Rogue security software, also known as "scareware," is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions.
Rogue security software designers create legitimate looking pop-up windows that advertise security update software. These windows might appear on your screen while you surf the web.
The "updates" or "alerts" in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer.
Rogue security software might also appear in the list of search results when you are searching for trustworthy antispyware software, so it is important to protect your computer.
Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect.
Some rogue security software might also:
Lure you into a fraudulent transaction (for example, upgrading to a non-existent paid version of a program).
Use social engineering to steal your personal information.
Install malware that can go undetected as it steals your data.
Launch pop-up windows with false or misleading alerts.
Slow your computer or corrupt files.
Disable Windows updates or disable updates to legitimate antivirus software.
Prevent you from visiting antivirus vendor websites.
Rogue security software might also attempt to spoof the Microsoft security update process. Here's an example of rogue security software that's disguised as a Microsoft alert but that doesn't come from Microsoft.
Example of a warning from a rogue security program known as AntivirusXP.
For more information about this threat, including analysis, prevention and recovery, see the Trojan:Win32/Antivirusxp entry in the Microsoft Malware Protection Center encyclopedia.
Install a firewall and keep it turned on.
Use automatic updating to keep your operating system and software up to date.
Install antivirus and antispyware software and keep it updated. Windows 8 includes antivirus protection that’s turned on by default. If your computer isn’t running Windows 8, download Microsoft Security Essentials for free.
Use caution when you click links in email or on social networking websites.
Use a standard user account instead of an administrator account.
Familiarize yourself with common phishing scams.
Scan your computer. Use your antivirus software or do a free scan with the Microsoft Safety Scanner. The safety scanner checks for and removes viruses, eliminates junk on your hard drive, and improves your PC's performance.
Get help from a Microsoft partner. If you have trouble removing the software yourself, you can enter your zip code to find experts in your area.
Check your accounts. If you think you might have entered sensitive information, such as credit card numbers or passwords into a pop-up window or at a rogue security software site, you should monitor your associated accounts. For additional information, see Email and web scams: How to help protect yourself.
If you suspect that your computer is infected with rogue security software that is currently not detected with Microsoft security solutions, you can submit samples using the Microsoft Malware Protection Center submission form.
I want to...