Jump to content

MS Antivirus (malware)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Nattelsker (talk | contribs) at 03:17, 21 November 2008 (This article doesn't need rewrite, and it does not have how to, advices or instructions. Deleted the tags). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Template:Distinguish2

MS Antivirus
Developer(s)Bakasoftware
Operating systemMicrosoft Windows
TypeRogue software

MS Antivirus, also known as XP Antivirus[1], Vitae Antivirus, Windows Antivirus, Antivirus Pro, Antivirus 2007, 2008, and 2009, System Antivirus, Vista Antivirus, and XP AntiSpyware 2009, is a scareware rogue anti-virus which claims to remove bogus virus infections found on a computer running Microsoft Windows if a user purchases the full version of the software.[2] The creators of the malware have been sued. [3] MS Antivirus removal Resource [4]

Method of Infection/Variants

MS Antivirus is known to infect users using the Microsoft Windows operating system, and is browser independent. One infection method involves the Zlob Trojan. Another involves the use of fake codec scams, such as Video ActiveX Enhancement 2.07.[5].

Symptoms of infection

File:AV2009scrnsht.JPG
Screenshot of Antivirus 2009 "scanner" on an infected computer

Each variant has its own way of downloading and installing itself onto a computer. MS Antivirus is made to look professional and functional to fool a computer user into thinking that it is a real anti-virus system in order to convince the user to "purchase" it. In a typical installation, MS Antivirus runs a scan on the computer and gives a false spyware report claiming that the computer is infected with spyware. Once the scan is completed, a warning message appears that lists the spyware ‘found’ and the user has to either click on a link or a button to remove it. Regardless of which button is clicked -- "Next" or "Cancel" -- a download box will still pop up. This deceptive tactic is an attempt to scare the Internet user into clicking on the link or button to purchase MS Antivirus. If the user decides not to purchase the program, then they will constantly receive pop-ups stating that the program has found infections and that they should register it in order to fix them. This type of behavior can cause a computer to operate slower than normal.

MS Antivirus will also occasionally display fake pop-up alerts on an infected computer. These alerts pretend to be a detection of an attack on that computer and the alert prompts the user to activate, or purchase, the software in order to stop the attack. The Registry is also modified so the software runs at system startup. The following files may be downloaded to an infected computer:[6]

  • MSASetup.exe
  • MSA.exe
  • MSA.cpl
  • MSx.exe

Depending on the variant, the files will have different names and therefore can appear or be labeled differently. For example, Antivirus 2009 will have the .exe file name a2009.exe.

Malicious actions

Few variants will actually monitor and send a user's personal information to their creators, and most variants won't critically harm a system. They will just constantly inconvenience the user, popping up as a prompt, harassing the user to buy the software, which it claims will delete the false viruses. Some variants will prevent the user from using their computer at all, for it can pop-up whenever the user tries to start an application or even tries to navigate their hard drive, especially after they restart their computer. It does this by modifying the Windows registry.

No matter which variant, they all have one objective: to scare the user into buying their software. Until then, an infected computer will fail to function normally, for the virus will run on the computer, load pop-ups, and slow the computer down, sometimes to the point where it freezes. MS Antivirus takes up memory and CPU, making an infected computer run slow and preventing a computer user from doing their work.

Removal

MS Antivirus is constantly updated and re-released to prevent detection by common anti-virus scanners, such as Avast!, McAfee, and in some cases, Norton AntiVirus. Most of the new variants can be removed by anti-spywares such as Malwarebytes' Anti-Malware or SUPERAntispyware. Online guides are also available that outline the manual removal of MS Antivirus.

Earnings

In November of 2008, it was reported that a Hacker known as NeoN, hacked the Bakasoftware's database, and posted the earnings of the company recieved from AP Antivirus. The data revealed the most successful affiliate earned $US158,000 in a week. [7]

See also


References