also names defendants Daniel Sundin Sam Jain Marc D Souza Kristy Ross and James Reno in its filing along with Maurice D Souza who is named Relief Defendant for receiving proceeds from the scheme 8 See also editRogue software MalwareReferences edit How to remove MS Antivirus BleepingComputer Seltzer Larry MS Antivirus 2008 morphed from XP Antivirus 2008 PC Magazine Archived from the original on 2008 09 12 Retrieved 2008 09 23 ANG AntiVirus 09 Remover at Spyware Removal Tools Accessed October 24 2010 MS Antivirus ca com Archived from the original on 2009 01 13 Vincentas 16 July 2013 MS Antivirus in SpyWareLoop com Spyware Loop Retrieved 28 July 2013 Stewart Joe Rogue Antivirus Dissected Part 2 SecureWorks Retrieved 24 February 2016 Bakasoftware Russian Scareware Named and Shamed By Hacker IT Security NEWS SecPoint 31 October 2008 Archived from the original on 10 January 2010 Retrieved 8 March 2010 Court Halts Bogus Computer Scans Federal Trade Commission December 10 2008 Retrieved 2009 01 19 External links editXP Antivirus 2009 Description and Removal instructions Archived 2009 05 10 at the Wayback Machine on About com Retrieved from https en wikipedia org w index php title MS Antivirus malware amp oldid 1223705293, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.