This program was detected by definitions prior to 1.159.567.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

Antivirus 2009 is a variant of Win32/FakeXPA - a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. Some members of the Win32/FakeXPA family may also download additional malware and have been observed in the wild downloading variants of Win32/Alureon.

 

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs, such as Trojan:Win32/Antivirusxp and Program:Win32/FakeRednefed may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products.  These products may represent themselves as “Antivirus XP”, “AntivirusXP 2008”, “WinDefender 2008”, “XP Antivirus”, or similar.

 

Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Win32/Renos.gen!BA is a generic detection for a family of trojan downloaders that display fake warning messages indicating that spyware or malware has been detected on the machine, before downloading rogue security products, most notably Program:Win32/Antivirusxp or Trojan:Win32/FakeXPA. In the wild, Win32/Renos.gen!BA has been distributed via spam e-mail messages.

Win32/Yektel is a family of trojans that display fake warnings of spyware or malware in an attempt to lure the user into installing or paying money to register rogue security products such as Trojan:Win32/FakeXPA. It is downloaded by most variants of Win32/FakeXPA.

Win32/Yektel is a family of trojans that display fake warnings of spyware or malware in an attempt to lure the user into installing or paying money to register rogue security products such as Trojan:Win32/FakeXPA. It is downloaded by most variants of Win32/FakeXPA.

Windows Defender detects and removes this threat.

Win32/FakeXPA is a family of programs that claims to scan for malware and displays fake warnings of malicious programs and viruses. They then ask you to pay for and register the software to remove these fake threats from your PC. Some members of Win32/FakeXPA can also download other malware and have been observed in the wild downloading variants of Win32/Alureon.

Windows Defender Antivirus detects and removes this threat.

 

Win32/Yektel is a family of trojans that display fake warnings of spyware or malware in an attempt to lure the user into installing or paying money to register rogue security products such as Trojan:Win32/FakeXPA. It is downloaded by most variants of Win32/FakeXPA.