- dotTech - https://dottech.org -

114 rogue security software you don’t want on your computer, how to protect oneself against such threats, and how to clean up after infection

Rogue security software are probably one of the most popular ways for scumbags to swindle money out of computer users. Indeed, it takes just a simple advertisement proclaiming “your computer is infected, clean it now” to trick users into downloading fake anti-viruses. Once a rogue security program is on one’s computer, it typically “scans” the computer, finds “malware”, and tells the user to purchase the full version of the program to remove the “malware”. In reality, the rogue program does no scanning nor finding; it pretends to scan and pretends to find malware so users shell out money to the scumbags who created the rogue security program.

There are, of course, other things that rogue security programs do, like install malware, change registry keys, fake crashes, disabling aspects of a user’s computer, etc. Regardless of exactly what a particular rogue security program does, the point is no one likes rogue security programs nor does anyone want them on their computer.

A few days ago I came across a list of 114 rogue security programs (the list itself is a year old, but the data is still relevant). So I thought why not write an article listing out the 114 rogue security programs [1] and at the same time provide advice [2] on how to protect oneself from such scumware and how to clean up [3] ones computer if infected.

114 Rogue Security Programs To Avoid

The following is a list put together by Microsoft of 114 rogue security programs. Do take note that rogue security software tend to change their names often; the names of the programs in the following list are the official names Microsoft has given to them – they may appear in the wild branded as something else. (The “Aliases” are other names given to them by other parties.)

1. Win32/FakeXPA [4]– Aliases: Win-Trojan/Downloader.56320.M (AhnLab), Win32/Adware.XPAntivirus (ESET), not-a-virus:Downloader.Win32XpAntivirus.b (Kaspersky), FakeAlert-AB.dldr (McAfee), W32/DLoader.FKAI (Norman), Mal/Generic-A (Sophos), XPAntivirus (Sunbelt Software), Downloader.MisleadApp (Symantec), XP Antivirus (other), Antivirus 2009 (other), Antivirus 2010 (other), Antivirus 360 (other), Total Security (other), AntivirusBEST (other), GreenAV (other), Alpha Antivirus, other), AlphaAV (other), Cyber Security (other), Cyber Protection Center (other), Nortel (other), Eco AntiVirus (other), MaCatte (other), Antivirus (other), Antivir (other), Personal Security (other).

2. Trojan:Win32/FakePowav [5]– Aliases: Win Antivirus 2008 (other), SpyShredder (other), WinXProtector (other), Rapid Antivirus (other), Security 2009 (other), Power Antivirus 2009 (other), WinXDefender (other), SpyProtector (other), SpyGuarder (other), MSAntiMalware (other).

3. Program:Win32/MalwareBurn [6]

4. Program:Win32/UnSpyPc [7]

5. Program:Win32/DriveCleaner [8] – Aliases: DriveCleaner (McAfee), W32/WinFixer.NU (Norman), DriveCleaner (Sunbelt Software), DriveCleaner (Symantec), Freeloa.8F4CBEAA (Trend Micro).

6. Trojan:Win32/DocrorTrojan [9]

7. Program:Win32/Winfixer [10] – Aliases: DriveCleaner (McAfee), W32/WinFixer.NU (Norman), DriveCleaner (Sunbelt Software), DriveCleaner (Symantec), Freeloa.8F4CBEAA (Trend Micro), Win32/Adware.WinFixer (ESET), not-a-virus:Downloader.Win32.WinFixer.o (Kaspersky), WinFixer (McAfee), Adware_Winfixer (Trend Micro), Program:Win32/DriveCleaner (other), Program:Win32/SecureExpertCleaner (other).

8. Trojan:Win32/FakeScanti [11] – Aliases: Windows Antivirus Pro (other), Windows Police Pro (other), Win32/WindowsAntivirusPro.F (CA), FakeAlert-GA.dll (McAfee), Adware/WindowsAntivirusPro (Panda), Trojan.Fakeavalert (Symantec).

9. Program:Win32/Cleanator [12]

10. Program:Win32/MalwareCrush [13]

11. Program:Win32/PrivacyChampion [14]

12. Program:Win32/SystemLiveProtect [15]

13. Win32/Yektel [16]

14. Trojan:Win32/FakeSmoke [17] – Aliases: SystemCop (other), QuickHealCleaner (other), TrustWarrior (other); SaveArmor (other), SecureVeteran (other), SecuritySoldier (other), SafeFighter (other), TrustSoldier (other), TrustFighter (other), SoftCop (other), TRE AntiVirus (other), SoftBarrier (other), BlockKeeper (other), BlockScanner (other), BlockProtector (other), SystemFighter (other), SystemVeteran (other), SystemWarrior (other), AntiAID (other), Win32/WinBlueSoft.A (CA), Trojan-Downloader.Win32.FraudLoad.vtgpk (Kaspersky), WinBlueSoft (other), WiniBlueSoft (other), Winishield (other), SaveKeep (other), WiniFighter (other), TrustNinja (other), SaveDefense (other), BlockDefense (other), SaveSoldier (other), WiniShield (other), SafetyKeeper (other), SoftSafeness (other), SafeDefender (other), Trustcop (other), SecureWarrior (other), SecureFighter (other), SoftSoldier (other), SoftVeteran (other), SoftStronghold (other), ShieldSafeness (other).

15. Program:Win32/Spyguarder.A [18]

16. Program:Win32/AntivirusGold [19]

17. Program:Win32/SystemGuard2009 [20]

18. Program:Win32/WorldAntiSpy [21]

19. Program:Win32/SpywareSecure [22] – Aliases: W32/SpyAxe.AMI (Norman), SpywareSecure (Panda), SpywareSecure (Sunbelt Software), SpywareSecure (Symantec).

20. Program:Win32/IEDefender [23] – Aliases: Win32/Burgspill.AD (CA), IEAntivirus (Symantec), Trojan.DR.FakeAlert.FJ (VirusBuster).

21. Program:Win32/MalWarrior [24]

22. Program:Win32/Malwareprotector [25]

23. Program:Win32/SpywareSoftStop [26]

24. Program:Win32/AntiSpyZone [27]

25. Program:Win32/Antivirus2008 [28] – Aliases: Trojan.FakeAlert.RL (BitDefender), Win32/Adware.Antivirus2008 (ESET), not-a-virus:Downloader.Win32.FraudLoad.ar (Kaspersky), WinFixer (McAfee), W32/DLoader.HDZU (Norman), Troj/Dwnldr-HDG (Sophos), ADW_FAKEAV.O (Trend Micro), Program:Win32/VistaAntivirus2008.A (other), MS Antivirus (CA).

26. Trojan:Win32/PrivacyCenter [29] – Aliases: Fake_AntiSpyware.BKN (AVG), Win32/FakeAV.ACR (CA), Win32/Adware.PrivacyComponents (ESET), not-a-virus:FraudTool.Win32.PrivacyCenter (other), not-a-virus:FraudTool.Win32.Agent.jn (Kaspersky), FakeAlert-CP (McAfee), Troj/PrvCnt-Gen (Sophos), SpywareGuard2008 (Symantec).

27. Program:Win32/SpyLocked [30]

28. Program:Win32/Trojanguarder [31]

29. Program:Win32/MyBetterPC [32]

30. Program:Win32/NeoSpace [33]

31. Win32/Winwebsec [34] – Aliases: SystemSecurity2009 (other), System Security (other), Winweb Security (other), FakeAlert-WinwebSecurity.gen (McAfee), Mal/FakeAV-AK (Sophos), Troj/FakeVir-LB (Sophos), Adware/AntiSpywarePro2009 (Panda), Adware/UltimateCleaner (Panda), Adware/Xpantivirus2008 (Panda), Win32/Adware.SystemSecurity (ESET), Win32/Adware.WinWebSecurity (ESET), AntiVirus2008 (Symantec), SecurityRisk.Downldr (Symantec), W32/AntiVirus2008.AYO (Norman), Total Security (other), AntiSpyware Pro 2009 (other), FakeAlert-AntiSpywarePro (McAfee).

32. Trojan:Win32/FakeRemoc [35] – Aliases: AntiMalwareSuite (other), VirusRemover2009 (other), PCAntiMalware (other), Total Virus Protection (other), SpywareRemover2009 (other), AntiMalwareGuard (other), Secure Expert Cleaner (other), Cleaner2009 Freeware (other), AVCare (other), AV Care (other).

33. Program:Win32/SpywareStormer [36]

34. Program:Win32/SecurityiGuard [37]

35. Program:Win32/DoctorCleaner [38]

36. Program:Win32/UniGray [39]

37. Win32/FakeSecSen [40]– Aliases: Micro AV (other), MS Antivirus (other), Spyware Preventer (other), Vista Antivirus 2008 (other), Advanced Antivirus (other), System Antivirus (other), Ultimate Antivirus 2008 (other), Windows Antivirus 2008 (other), XPert Antivirus (other), Power Antivirus (other).

38. Program:Win32/VirusRemover [41] – Aliases: Troj/FakeVir-DR (Sophos), VirusRemover2008 (Symantec), ADW_FAKEVIR (Trend Micro).

39. Program:Win32/Privacywarrior [42]

40. Program:Win32/PrivacyProtector [43]

41. Adware:Win32/SpyBlast [44]

42. Trojan:Win32/FakeFreeAV [45]

43. Win32/FakeRean [46] – Aliases: XP AntiSpyware 2009 (other), XP Security Center (other), PC Antispyware 2010 (other), Home Antivirus 2010 (other), PC Security 2009 (other), ADW_WINREANIMA (Trend Micro), Win32/Adware.WinReanimator (ESET), not-a-virus:FraudTool.Win32.Reanimator (Kaspersky), WinReanimator (Sunbelt Software), XP Police Antivirus (other), FakeAlert-XPPoliceAntivirus (McAfee), Adware/XPPolice (Panda), AntiSpyware XP 2009 (other), Antivirus Pro 2010 (other).

44. Program:Win32/Antivirus2009 [47] – Aliases: Win32/Adware.XPAntivirus (ESET), FakeAlert-AB.gen (McAfee), MalwareWarrior (other), Antivirus2009 (other).

45. Program:Win32/AntiSpywareDeluxe [48] – Aliases: Adware.Fakealert-134 (Clam AV), Win32/Adware.AntiSpywareDeluxe (ESET), FraudTool.Win32.AntiSpywareDeluxe.a (Kaspersky), AntispyDeluxe (Symantec), TROJ_RENOS.CP (Trend Micro).

46. Program:Win32/Searchanddestroy [49]

47. Program:Win32/AlfaCleaner [50]

48. Program:Win32/WebSpyShield [51]

49. Win32/InternetAntivirus [52]– Aliases: InternetAntivirus (Symantec), General Antivirus (other), Personal Antivirus (other), not-a-virus:FraudTool:Win32.GeneralAntivirus.b (Kaspersky), Mal/FakeAV-AC (Sophos), TrojanDownloader:Win32/Renos.gen!Z (other), Fraudtool.GeneralAntivirus.C (VirusBuster), Internet Antivirus Pro (other).

50. Trojan:Win32/Antivirusxp [53]– Aliases: Antivirus XP 2008 (other), Win32/Adware.WinFixer (ESET), Generic FakeAlert.a (McAfee), W32/WinFixer.BTB (Norman), Troj/FakeAV-AB (Sophos), AntiVirus2008 (Symantec), Program:Win32/Antivirusxp (other).

51. Program:Win32/ErrorGuard [54]

52. Program:Win32/SpyCrush [55]

53. Trojan:Win32/Fakeav [56]

54. Program:Win32/Spyaway [57]

55. Trojan:Win32/WinSpywareProtect [58]– Aliases: Win32/Adware.WinSpywareProtect (ESET), Trojan-Downloader.Win32.FraudLoad.aob (Kaspersky), WinSpywareProtect (Symantec), Program:Win32/WinSpywareProtect (other), Trojan.FakeAV.GP (BitDefender), Win32/Adware.MSAntispyware2009 (ESET), Packed.Win32.Katusha.a (Kaspersky), FaleAlert-BV (McAfee), Adware/MSAntiSpyware2009 (Panda), Fraudtool.MSAntispy2009.A (VirusBuster), MS Antispyware 2009 (other), AV Antispyware (other), Extra Antivirus (other).

56. Program:Win32/Fakerednefed [59]– Aliases: WinDefender 2008 (other), Program:Win32/Defendwin (other), Program:Win32/Windefender (other).

57. Program:Win32/Antispyware2008 [60]

58. Program:Win32/EZCatch [61]

59. Program:Win32/EvidenceEraser [62]

60. Program:Win32/Vaccine2008 [63]

61. Win32/FakeSpypro [64] – Aliases: FakeAlert-C.dr (McAfee), SpywareProtect2009 (Symantec), Troj/FakeAV-LS (Sophos), Win32/Adware.SpywareProtect2009 (ESET), .Win32.FraudPack.kho (Kaspersky), Spyware Protect 2009 (other), Antivirus System Pro (other), Security Central (other), Barracuda Antivirus (other).

62. Trojan:Win32/FakeCog [65]– Aliases: Win32/Adware.CoreguardAntivirus (ESET), not-a-virus:FraudTool.Win32.CoreGuard2009 (Kaspersky), FakeAlert-FQ (McAfee) , W32/Renos.FIP (Norman) , Mal/TDSSPack-L (Sophos), CoreGuardAntivirus2009 (Symantec), Fraudtool.CoreGuard2009.A (VirusBuster), CoreGuard Antivirus 2009 (other).

63. Program:Win32/AntiVirGear [66]

64. Adware:Win32/VaccineProgram [67]

65. Program:Win32/TrustCleaner [68]

66. Program:Win32/SearchSpy [69]

67. Program:Win32/AntiSpywareExpert [70] – Aliases: Win32/Adware.AntiSpywareMaster (ESET), Generic.Win32.Malware.AntiSpywareExpert (other), WinFixer (McAfee), AVSystemCare (Symantec), AntiSpywareExpert (Trend Micro), not-a-virus:FraudTool.Win32.AntiSpywareExpert.a (Kaspersky).

68. Program:Win32/VirusRanger [71] – Aliases: VirusRescue (Symantec) .

69. Program:Win32/SpyDawn [72]

70. Program:Win32/UltimateFixer [73]

71. Program:Win32/WinHound [74]

72. Program:Win32/Spyshield [75]

73. Program:Win32/SpySheriff [76] – Aliases: Win32.TrojanDownloader.IEDefender (Ad-Aware), MagicAntiSpy (Sunbelt Software), Adware.SpySheriff (Symantec), SpyShredder (Symantec), IEDefender (other), Malware Destructor (other), SpySheriff (other), SpyShredder (other).

74. Program:Win32/Antispycheck [77] – Aliases: Win32/Adware.AntiSpyCheck (ESET), AntiSpyCheck (Symantec).

75. Program:Win32/SpywareIsolator [78]– Aliases: not-a-virus:FraudTool.Win32.SpywareIsolator.ad (Kaspersky), SpywareIsolator (Symantec).

76. Program:Win32/SpyFalcon [79]

77. Program:Win32/PrivacyRedeemer [80]

78. Trojan:Java/VirusConst [81]

79. Trojan:Win32/FakeVimes [82] – Aliases: FakeAlert-CQ (McAfee), Extra Antivirus (other), Ultra Antivirus 2009 (other), Malware Catcher 2009 (other), Virus Melt (other), Windows PC Defender (other).

80. Program:Win32/PCSave [83]– Aliases: Win-Trojan/Pcsave.339456 (AhnLab), PCSave (McAfee).

81. Program:Win32/PSGuard [84]

82. Program:Win32/SpywareStrike [85]

83. Program:Win32/Nothingvirus [86]

84. Trojan:Win32/AVClean [87]

85. Trojan:Win32/FakeIA.C [88]– Aliases: Win32/FakeAlert.RW (CA), Dropped:Trojan.FakeAv.DS (BitDefender), FakeAlert-AB (McAfee), Trojan.Fakeavalert (Symantec), not-a-virus:FraudTool.Win32.Delf.d (Kaspersky).

86. Program:Win32/AntispyStorm [89]

87. Program:Win32/Antivirustrojan [90]

88. Program:Win32/XDef [91]

89. Program:Win32/AntiSpywareSoldier [92]

90. Program:Win32/AdsAlert [93]

91. Program:Win32/AdvancedCleaner [94]– Aliases: AdvancedCleaner (Symantec).

92. Program:Win32/FakePccleaner [95] – Aliases: Program:Win32/Pccleaner (other), Win32/Adwrae.PCClean (ESET), Backdoor.Win32.UltimateDefender.hu (Kaspersky), PCClean (Symantec), Program:Win32/UltimateCleaner (other).

93. Program:Win32/SpywareQuake [96]

94. Program:Win32/WareOut [97]– Aliases: WareOut (McAfee), W32/WareOut (Norman), WareOut (Sunbelt Software), SecurityRisk.Downldr (Symantec), Adware.Wareout (AVG).

95. Program:Win32/Kazaap [98]

96. Program:Win32/SystemDefender [99]

97. Trojan:Win32/FakeSpyguard [100] – Aliases: Spyware Guard 2008 (other), Win32/Adware.SpywareGuard (ESET), FakeAlert-BM (McAfee), SpywareGuard2008 (Symantec), ADW_SPYWGUARD (Trend Micro), System Guard 2009 (other), Malware Defender 2009 (other).

98. Program:Win32/SpyHeal [101]

99. Program:Win32/VirusBurst [102]

100. Program:Win32/VirusRescue [103]

101. Program:Win32/TitanShield [104]

102. Program:Win32/Easyspywarecleaner [105]

103. Trojan:Win32/Fakeinit [106]– Aliases: Trojan.FakeAlert.AUW (BitDefender), Win32/FakeAV.ABR (CA), Fraudtool.XPAntivirus.BCVY (VirusBuster), Adware/AntivirusXPPro (Panda), AntiVirus2008 (Symantec), Advanced Virus Remover (other), Win32/AdvancedVirusRemover.G (CA).

104. Program:Win32/AntiVirusPro [107]

105. Program:Win32/CodeClean [108]

106. Trojan:Win32/Spybouncer [109]

107. Program:Win32/MalwareWar [110]

108. Program:Win32/VirusHeat [111]

109. Adware:Win32/SpyAxe [112] – Aliases: VirusHeat (other), ControVirus (other).

110. Program:Win32/Awola [113] – Aliases: not-virus:Hoax.Win32.Avola.a (Kaspersky), Generic FakeAlert.b (McAfee), W32/Awola.A (Norman), Awola (Symantec), JOKE_AVOLA.D (Trend Micro).

111. Program:Win32/MyNetProtector [114]

112. Program:Win32/FakeWSC [115]

113. Program:Win32/DoctorAntivirus [116]

114. Program:Win32/UltimateDefender [117] – Aliases: Ultimate (McAfee), UltimateDefender (Symantec), ADW_ULTIMATED.ME (Trend Micro), Risktool.UltimateDefender.A.Gen (VirusBuster), Adware.UltimateX-15 (Clam AV), Win32/Adware.UltimateDefender (ESET).

[List via Softpedia [118]]

How to protect oneself against rogue security software

First and foremost you need an anti-malware security program installed. If you cannot/will not pay for a paid solution, grab one of the excellent free ones [119]. Obviously since the above list has been put together by Microsoft their Microsoft Security Essentials will detect and protect against all 114. However, other legitimate security programs should/will protect against them too.

Secondly, think before you click! Most – if not all – scumware use some sort of social engineering to infect users. If users simply understood what was going on, and they stopped falling into scumware traps, scumware wouldn’t be so successful. If you ever see an advertisement telling you “your computer has been infected” blah, blah, blah, ignore it. No advertisement or website on the Internet can tell if your computer is infected without you explicitly running a scan first. And no, running a scan using a program you found by clicking on a “your computer is infected” ad does not count, because chances are that program is rogue. I can give you all the tips in the world, but in the end it just comes down to thinking before you click. If it looks too good to be true, it probably is.

Lastly, use a layered defense; defense in depth is key. Do not just depend on one anti-malware program to protect you. That doesn’t mean run multiple anti-malware live protection modules at the same time. Rather that means have one main anti-malware program as your main protection software, but also have other programs ready on-demand to scan whenever you want. Unless you are limited on hard drive space, it never hurts to have two or three or even four on-demand scanners ready to scan whenever you want.

Similarly, use software like WOT and SiteAdvisor. Website advisors typically do a very good job at warning users about the dangers of a particular website, saving users from a headache before it occurs. See dotTech’s suite of security programs [120] for more details on what software one should have installed.

What to do if infected

Okay so you didn’t listen to Ashraf and went and got yourself infected. What must you do now?

First and foremost, disconnect your computer from the Internet. You may not know exactly what the malware is doing on your computer but without an Internet connection at least you know your data isn’t being shipped off somewhere. If you are connected to a LAN, you want to disconnect that too to prevent contamination off your other computers.

Secondly, you need to do research. Chances are the rogue security software that has infected you has infected other users in the past. Doing research (i.e. searching Google, posting on security website forums, etc.) on that particular rogue program can lead to explicit directions on how to remove it. You will have to use a different computer to research than the infected one because the first thing you did – should have done – is disconnect the infected computer from the ‘net. If you don’t have access to another computer, then you obviously need to use the infected one; but note that the rogue program may hinder your research by doing things like blocking your Internet connection or continually redirecting you to malware infested websites.

If, however, you do not find any directions on how to remove the particular rogue program you have been infected with, do the following:

Conclusion

I hate rogue security software; you hate rogue security software; we all hate rogue security software. So live by one rule of thumb: Think before you click. Live by that rule and scumware won’t be much of a bother to you. Here’s to us all staying digitally safe.

Feel free to share in the comments below ways you deal with scumware, and provide tips on how dotTechies can protect themselves/clean up after the fact.