This family of rogue security programs pretend to scan your PC for malware, and often report lots of infections. The program will say you have to pay for it before it can fully clean your PC.

However, the program hasn't really detected any malware at all and isn't really an antivirus or antimalware scanner. It just looks like one so you'll send money to the people who made the program. Some of these programs use product names or logos that unlawfully impersonate Microsoft products.

Even if you do pay to "unlock" the app, it won't do anything because your PC isn't actually infected with all that malware it "found".

Different brands of the rogues may modify various settings on your computer, end or close programs or system services, or block access to websites.

We've seen the rogues use the following names: 

• Advanced Antispyware Solution
• Antimalware PC Safety
• Antivirus Smart Protection
• AV Security Essentials
• Best Antivirus Software
• Best Virus Protection
• Home Malware Cleaner
• Home Security Solutions
• Internet Security Guard
• Malware Protection Center
• Smart Anti-Malware Protection
• Strong Malware Defender
• System Protection Tools
• Total Anti Malware Protection

Windows Defender detects and removes this threat.

See the Win32/FakeVimes description for more information.

Find out ways that malware can get on your PC.

This threat has been renamed to Rogue:Win32/FakeVimes.

 

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

 

Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Windows Defender Antivirus detects and removes this threat.

 

This threat is a variant of the Win32/FakeVimes family. Programs in this family claim to scan your PC for malware and then show you fake warnings about malicious programs and viruses. They usually tell you to pay money to register the software and remove the fake malware.

 

You can read more about this type of threat on our rogue security software page.

TrojanDownloader:Win32/FakeVimes is a downloading component of Win32/FakeVimes - a family of programs that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.

 

Special Note:
Reports of Rogue Antivirus programs have been more prevalent as of late.  These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.  Some of these programs may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products. 

 

Use Microsoft Windows Defender, the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742), or another up-to-date scanning and removal tool to detect and remove these threats and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.