Windows Defender 2010 FakeAv at the Top of this Morning’s List

The group behind “live-windowsantivirus. com” is having a very busy morning distributing Rogueware XP Internet Security 2010. We grabbed some snapshots for you of the current incarnation of the malware, since users appear to be falling for it in large numbers. The full window and the balloon popup stating “System Danger! Your system security is in danger” must be convincing…


Fake scan results are presented immediately…


As we have been presenting for the past several years, the user is tipped off that something is amiss when their software claims it is “unregistred”, see the window’s title bar.


Following the “Attention: DANGER!” message, the Windows user may attempt to open Internet Explorer. The FakeAv has modified the browser and instead pops up a window, claiming the system is infected with Trojan-BNK.Win32.Keylogger.gen, recommending activation of XP Internet Security 2010…


When the user attempts to activate the phony product, a purchase window for “Windows Defender 2010″ appears…


Running down the side of the page, they make fraudulent claims to have won awards from West Coast Labs and Virus Bulletin:


Entering personal information into the form POSTS the information to “live-windowsantivirus. com” (the domain is registered in Turkey, while the site is hosted in the US at 206.217.211 .243). We recommend you avoid entering any personal information and clean up the infection instead:


ThreatFire prevents it from running on users’ systems as “Trojan.FakeAv”.

This entry was posted in Malware Alerts. Bookmark the permalink.

13 Responses to Windows Defender 2010 FakeAv at the Top of this Morning’s List

  1. Bobby says:

    Yes I have some trouble with a hackers,but treatfire is excellent!

  2. Sam says:

    OMG! This malicious Trojan attacked my computer, infiltrating AVG anti-virus. Threatfire removed the Trojan quickly! I’m so grateful to you Threatfire!

  3. Carl B. says:

    ThreatFire has been protecting my windows xp and now I’ve installed it on my Vista notebook .
    I also have PC Tools Firewall Plus protecting my computers ….thank you for keeping me safe !

  4. Al says:

    PC Tools (T-Fire) is the best for average person just looking to protect their investment. THANKS!

  5. Cori says:

    My laptop was attacked by this virus and, although I was able with several programs to remove most instances, it had already managed to hide itself in my registry. After a nightmare week, during which I had to actually ship my laptop back to HP for repairs, during which they did less than nothing and returned my laptop in worse condition then when they got it, I was finally able to reinstall my OS and all of my needed programs.

    Happily I have now found Threatfire, so hopefully this type of attack is in my past. My boyfriend’s computer received a similar attack last night, so the first thing we are doing is to install Threatfire, and hopefully that will take care of the problem.

  6. MPC says:

    FYI – **Most** FakeAV programs like XP/Vista/Windows 7 Antivirus/Internet Security 2010 will NOT allow you to install an antivirus or malware removal program to remove the infection AFTER the infection has already gotten into your computer.

  7. Amber says:

    I got hit with this last month while browsing deviantART. My mom was able to get rid of it by stopping it from running at startup and doing a System Restore.
    If this thing’s coming from Turkey, it might be funding terrorism.

    • AMber ze gr8 says:

      if it comes from turkey it might be funding terorrism.. LOl well most terrorism is funded by US and it’s invasions.. am I funding trerrorism then when I am forced ot use that crappy sloppy windows OS then? ^^ lmao @ ignorant kids

  8. Linda says:

    My laptop was invaded and the result was that everytime I try to log on, it goes in a circle and closes. Has anyone else had this problem? Where did it come from?

  9. Linda says:

    Actually, it happened immediately after I looked at a game on Facebook.

  10. I’m always looking into stuff on information that I do not know about. It is tough to search things that you don’t know of, because what do you search for? ;) Your blog is the type of thing I love to read about regarding something new to me. Great post! Thanks.

  11. Bob says:

    I had this “XP Defender Unregistred Version” (sic) on one of my PCs for the last two days. It continually popped up warnings of infections, asking me to buy it. Malwarebytes and Spybot-SearchAndDestroy could not run; it disabled them. I tried downloading a fresh copy of Malwarebytes and copying it to the infected over my network, but it still would not run. I also tried something that had worked in the past: I mounted the C drive of the infected PC remotely on an uninfected PC, and scanned the infected C drive by running Malwarebytes on the uninfected PC. Malwarebytes found and deleted three trojan entries in the registry; but this did not cure the problem; I assume that the trojan was running, and immediately re-installed itself.

    Finally, the cure: following some advice on this forum, I used System Restore to roll back the PC. This worked at once.

    In future, there is one other desperate cure I may try: remove the infected hard disk, install it as a D: drive in an uninfected PC, and scan it.

  12. Alex says:

    HELP! I have that virus, As soon as I my AVG found it, I had the old reflex of pushing reset hoping that the virus will not install itself. Too late… Damage done! I can’t log on! I write the password, press enter and the computer start the process but stop it on the way and do a complet log off. So I can’t log on!!!

    I try safe mode, and did run AVG from there, It found it, but can’t do anything I’m in safe mode….

    I read on internet and downloaded different tools, burn a CD and try Safe mode with Command Prompt. No… it doesn’t let me log on!

    I try again standard Safe mode (without command prompt) and NOW, even Safe mode s doing an automatic log off…

    HELP… What shoud I do???… I need the data on my computer!!!!

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>