Microsoft warns of malicious antivirus, 'Security Essentials 2010'

Microsoft

Microsoft warns of malicious antivirus, 'Security Essentials 2010'

By Matthew DeCarlo, TechSpot.com
Published: February 26, 2010, 3:15 PM EST

Microsoft announced on Wednesday that malware writers are creating malicious applications with a similar name, look and feel to the company's legitimate security software (Microsoft Security Essentials) -- a popular and long-used method of preying on inexperienced users. The fake antivirus is called "Security Essentials 2010" and contains the Trojan Win32/Fakeinit.

Once installed, the malware downloads and installs a fake scanner that monitors processes and terminates ones it doesn't like, claiming they are infected. It also lowers some security settings in the registry, and changes the desktop background to display the warning seen below while modifying the registry to prevent the wallpaper from being altered.

Continue reading...

Furthermore, it downloads and installs Win32/Alureon and another Layered Service Provider component, which monitors TCP traffic sent by Web browsers and blocks certain domains, instead displaying this message. Naturally, the malware also requests that users pay for a subscription to use a "full version" of the software.

If you've been duped by "Security Essentials 2010," Microsoft's legitimate antivirus is available for free and can clean your system. Grab your download: Windows XP 32-bit, Windows Vista/7 32-bit, Windows Vista/7 64-bit. If you need further assistance, feel free to swing by TechSpot's Virus and Malware Removal forum.

Related Stories

35 comments

Share this RSS

User Comments (35)

Post a comment

TomSEA on February 26, 2010 3:36 PM	I think they ought to lop off fingers of people they catch putting this stuff out (and spammers). Pretty soon, if they can't type, then they can't pollute the internet with these trojans and viruses. Reply \| Quote
fwilliams on February 26, 2010 4:02 PM	Microsoft is a virus. Eliminate the virus and everything will be OK. Reply \| Quote
mattfrompa on February 26, 2010 4:35 PM	I have already had to remove an instance of this from a friend of my brothers...she had an expired edition of Norton on there as well. But because she knew when it started I was able to just boot into system restore and that got rid of it. I then of course ran it through windows update, installed MSE and MBAM, and after they scanned clean I felt confident that the malware was gone for good. Reply \| Quote
Guest on February 26, 2010 4:47 PM	Had a friend with an updated version of Norton. Installed Microsoft Security Essentials on her machine and it found a backdoor trojan. So much for Norton. Reply \| Quote
vicenarian on February 26, 2010 7:00 PM	Hey, while on the topic of effective anti-virus software, I just have to recommend Avast. The home edition is free, and with the new update it received a month or so back, the interface finally looks and works fantastic! If you haven't tried the new interface, you just have to. It's great. Of course, many people/websites rate Avira as having the highest detection rates, but with the new interface, I much prefer Avast. Combined with Avast's real-time scanning and other shields, its boot time scan ability, and the fact the Home edition is free, let's just say I install it on every computer I own. Reply \| Quote
Guest on February 26, 2010 7:16 PM	"Of course, many people/websites rate Avira as having the highest detection rates, but with the new interface, I much prefer Avast." So you prefer lower detection rate just as long as your AV software look cool?? Nice! /sarcasm. Reply \| Quote
j4m32 on February 26, 2010 8:04 PM	@vicenarian: Yeah avast is good in my opinion. Has a good combination of tools and has a boot time scan option which is very good for first time users who're experiencing problems. if you are super paranoid Kerio Personal Firewall wouldn't even let you run Notepad without authentication let alone open a port (Though I think the company is now named Sunbelt)... The three other tools I use for ridding of malicious trash from peoples machines are: Security Task Manager for showing up processes or modules (DLLs) which maybe injected into existing processes like Internet Explorer or Explorer in general. The next is using Dr Delete (Freeware app) that shedules file deletes upon system boot before Windows fully loads since U can track that all down from the file names. Most stuff resides in the system directories that will certainly exist on any Windows (specifically NT in this case) installation. The next thing is optional: a dissassembler or dependency viewer included in MS Dev can reveal some info about the operation of modules which maybe being used as well as key strings in the malicious files. Removed many a complex registry problem by doing that where the binary is not packed with anything special enables you to see exactly what changes are being made. Reply \| Quote
captaincranky on February 26, 2010 11:17 PM	Combined with Avast's real-time scanning and other shields, its boot time scan ability, and the fact the Home edition is free, let's just say I install it on every computer I own. Odd, I thought the EULA specified 1 copy, 1 computer, 1 owner. Microsoft is a virus. Eliminate the virus and everything will be OK. This is constructive. Did we have a bad day in special ed? Reply \| Quote
red1776 on February 26, 2010 11:25 PM	This is constructive. Did we have a bad day in special ed? your on my brain wave again Cap. Reply \| Quote
eafshar on February 27, 2010 3:19 AM	first time i came to techspot was when my old laptop was infected with some torjan..after seeing the helpful and informed people here i have been hooked ever since. Reply \| Quote
eafshar on February 27, 2010 3:23 AM	sry for the double post.. but i think you guys should do a weekend forum poll on what anti-virus,..etc people use. Reply \| Quote
windmill007 on February 27, 2010 8:08 AM	Great Protection....Pay for Malwarebytes and it's real-time protections blocks IP's addresses that contain the spyware so you never even have a chance of getting infected. That on top of Microsoft Security Essentials is a GREAT combo IMO. Reply \| Quote
vicenarian on February 27, 2010 9:58 AM	@Guest No, I prefer avast regardless of the interface. However, Avast's interface prior to the update was not very user-friendly for novice computer users. I find Avast works exceptionally well combined with a decent firewall. If I was looking for an enterprise level solution of course, I would be purchasing a PAID antivirus. But, for home use, Avast wins hands down in my opinion. Combined with common computing sense, a person doesn't really need anything more. Reply \| Quote
vicenarian on February 27, 2010 12:41 PM	Or you could just install Linux... Reply \| Quote
Vickeych on February 28, 2010 2:02 AM	I just heard about it. Don't be afraid. Because i just download some software at the official website. Reply \| Quote
Rick on February 28, 2010 9:34 PM	vicenarian said: Or you could just install Linux... ^ Silly rhetoric often posted by people who don't use Linux themselves. I agree this a potential solution, but it isn't fool proof either ( http://www.linux-sec.net/Exploits/ ) and comes with a whole other set of baggage ( [link] ) for users to deal with. Reply \| Quote
Guest on March 1, 2010 8:18 PM	I've found Linux to be more stable AND attacked by hackers less, as well as having more features & choices than Windows (the only real "set of baggage" I've found is TOO MANY choices for some types of programs, and not yet compatible with some chat programs & my old games (and most new games from Id Software, EA Sports, & similar major brands)...but with high-quality & free games that work in any browser, or made by Linux users, I still haven't found myself wanting to return to Windoze). Yes, no system is "foolproof" Rick, you can only IMPROVE in these 3 areas --stability, security, and features-- but never PERFECT them. I use Linux to serve sound, hulu(etc) videos, & home-automation to every room in my house, along with ethernet+WiFi network to 6 desktops & laptops, and nearly everything else that a "power user" could want. I typically run RAID-1 on user-files and RAID-0 for better (write) speeds on all other partitions, something impossible in Winblows, along with FDEncryption...and my config settings for every app I use is not "rolled-back" like System Restore does whenever you need to use Sys Restore; instead, I can reinstall the OS & programs w/out removing my config files (stored in the partition with my user-files... but... I've NEVER had the whole Linux OS freeze-up or BSOD, in 2 years of usage (if anything freezes it's limited to one app, and that app often can be re-started w/out a reboot, unlike Windoze). In contrast, XP & Vista froze-up _at least_ once a month until I replaced them; friends & relatives have fared no better with Winblows, on average. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ BTW Rick, the article you link to (linuxfonts.narod.ru) says that Linux's sound projects are in disarray, but then linuxfonts.narod.ru "cites" the following link as "proof," despite that it says the OPPOSITE of linuxfonts.narod.ru contention: "State of Sound Development On Linux NOT So Sorry After All" http://linux.slashdot.org/article.pl?sid=09/06/19/1937210 . . . i.e. you're going by FALSE hearsay from linuxfonts.narod.ru, which is obviously an unreliable source, and frankly your soure is an idiot to say "See, Linux audio is 'inreliable,' here's proof (from a source that says Linux audio is GREAT)". . . . so it sounds like you're the one commenting about Linux without actually USING Linux, Rick. Reply \| Quote
Rick on March 1, 2010 8:49 PM	. . . so it sounds like you're the one commenting about Linux without actually USING Linux, Rick. Hi Guest, I do actively run/use Linux (not on my main PC though). My comment about Linux's 'baggage' comes with a heavy heart -- it's sad but true, though. Maybe 'my source' isn't reliable, but it wasn't meant to be some infallible exhibit of how awful Linux is... Even so, there are many thousands of substantial examples outlining how Linux isn't as awesome as you say it is. If you've installed and used Linux for any period of time, you know it too. I like it, I like the idea of it and it works great for some small cross section of users and systems, but no matter how much you'd like it to be, this year isn't the year of the Linux desktop... Reply \| Quote
hughva on March 2, 2010 12:05 AM	I use Netbook remix on my Dell Mini and Ubuntu 9.1 on a spare desktop that's many years old and a perfect candidate for Linux. I like the thought of keeping this PC out of the landfill and getting more use out of it. I've had more than one issue with both installations, but I can't say I've had more problems than I've had with Windows. A stable Linux install has a lot going for it, especially due to the price and relative freedom from Viruses/Malware. The downside is the necessity of being a nerd/geek to solve issues. Of course, that's not much different than windows either. Reply \| Quote
rebelflag on March 2, 2010 9:47 AM	fwilliams said: Microsoft is a virus. Eliminate the virus and everything will be OK. If you have nothing useful to add, please try and refrain from reminding all of us that you are a moron. Reply \| Quote
AmpFeare on March 4, 2010 3:53 PM	all the microsoft products from this category that i have used have all sucked, security essentials will randomly rape my cpu for a bit for no reason, and it has VERY LITTLE options to tweak how the program runs, same with windefender :/ bring back ms antispyware. Reply \| Quote
boyese on March 6, 2010 6:31 AM	I use kaspersky internet security, not had any problem with it. Users get this from having no internet security/out dated software. Which sites do these users go to get this stuff installed? Reply \| Quote
mrtraver on March 6, 2010 7:26 AM	I think I have finally broken my parents and my mother in law of clicking these links. They now call me if anything pops up they are not familiar with, and sometimes i can use remote assistance to see what they are talking about. Reply \| Quote
SNGX1275 on March 6, 2010 11:30 AM	My dad once got infected after a malicious pop-up said he had a virus and he clicked through and did what it wanted. I would have thought he learned his lesson, but just last week he called and said he got a message his computer had a bunch of infections, at least this time he just unplugged from the internet without clicking through and installing stuff. Reply \| Quote
Guest on March 7, 2010 10:30 PM	Wow, I have to say, be careful. I have kaspersky internet security actively running on my computer. I was on a legitimate website about how to design blog templates. I downloaded nothing. I accepted nothing. Am a very wise to the ways of "internet tricks" and all of a sudden it popped up. The security 2010 issue. Of course, even though it does look very microsoft legit, I didn't trust it from the get go because I've had my computer 3 years and never had any software on it that resembled this - but it actually installed an icon in my control panel. I did possibly consider that maybe microsoft loaded this virus program in my last update. But then I did click a link to close it and it took me to a page to purchase the program. I didn't click anything else at that point concerned of activating anything. And I opened my browser (I had already closed it) and it gave me an error page that stated it wouldn't let me go further do to security threats. It didn't look like the cheesy black warning screen above. It still looked very legit. BUT it didn't make sense. MS isn't going to load a program onto my computer in an update that blocks my browsing and then makes me pay to "fix" my computer before I can do anything else. At that point I ran kasperky update to get the latest (which was only 24 hrs old at the time) virus file. And I ran a complete scan on my computer - it didn't find anything. So, I didn't touch anything. I went to my laptop to research what hijacked my computer. My computer shut down and rebooted (which it is prone to do when a MS update comes in - I now know I need to change that setting). When it came back up - and I log in - the only thing that comes up is the security 2010 program with the link to "upgrade" so that it can fix the "Detected problems". Nothing else appeared on my computer - no start menu - nothing. So I shut down and log into a different user. It actually loads proper. I don't go anywhere near my browser. We went to the store and bought a backup drive and I'm backing up all my personal files while researching what this thing is to get rid of it - which is how I found this page. So Mr. Glass House - before you throw stones - I was actively running the security program you have and on a legitimate website and it happened to me. Luckily I am taking care of it. It seems to me that no virus programs seem to find everything. I downloaded MSE onto my USB and loaded it on my computer and am currently running it, but after that I'm gonna do the 8 tests and get some help. Cause obviously this program doesn't find everything. Reply \| Quote