Aug 13, 2010 17:04 GMT  ·  By
Rogue Windows Malicious Software Remova Tool advertises fake antivirus
2 photos
   Rogue Windows Malicious Software Remova Tool advertises fake antivirus

A rogue application is currently imitating Microsoft's Windows Malicious Software Removal Tool (MSRT) in an attempt to trick users into buying a fake antivirus product.

According to reports, once installed on a computer the fake MSRT program displays a window mimicking the Windows update dialog box and makes it appear as if the "Malicious Software Removal Tool for Windows" is being installed.

The next screen shows a scan allegedly being performed by Microsoft's application and several infections being found.

The following window lists the names of several malware threats and displays a message according to which not all of them could be removed.

"The Removal Tool can't remove all malicious software shown in the scan results. Because malicious software is present on your computer you should use an antivirus product to scan for and remove all malicious software," the rogue program claims.

Users are then instructed to "Click 'Next' button to find recommended anti-virus software" and doing so will take them to a new screen that lists the names of several antivirus products.

Two of them, ESET NOD32 and Panda Antivirus, are legit antivirus applications, but according to the fake MSRT, these programs are not capable of removing the found malware.

The third listed product and the one recommended for purchase is called Shield EC Antivirus. In reality this is just another piece of scareware that does nothing more than to display fake messages and warnings.

The gang behind Shield EC Antivirus is already known for making significant efforts to pass their rogue application as legit and this new MSRT trick keep is line with that.

Last month the creators of Shield EC Antivirus abused a free press release distribution to put out a fake press release touting their product as a solution against the infamous ZeuS trojan.

This is not the first time when a rogue application imitates the Microsoft Windows Malicious Software Removal Tool. About a year ago we reported about a piece of scareware which also masqueraded as the Microsoft product.

Photo Gallery (2 Images)

Rogue Windows Malicious Software Remova Tool advertises fake antivirus
Fake Windows Malicious Software Removal Tool
Open gallery