SpySheriff may be installed without user consent, and may then display a dialog box suggesting malware has been found, and prompting the user to buy software to remove the malware that doesn't exist. SpySheriff may download and install program updates without notifying the user.

Windows Defender detects and removes this threat.

This threat tries to download rogue security software onto your PC, including Win32/FakeRean.

It runs when you visit a malicious web page and move your mouse cursor over certain graphics or images.

Windows Defender Antivirus detects and removes this threat. See the Win32/FakeXPA description for more information.

Rogue:MSIL/Zeven is a family of programs that claims to scan for malware and displays fake warnings of "malicious programs and viruses". They then inform the user that they need to pay money to register the software in order to remove these non-existent threats. MSIL/Zeven also has the ability to mimic browser pages that indicate a particular website is blocked; the fake warning pages offer a "solution" for download; the "solution" is actually a copy of Rogue:MSIL/Zeven.

Windows Defender Antivirus detects and removes this threat. See the Win32/FakePAV description for more information.

 

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

 

To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:

 

• Microsoft Security Essentials
• Windows Defender
• Microsoft Safety Scanner

 

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Windows Defender detects and removes this threat.

This threat is a file that is used to download rogue security software programs that we detect as Win32/FakePav.

See the Win32/FakePAV description for more information.

Find out ways that malware can get on your PC.

Windows Defender detects and removes this threat.

This rogue security website pretends to scan your PC for malware, and often report lots of infections. It will say you have to pay for it before it can fully clean your PC.

However, it hasn't really detected any malware at all and isn't really an antivirus or antimalware scanner. It just looks like one so you'll send money to the people who made the rogue. The websites use product names or logos that unlawfully impersonate Microsoft products.

Even if you do pay, it won't do anything because your PC isn't actually infected with all that malware it "found".

Find out ways that malware can get on your PC.

Microsoft security software detects and removes this threat.

The threat is a VBScript component of Win32/Trapwot, used to install this rogue. Rogues pretend to be security software and might look and act like Windows Defender, but it's completely fake.

It uses names such as "Spyware Defender" or "System Defender".

It might have been downloaded onto your PC by another malware, or you might have been tricked into downloading it, thinking it was legitimate. 

You can read more about this family in the Win32/Trapwot description.

Find out ways that malware can get on your PC. 

Rogue:Win32/SpyAxeis a program that displays misleading warning messages to convince users to purchase a product that removes spyware. It might have a desktop icon that looks like the following:

Windows Defender Antivirus detects and removes this threat. See the Win32/FakeXPA description for more information.