Fake anti-malware software

Sadly, there’s more fake anti-malware programs out there than there are real ones. (Malware is a general term for viruses, trojans, spyware, and so on.) Often a small infection sneaks on to your PC (usually because you’ve clicked unwisely on an e-mail message or downloaded something unfortunate from a website). This infection then starts popping up messages that look like Windows is warning you that your PC is infected, and inviting you to download something to scan it and remove the infection. This often looks like it might be from Microsoft.

If you download the advertised software — because that’s what this is, sneaky advertising — it will make matters much worse. The software will probably invite you to send money or enter credit card details, it will pretend to find lots of infections that you don’t really have, and it will probably add more infections.

Here’s some screenshots of a common one (courtesy of Bleeping Computer). Click on any picture for a bigger image:

Antivirus Xp

Screenshot

Screenshot

Screenshot

This sort of thing is, sadly, very common. If you think your PC is infected, you should take professional advice unless you are quite sure you know what you’re doing. Downloading stuff like this will make matters worse, not better. With the right knowledge and tools, however, this sort of thing is usually pretty straightforward to remove.

There’s a list of rogue sites and software here, but it’s now more than a year out of date. It will give you some idea of how many fake sites there are, and how much fake software there is, however. This one has a website:

website

website

The website is hosted on a computer in China, and registered to a — probably fake — company (Goya Interco LLC) with a claimed address in Finland. The domain was registered on 17 June 2008. The website is superficially convincing, but there are some tell-tale features:

  • Spelling mistakes: establishement, 100′000, realiable
  • Slightly curious English and grammar
  • Unfeasible claims: “Since its first establishement in 2001, antivirusxp2008 …”
  • No company name, address or contact details (all contact is by filling in a web form — no e-mail addresses or telephone numbers are given).

It looks good though, and is a good reason why you should not judge by appearances.

A very similar fake removal program is analysed here.