Fake anti-viruses always ring twice

Although they

 As more and more users have become accustomed to the usual look of rogue or fake anti-viruses, cybercriminals thought that it would be a good idea to tweak the style of their progenies a bit. One of the latest new entries, which my colleagues in the labs “grabbed” these days, purports to pertain to none other than the Microsoft® defensive suite, as you can see in the image below.

Microsot Security Essentials alert FakeAv

Primary fake alert

Trojan.FakeAV.LHS attempts to dupe the user into installing it as a legitimate application. Once onto the unprotected machine, it creates and launches its clone from the current user’s Application Data folder and deletes the initial file that infected the computer. Moreover, it scrounges the registry settings under HKCUSoftwareMicrosoftWindows NTWinlogonShell, in order to be launched before the explorer.exe process.

Additionally, FakeAV.LHS mimics a system scan and issues multiple annoying warnings about a gazillion of imaginary infections and other e-threats, while also requiring the gullible user to install a so-called “Windows Optimization Center" for maintenance and disinfection purposes, as depicted in the following screenshot.

Microsot  FakeAv

Secondary fake alert

Windows Optimization Center Fake Antivirus

FakeAV.LHS unleashing the annoying “optimization center”

After the installation of the malicious center, the rogue continuously bugs the user to purchase a so-called license that will complete the disinfection process. To be even more credible, the Trojan kills any process/application that the user launches/opens, reminding him or her to buy that useless license.

Windows FakeAv

Inciting warning to throw money out the bogus anti-virus’ window

To make sure that you are not the victim of this kind of e-threats and that you are actually protecting your system and data, install a reliable (please do read “real”) and certified anti-malware suite, such as those provided by BitDefender.

Safe surfing everybody!

This article is based on the technical information provided courtesy of Mihail Andronic and Craciun Vlad, BitDefender Online Threats Researchers.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples, messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.