The XP Rogues (Fake Anti-virus) are Back for 2011

It’s the Operating System that will not die and is still favored by so many…Windows XP.  Malware authors and distributors know this and consequently have made a new round of Rogues (fake antivirus) to trick users into handing over their cash and worse, their identities.

Yesterday I encountered 2 new XP Rogues:

  1. Windows XP AntiSpyware 2011 – Vipre eventually killed this one, but did allow it to load and run.
  2. XP Internet Security – Microsoft Security Essentials just ignored this one.  I had to use Malwarebytes to get rid of it.

Here are some screen shots of these two new XP Rogues (click for a larger image):



, , , ,

12 Responses to The XP Rogues (Fake Anti-virus) are Back for 2011

  1. Christos(ballader1 on YT) November 23, 2010 at 5:23 pm #

    MSE ignored XP Internet Security ?!?!?!?!?!?!?!?!?!?!?!?!?

    Did you upload XP Internet Security to to see which av vendors detect it?

  2. Adam November 23, 2010 at 5:25 pm #

    I have really found MSE doesn’t do very well against Fake AV’s

  3. Christos(ballader1 on YT) November 23, 2010 at 5:26 pm #

    Well, MSE does good with 80% of the rogues and it is a pretty good free antivirus, that’s why I was like WTF when I read that it missed it.

  4. malwarekilla November 23, 2010 at 6:56 pm #

    @Christos(ballader1 on YT) – no, wish I would have though. I was pretty burned out by that time (it was like 9 pm).

  5. Christos(ballader1 on YT) November 23, 2010 at 7:54 pm #

    @malwarekilla Oh, ok.

  6. Christos(ballader1 on YT) November 23, 2010 at 7:57 pm #

    @malwarekilla Q: What do you prefer? Avast!5 or MSE, I think MSE, but I just want your opinion (my reviews and tests show me MSE as better).

  7. gusthebus November 23, 2010 at 9:32 pm #

    I saw something like this just yesterday on my family member’s PC.

  8. Shaun Zhang November 23, 2010 at 9:34 pm #

    When the new version of Microsoft Security Essentials (Microsoft Security Essentials 2.0) is released, I expect that the behavior monitor might catch this one, otherwise, the script scanning of Microsoft Security Essentials 2.0 should be able to prevent this one from getting into the computer through a legitimate website.
    Did you send this to Microsoft for analysis?
    Go here to send this file to Microsoft if you haven’t done so already

  9. elliotcroft November 24, 2010 at 8:30 pm #

    I would bet on Comodo finding this. Believe it or not Comodo has a very high detection rate. Defense+ would most likely also catch it. I’m currently using Comodo Internet Security Version 5 and am looking forward to the DACS technology in V5.1 which will apparently give the best detection of any antivirus guaranteed.

  10. Shaun Zhang November 27, 2010 at 11:18 pm #

    When are you going to upload more video reviews?

  11. Ron December 1, 2010 at 3:33 pm #

    The bottom screen shows vipre running as well. Did it not catch/clean it at all?

    • malwarekilla December 2, 2010 at 8:00 pm #

      @Ron – Yes, Vipre did kill this rogue.

Leave a Reply