Internet Antivirus Pro Tackled by Microsoft Malicious Software Removal Tool

Concomitantly with the June 2009 Microsoft security bulletin releases, the Redmond company has also refreshed the Windows Malicious Software Removal Tool. This month's update to the Malicious Software Removal Tool involves the addition of yet another rogue antivirus. The software giant's free security solution is now capable of tackling Internet Antivirus Pro. The moniker is just one used by a facility of malicious software labeled Win32/InternetAntivirus by Microsoft. Additional labels used by the rogue antivirus are General Antivirus and Personal Antivirus.

“Win32/InternetAntivirus follows the familiar path of fake online scanner leading to the rogue downloader, which in turn installs the rogue itself,” revealed Microsoft's Hamish O'Dea. “This rogue downloader that these pages want you to run also downloads a password stealer called TrojanSpy:Win32/Chadem. Win32/Chadem tries to grab FTP usernames and passwords that the rogue creators can then use to compromise servers in order to host more malware. They use new domain names every day, often registering multiple names at a time, like scanfan4.info, star4scan.info and scanstar4.info.”

Rogue antiviruses are pieces of malicious software that masquerade as security products. The fake security solutions are designed to detect inexistent threats and to scare end users into paying for licenses with the promise that their machines will be cleaned by a fully licensed product. This is why rogue antiviruses are also referred to as scareware, and of course that none of these products possess even the most basic antivirus capabilities.

“Win32/InternetAntivirus also installs a component to display messages in your browser, similar to the combination of Win32/FakeXPA and Win32/Yektel. And it displays a bogus Windows Security Center, which reports that Internet Antivirus Pro is "unable" (sic),” O'Dea added. “This is all pretty normal rogue behaviour these days. As always, only use security software that has been tested by a trusted third party.”

The Windows Malicious Software Removal Tool is available for download here.