Jump to content

MS Antivirus (malware)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 74.13.80.136 (talk) at 04:51, 11 November 2008. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Template:Distinguish2

File:AV2009Logo.JPG
Antivirus 2009 Logo

MS Antivirus is an Rogue Anti-Virus program targeting the Microsoft Windows family of Operating Systems. MS Antivirus lists false infections on the host computer, and requires the infected computer's user to purchase the program before the claimed infections can removed.[1] The creators of the malware have been sued. [2]

Method of Infection/Variants

The program is downloaded via the Internet usually through the Zlob Trojan, or through Rogue Codec scams, such as such as Video ActiveX Enhancement 2.07.[3]. MS Antivirus is also known as XP Antivirus[4], Vitae Antivirus, Windows Antivirus, Antivirus 2007, 2008, and 2009, System Antivirus,and Vista Antivirus, XP AntiSpyware 2009. Generally these distributions come with a year marker, i.e. 2007/2008/2009.

Affected Operating Systems

MS Antivirus is only known to infect computers running the Microsoft Windows Operating System. The following Windows system may be infected:[5]

Symptoms of infection

File:AV2009scrnsht.JPG
screenshot of Antivirus 2009 "scanner" on an infected computer

Each variant has its own way of downloading and installing itself on your computer. MS Antivirus is made to look professional and functional to fool a computer user into thinking that it is a real Antivirus system in order to convince the user to "purchase" it. In a typical installation, MS Antivirus 2008 runs a scan on the computer and gives a false spyware report claiming that the computer is infected with spyware. Once the scan is completed, a warning message appears that lists the spyware ‘found’ and the user has to either click on a link or a button to remove it. Regardless of which button is clicked -- "Next" or "Cancel" -- a download box will still pop up. This deceptive tactic is an attempt to scare the Internet user into clicking on the link or button to purchase MS Antivirus 2008. If the user decides not to purchase the program, then they will constantly receive popups stating that the program has found infections and that they should register it in order to fix them. This type of behavior can cause a computer to operate slower than normal.

MS Antivirus will also occasionally display fake pop-up alerts on an infected computer. These alerts pretend to be a detection of an attack on that computer and the alert prompts the user to activate, or purchase, the software in order to stop the attack. The Registry is also modified so the software runs at system startup. The following files may be downloaded to an infected computer:

  • MSASetup.exe
  • MSA.exe
  • MSA.cpl
  • MSx.exe
  • karina.dat
  • buritos.exe

Depending on the variant, the files will have different names and therefore can appear or be labeled differently. For example, Antivirus 2009 will have the .exe file name a2009.exe.

Malicious actions

Few variants will actually monitor and send a user's personal information to their creators, and most variants won't critically harm a system. They will just constantly inconvenience the user, popping up as a prompt, harassing the user to buy their software, which it claims will delete the false viruses. Some variants will prevent the user from using their computer at all, for it can pop-up whenever the user tries to start an application or even tries to navigate their hard drive, (going through folders and files) especially after they restart their computer. It does this by modifying the windows registry.

No matter which variant, they all have one objective, to scare the user into buying their software. Until then, an infected computer will fail to function normally, for the virus will run on the computer, load pop-ups, and slow the computer down, sometimes to the point where it freezes. MS Antivirus takes up memory and CPU, making an infected computer run slow and preventing a computer user from doing their work.

Removal

MS Antivirus is constantly updated and re-released to prevent detection by common Antivirus scanners, such as Avast!, McAfee, and in some cases, Norton AntiVirus. Most of the new variants can be removed by anti-spywares such as Malwarebytes' Anti-Malware or SUPERAntispyware. Online guides are also available that outline the manual removal of Antivirus 2009. It can also be removed by running Windows System Restore, and recovering to the day before MS Antivirus was downloaded. Though this method will uninstall all the programs that were added that day, it will completely wipe the system of the files and stop reoccurring pop-ups.

See also

Removing Antivirus 2009 manually

References

  1. ^ http://www.bleepingcomputer.com/malware-removal/remove-ms-antivirus
  2. ^ Time for vengeance: AntiVirus XP distributors sued - 2-Spyware.com
  3. ^ http://www.enigmasoftware.com/support/msantivirus2008-removal
  4. ^ http://blogs.pcmag.com/securitywatch/2008/08/ms_antivirus_2008_morphed_from_xp_antivirus_2008.php
  5. ^ http://malwaredatabase.net/blog/index.php/2008/08/21/ms-antivirus-2008
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=MS_Antivirus_(malware)&oldid=251037601"