Detect Fake Antivirus software & Spyware Removal programs

Ryan Dube 16-05-2009

virusEventually getting hit by a nasty computer virus, trojan or severe Adware infection is bound to happen. These problems strike both experienced as well as novice computer users, and the only indication that something is wrong might be that a strange ad window keeps automatically popping up whenever you’re browsing the Internet or your computer slows down to an annoying crawl.  Many people who are faced with these issues automatically turn to the Internet for either free or paid antivirus software. There have been many MUO articles covering various free antivirus or antispyware tools, such as review of Spyware Terminator. However, since so many people turn to the Internet when such a tragedy strikes, I wanted to take a moment to list some of the fake antivirus and spyware removals that you should stay away from or you’ll find your computer infected even worse.


How Does Fake Antivirus Software Work?

The irony of these fake removal software packages are that while they advertise and promote themselves as product that will help you remove malicious software from your computer, the moment you download and install it, you’ve just been infected by one of the worst trojans you could have on your computer. The moment it’s installed, you start getting pop-up windows that say you’re horribly infected and to click on a particular link so you can download the full version of the antivirus software to thoroughly clean your computer. Another version presents itself as a legitimate antivirus software and fakes a “full system scan,” which results in a long list of horrible viruses and other assorted nasty-looking infections. However, when you click on “remove,” you’re informed that you only have the trial version and that you need to buy the full version to remove the viruses. Few people realize that the scan results themselves are fake.

The Top Antivirus and Spyware Removals to Avoid Like the Plague

At the end of 2008, ComputerWorld reported on how the latest version of Microsoft’s Malicious Software Removal Tool (MSRT) discovered and removed “Antivirus 2009,” from a reported 394,000 PCs in just the initial nine days after it was released. What this reveals is that the scammers who write this fake software are successfully taking advantage of the fear computer users have regarding computer infections, and also their lack of computer knowledge. Thousands of people click on the link to download fake antivirus software and essentially voluntarily infect their computer with a trojan.

1. The Infamous Antivirus 2009


These days, Antivirus 2009 (and Antivirus 10 or Antivirus 360) is so well-known as malware that you most likely will not find the scammers using legitimate websites to promote the product using its actual name, instead scammers are resorting to setting up sites to help people remove Antivirus 2009. If the user clicks on the link, and downloads and installs the software, they’ll find themselves infected with the malicious software.


“Removing” the viruses from your computer entails signing up (and paying for) a full version of the software. If you fall for this particular trap, all you end up with is a charge on your credit card and bogus software. Fortunately, there are now a plethora of websites throughout the net that tell people how to remove this particular trojan. Unfortunately, there are also a variety of websites that the scammers are producing, that portray themselves as an “Antivirus 2009 removal tool,” while they simply install and run the same sort of bogus software. How do you tell the difference between a legit site and a bogus one?  Check out listing number 7 on Aibek’s list of essential security downloads 7 Essential Security Downloads You MUST Have Installed Read More . The Web of Trust is a great tool to identify dangerous fake antivirus sites.

2. Conficker Worm Installs Spyware Protect 2009


Do you remember the recent Conficker worm fiasco that had IT folks around the country scrambling to patch PCs before they could get infected? Well, an April 10th, 2009 article on CNET reports that investigators finally have a clue behind the motives of the Conficker worm creators. Apparently the motive is to make money using fake antivirus software and they attempted to do so by having the Conficker worm install antivirus software called Spyware Protect 2009 on target computers.


The technique used is essentially the same as the other fake antivirus applications. The software provides users with a list of nasty infections that their computer allegedly has, and the only way to remove them is by visiting the website and submitting your credit card information in order to buy the full version. Apparently the whole point of the Conficker worm was yet another fake antivirus scam. Obviously, if your computer ever displays the window above, you’re likely infected with the Conficker worm.

3. PC AntiSpy Returns Fake Spyware Results


Another application that returns bogus results, listing some of the worst known spyware applications as infecting your computer is PC AntiSpy, a bogus spyware-fighting application that is nothing of the sort. Instead of helping you keep your computer clean, this application uses scare tactics to get users to click on a link to pay for a version of PC AntiSpy that can remove the nasty Spyware that supposedly exists on the computer.


As you can see, some of these software packages appear pretty authoritative and legit. Unfortunately the only real functionality they have is acting as a trojan. Like many other fake applications like this one, a multitude of helpful websites and forums post instructions on how to remove it. Scammers are becoming sneakier — they too start their own “how to” web page in order to target people who are already infected and looking for help.

4. WinDefender – The Copycat Class of Fake Antivirus and Spyware Removals


Another significant group of antivirus applications are those that attempt to copy the names of legitimate, well known applications. For example, SpyWareBot and TheSpyBot both attempt to copy SpyBot Search and Destroy. These applications depend upon computer users who aren’t technically savvy and aren’t sure exactly what the legitimate software is called. Another example of this is WinDefender, which attempts to copy Windows Defender.


The success of these applications comes from the fact that so many people are, in fact, fooled by the similarity of the application names to legitimate antivirus software. The most important rule of thumb to follow when you’re looking for good antivirus or anti-spyware software is to only shop at websites that you know are reputable. Whenever an antivirus ad automatically pops up unexpectedly on your computer screen, under no circumstances should you ever click the link to “run a scan.”

Final Words – Use Caution and Common Sense

Nothing says that you need to use only Norton or Symantec for your antivirus needs, but if you’re going to branch out and try other software companies, it’s important that you understand the legitimacy and integrity of that company.  The examples above are only four of the hundreds of fake antivirus and anti-spyware applications out there – and their names change just as fast as people can figure out that they’re fake. If you need some advice for legitimate antivirus software, check out Aibek’s 2008 poll where MUO users chose the best antivirus software available.

Have you ever been infected by any fake antivirus trojans? Which one was it, and how hard was it to clean it off your computer? Share your experiences in the comments section below.

Related topics: Anti-Malware, Scams.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Reva
    November 30, 2017 at 12:26 am

    Is actually always easy carry out and conserve you your cash flow.

    What is it possible to do to decrapify larger PC?
    Obviously the one you have didn't work and has probably been disabled from the virus infectivity.

    remove windows update (
    Is actually always easy carry out and conserve you your
    cash flow. What is it possible to do to decrapify larger PC?
    Obviously the one you have didn't work and has probably been disabled from the virus infectivity.

  2. RobTodd
    February 3, 2010 at 5:42 pm

    I've found that combofix will remove these and other nasty infections 99% of the time. Just be carefull where you get combofix from, as there are fakes for it. most reliable is

  3. Denis
    December 30, 2009 at 12:31 pm

    Trying any of your defences like your legit AV, Malwarebytes and hijackthis will result in the trojan telling you that these programs are infected too. If so, disconnect your internet connection and then ctrl/alt/delete to stop the process in your task manager. you can then run malwarebytes to remove the nasty 'orrid. clean up with your own AV, run hijackthis and restart your computer. reconnect the internet. I used this method to remove Antivirus 2009 from my PC tonight.

  4. Doug
    October 23, 2009 at 6:34 pm

    I've worked on several computers for friends recently that have been infected; they appear to have been triggered by a program that looks like Windows Defender, but they didn't have any toolbar that could minimize or close the window, so they only had the option to click download or install. I've seen something like this on my computer, and the only way to get past it is the 3 finger salute (Ctrl, Alt, Del) and close the application.

    They seem to have a commonality of turning off updates to your OS, Windows firewall, and antivirus or spam software. Some programs (Avast, AVG, and Spybot) couldn't even be opened to run.

    Like other posters, the only way that I could get rid of it was with Malwarebytes, but it would only do this in Safe Mode.

    Nasty people who propagate this stuff.

    Thanks to the above posters and the author for helping us stay as clean as possible.

  5. Iman Diaz
    September 14, 2009 at 11:14 pm

    What I have found EXTREMELY effective against fake security software is MalwareBytes Anti-Malware... So far to date it does the trick every time. What I love about it is that it has real time protection which many apps do but not very well...

  6. Bryan
    September 3, 2009 at 11:22 am

    Just wanted to say Thanks for the Info. I'll be teaching a class next week on Internet Threats and wanted to have examples of Fake Antivirus / Anti Spyware problems as a potential threat as well. This is perfect for what I needed. Appreciate you taking the time to help people be informed.


  7. hemsteinmay81
    August 18, 2009 at 8:07 am

    I got Cyberdefender antivirus software and liked the free scanner and spyware remover. I bought the upgrade and it really has saved my computer because it has blocked a bunch of virus attacks I got from various websites.

    I found out that they are a NASDAQ company, which means there is some accountability and that they sell a valid product. I will try the registry cleaner, since I had such a positive experience from Cyberdefender anti-virus.

  8. clinton oreb
    June 13, 2009 at 7:01 am

    i got the pav virus from facebook

  9. Gerry - Small Laptop Computers
    May 17, 2009 at 11:00 am

    Thanks for the very useful information. It is tempting to try some of the so called "free offers" that are out here that sound too good to be true. One tip that I use is to always do a Google search on the name of the product in question using a search " product name + trojan" which will usually bring up information on the viability of the product.

  10. ItsFakeDude
    May 16, 2009 at 7:06 pm

    Today I just removed some fake antivirus for a client called "Personal Antivirus". The interface for it looked exactly like the popular free program AVG.

    • School Computer
      May 25, 2009 at 9:01 am

      Out of interest, how did you remove it? I work in a school and one of the computers has been infected and every time I try to change website onto something else(for example this website) from that computer, it reverts to a website called '' or something similar. Also, being a school computer, it isnt possible to access task manager or add/remove programs on XP. Is it possible to download a removal program and install it through a usb stick? Any info would be very useful, thank you

    • Neil
      June 3, 2009 at 10:49 pm

      I removed PAV using " Malwarebytes anti-malware " free edition. It did a great job of removing all traces of this nasty rogue antivirus.

      • Ryan Dube
        June 4, 2009 at 4:06 am

        Yeah, Malwarebytes does a great job removing a lot of these fake antivirus programs.

  11. Cheezwhiz
    May 16, 2009 at 6:38 pm

    I remember Antivirus 2008! I was cleaning out my older sister's computer because she bought a new laptop and I was going to inherit her desktop. Antivirus 2008 told me I had 49 infections, and I got so mad when it kept reappearing after I supposedly uninstalled it. And I was even madder when it told me I had to register, because I can't stand using paid software. It didn't go away until I ran a bunch of scans with my trusted AVG. After that, I settled down to get rid of Purityscan. Now that I think about it, I should probably give my sister a lesson about computer care -- she's on her third laptop since the first had a defective part and the second just broke down.