Rogue:Win32/SpyAxeis a program that displays misleading warning messages to convince users to purchase a product that removes spyware. It might have a desktop icon that looks like the following:

Win32/SpyAxe is a program that displays misleading warning messages in order to convince users to purchase a product that removes spyware.

Windows Defender detects and removes this threat.

See the Win32/FakeVimes description for more information.

Find out ways that malware can get on your PC.

This family of rogue security programs pretend to scan your PC for malware, and often report lots of infections. The program will say you have to pay for it before it can fully clean your PC.

However, the program hasn't really detected any malware at all and isn't really an antivirus or antimalware scanner. It just looks like one so you'll send money to the people who made the program. Some of these programs use product names or logos that unlawfully impersonate Microsoft products.

Even if you do pay to "unlock" the app, it won't do anything because your PC isn't actually infected with all that malware it "found".

Different brands of the rogues may modify various settings on your computer, end or close programs or system services, or block access to websites.

We've seen the rogues use the following names: 

• Advanced Antispyware Solution
• Antimalware PC Safety
• Antivirus Smart Protection
• AV Security Essentials
• Best Antivirus Software
• Best Virus Protection
• Home Malware Cleaner
• Home Security Solutions
• Internet Security Guard
• Malware Protection Center
• Smart Anti-Malware Protection
• Strong Malware Defender
• System Protection Tools
• Total Anti Malware Protection

Virus:ALisp/Bursted.AD is a script virus written in AutoLisp for AutoCAD, a computer-aided drafting application. The virus infects other AutoLisp script files having a file extension ".lsp".

This program was detected by definitions prior to 1.159.567.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.

 

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

 

Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Trojan:MacOS_X/QHost.A is a malicious program that modifies the Hosts file to redirect specific websites to a predetermined IP address.

Virus:Win64/Sirefef.B is the 64-bit user-mode component of Win32/Sirefef - a multi-component family of malware that moderates your Internet experience by changing search results and generating pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing a payload.

Caution: Win32/Sirefef is a dangerous threat that uses advanced stealth techniques in order to hinder its detection and removal. If you are infected with Sirefef, we recommend you take the following steps to remove this threat from your computer:

Before you begin you will need:

- A computer that is not infected and is connected to the Internet. You will use this computer to download a copy of the Microsoft Safety Scanner
- A blank CD, DVD or USB drive. You will use this CD, DVD or USB drive to run the Scanner on your infected computer 

1. Download a copy of the Microsoft Safety Scanner from a clean, uninfected computer
2. Save a copy of the Scanner on a blank CD, DVD, or USB drive
3. Restart the infected computer
4. Insert the CD, DVD, or USB drive into your infected computer and run the Scanner
5. Let the Scanner clean your computer and remove any infections it finds

After running the Scanner, ensure that your antivirus product is up-to-date. You can update Microsoft security products by downloading the latest definitions at this link: Get the latest definitions.

As a consequence of being infected with this threat, you may need to repair and reconfigure some Windows security features. Please see Additional remediation steps in this entry for more information.

TrojanProxy:JS/Banker.AC is a JavaScript trojan that steals your personal information, such as your logon details, from certain Brazilian banking websites.

TrojanDownloader:Win32/Renos.CM is a variant of Win32/Renos, a family of trojan downloaders that automatically download unwanted software such as SpySheriff, SpyAxe, SpyFalcon, SpyDawn, SpywareStrike, and other similarly named programs. These programs typically present erroneous warnings claiming the system is infected with spyware and offer to remove the alleged spyware for a fee. In some cases, the programs may also cause system instability.

TrojanDownloader:Win32/Renos.CJ is a variant of Win32/Renos, a family of trojan downloaders that automatically download unwanted software such as SpySheriff, SpyAxe, SpyFalcon, SpyDawn, SpywareStrike, and other similarly named programs. These programs typically present erroneous warnings claiming the system is infected with spyware and offer to remove the alleged spyware for a fee. In some cases, the programs may also cause system instability.

Trojan:BAT/Ski.A is a batch file, which may arrive in the computer as a self-extracting RAR. It attempts to delete files, change the label of drive E:, and reassociate executable file extensions.

Windows Defender detects and removes this threat.

This virus family can give a malicious hacker access to your PC by opening a backdoor connection to an IRC server.

Find out ways that malware can get on your PC.

Windows Defender Antivirus detects and removes this threat. See the Win32/FakeXPA description for more information.

Windows Defender Antivirus detects and removes this threat. See the Win32/FakeXPA description for more information.

Windows Defender Antivirus detects and removes this threat. See the Win32/FakeXPA description for more information.

Windows Defender detects and removes this threat.

Win32/FakeXPA is a family of programs that claims to scan for malware and displays fake warnings of malicious programs and viruses. They then ask you to pay for and register the software to remove these fake threats from your PC. Some members of Win32/FakeXPA can also download other malware and have been observed in the wild downloading variants of Win32/Alureon.