Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
14 entries found.
Updated on Aug 24, 2014

Windows Defender detects and removes this threat.

See the Win32/FakeVimes description for more information.

Find out ways that malware can get on your PC.

Alert level: severe
Updated on Aug 06, 2014

This family of rogue security programs pretend to scan your PC for malware, and often report lots of infections. The program will say you have to pay for it before it can fully clean your PC.

However, the program hasn't really detected any malware at all and isn't really an antivirus or antimalware scanner. It just looks like one so you'll send money to the people who made the program. Some of these programs use product names or logos that unlawfully impersonate Microsoft products.

Even if you do pay to "unlock" the app, it won't do anything because your PC isn't actually infected with all that malware it "found".

Different brands of the rogues may modify various settings on your computer, end or close programs or system services, or block access to websites.

We've seen the rogues use the following names: 

  • Advanced Antispyware Solution
  • Antimalware PC Safety
  • Antivirus Smart Protection
  • AV Security Essentials
  • Best Antivirus Software
  • Best Virus Protection
  • Home Malware Cleaner
  • Home Security Solutions
  • Internet Security Guard
  • Malware Protection Center
  • Smart Anti-Malware Protection
  • Strong Malware Defender
  • System Protection Tools
  • Total Anti Malware Protection
Alert level: severe
Updated on Apr 11, 2011
TrojanDownloader:Win32/FakeVimes is a downloading component of Win32/FakeVimes - a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.
 
Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 
 
Use Microsoft Windows Defender, the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742), or another up-to-date scanning and removal tool to detect and remove these threats and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.
Alert level: severe
Updated on Apr 11, 2011
This threat has been renamed to Rogue:Win32/FakeVimes.
Alert level: severe
Updated on Feb 22, 2012
Alert level: severe
Updated on May 04, 2012
Alert level: severe
Updated on May 04, 2012
Alert level: severe
Updated on Aug 17, 2010
Alert level: severe
Updated on Sep 17, 2018
Alert level: severe
Updated on Apr 11, 2011
Trojan:Win32/FakeVimes is a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.
 
Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 
 
Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.
Alert level: severe
Updated on Apr 11, 2011
VirTool:Win32/VBInject.gen!FO is a generic detection for malicious files that are obfuscated using particular techniques to protect them from detection or analysis.
 
Malicious programs detected as VirTool:Win32/VBInject.gen!FO can have virtually any purpose, as this technique is utilized by many different malware families in the wild in order to protect them from detection or analysis.  
Alert level: severe
Updated on Jul 27, 2012

Total Anti Malware Protection is a variant of Win32/FakeVimes - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. It may also modify security settings, prevent programs from running, and modify the Hosts file.

Alert level: severe
Updated on Jul 27, 2012

Best Antivirus Software is a variant of Win32/FakeVimes - a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. It may also modify security settings, prevent programs from running, and modify the Hosts file.

Alert level: severe
Updated on Feb 09, 2014
Windows Defender Antivirus detects and removes this threat.
 
This threat is a variant of the Win32/FakeVimes family. Programs in this family claim to scan your PC for malware and then show you fake warnings about malicious programs and viruses. They usually tell you to pay money to register the software and remove the fake malware.
 
You can read more about this type of threat on our rogue security software page.
Alert level: low