If most of the rogue AV stock is made up of no-names such as Best Antivirus, Perfect Protector Plus and the likes, a specific strain of the pestering apps is spoofing the BitDefender brand.

Unlike a regular Rogue AV that only limits its malicious activity to continuously asking the user to buy the product, the abusively-called “BitDefender 2011” prevents any browser installed on the computer from starting, which blocks acess to any websites hosting legit antivirus solutions and removal tools.

Rogue AV - Main interface

Main interface of the rogue BitDefender 2011

Once installed on the system, the rogue BitDefender starts triggering a multitude of annoying popups and blocking access to the desktop from time to time until the user finally gives in and purchases the useless product. It also modifies a couple of registry entries associated to any browsers it finds installed on the system by setting the debug key to iexplorer.exe – ds in  HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options.

Popup warning

Pop-up warning message with a “curtain” drawn over the desktop

As you can probably tell, this is not a BitDefender product. Apart from the logo that the gang behind the rogue BitDefender 2011 abusively displayed in their creation, there is no similitude with the genuine BitDefender Antivirus Pro 2011 (screenshot below) or any other product released by BitDefender.

Genuine BitDefender AV Pro 2011

Genuine BitDefender Antivirus Pro 2011

If you have any doubts on the legitimacy of your BitDefender antivirus product, then bear in mind that the genuine BitDefender installers and executable files come digitally-signed, which certifies that they are our creations and that the kit hasn’t been tampered with in any way.

Publisher information

LEFT: Rogue BitDefender 2011 – No publisher info | RIGHT:  BitDefender AV Pro 2011 kit with a valid digital signature

This specific wave of counterfeit BitDefender products tries to piggyback on the popularity of an internationally-awarded line of antivirus software and comes right after last week’s announcement related to BitDefender ranking number one in the AV-Comparatives test. It is not the first time when cyber-criminals try to exploit the reputation of the BitDefender to boost users’ interest in running a forged application on their machines.

 If you already have a BitDefender antivirus installed on your system, then you need not to worry, as we have been detecting this threat with a heuristic signature. If you don’t have an antivirus installed and you got infected, we recommend that you run this free removal tool to clean up your system and restore your system’s integrity. After the removal tool has successfully repaired your computer, we advise you to install a fully-fledged security solution such as one of the products provided by BitDefender.

This free removal tool is available courtesy of BitDefender e-threat researcher Mihail Andronic.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.