There is a new set of rogue software out there that is causing a lot of problems. Here at Automated Results, we have seen numerous people fall victim to this rogue software over the last several days. This software is different than most because it has the ability to take on one of multiple names. Based on your Operating System, it can take on any of the names listed below:
| Windows XP Rogue Name | Windows Vista Rogue Name | Windows 7 Rogue Name |
| AntiSpyware XP | AntiSpyware Vista | AntiSpyware Win 7 |
| AntiSpyware XP 2010 | AntiSpyware Vista 2010 | AntiSpyware Win 7 2010 |
<><><> | Antivirus XP | Antivirus Vista | Antivirus Win 7 |
| Antivirus XP 2010 | Antivirus Vista 2010 | Antivirus Win 7 2010 |
| Total XP Security | Total Vista Security | Total Win 7 Security |
| XP AntiSpyware 2010 | Vista Guardian | Win 7 Antispyware 2010 |
| XP Antivirus Pro | Vista Security Tool | Win 7 Antivirus Pro |
| XP Guardian | Vista Security Tool 2010 | Win 7 Guardian |
| XP Security Tool | Vista Smart Security | Win 7 Security Tool |
| XP Security Tool 2010 | Vista Smart Security 2010 | Win 7 Security Tool 2010 |
| XP Smart Security | Vista AntiMalware | Win 7 Smart Security |
| XP Smart Security 2010 | Vista AntiMalware 2010 | Win 7 Smart Security 2010 |
| XP AntiMalware | Vista AntiSpyware | Win 7 AntiMalware |
| XP AntiMalware 2010 | Vista AntiSpyware 2010 | Win 7 AntiMalware 2010 |
| XP Antivirus Pro | Vista Antivirus Pro | Win 7 Antivirus Pro |
| XP Defender | Vista Defender | Win 7 Defender |
| XP Defender Pro | Vista Defender Pro | Win 7 Defender Pro |
| XP Security | Vista Security | Win 7 Security |
| XP Security 2010 | Vista Security 2010 | Win 7 Security 2010 |
| XP Internet Security | Vista Internet Security | Win 7 Internet Security |
| XP Internet Security 2010 | Vista Internet Security 2010 | Win 7 Internet Security 2010 |
Do not get this confused with Window Defender which is a licensed product of Microsoft. Verify the name of the software you have with the list above before continuing on to the removal steps. If you do not have this rogue software on your computer or are unsure please do not do the removal step, because if it involves registry edits, it could cause damage to your computer if you do not have this program.
This rogue software is a virus and is very nasty. It takes on many of the characteristics of a Microsoft program. As it installs, it looks similar to a window update and once it completes the installation, the user interface looks like an authentic Microsoft application. After installation the program looks as if it is doing a virus or spyware scan. This is a fake scan and it will reveal numerous fictious viruses and spyware. Once the fake scan is complete it will ask you to register the program which, at this point, it will ask for your credit card info to purchase the license for the program. DO NOT purchase this program, IT IS A SCAM. If you have purchased the program, contact the card company immediately and advise them of what has occurred. If you have become infected by this program, follow the steps below carefully to successfully remove the rogue software.
1. From another computer download the 3 following programs
a. http://download.bleepingcomputer.com/reg/antivirus-vista-2010/FixExe.reg
b. http://malwarebytes.org/mbam-download.php
c. http://fileforum.betanews.com/download/Spybot-Search-Destroy/1043809773/1
2. Place these 3 programs on a flash (thumb) drive
3. Insert the flash drive into the infected computer
4. Run the FixExe.reg from your flash drive.
5. Your computer will prompt you to confirm that you want to do the registry change. Click yes.
6. Next reboot your computer, during reboot hit your F8 button
7. At the boot menu select safe mode with networking
8. Install mbam-setup from your flash drive
9. Let Malwarebytes update and run a full system scan.
10. Let Malwarebytes fix any problems
11. Once the scan is complete install Spybot Search and Destroy
12. Update and run a full system scan.
13. Let Spybot Search and Destroy fix any problems
14. Reboot into normal mode
Your computer should now be free from this rogue software. If you need further help feel free to contact us here at Automated Results: (828) 862-6667.