Microsoft Antivirus Malware?

By khunter ·
I was working on a friend's PC who has what appears to be MAV loaded by accident. It keeps starting an initial scan and telling them to purchase the full package. I found a MAC directory under Program Files and deleted it. I may have to go to the registry and do some cleanup also.

Has anyone dealt with this issue previously? Suggestions?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Microsoft doesn't have an anti-virus product....

by ThumbsUp2 In reply to Microsoft Antivirus Malwa ...

So, if you've got something trying to scan that is calling itself Microsoft Antivirus and telling you that you need to purchase the full package, you've got some kind of hostageware/malware/trojan.

Without specific details though, we can't begin to tell you which one you've got. What does it say you need to buy?

Collapse -

Are you sure Thummy??

by w2ktechman In reply to Microsoft doesn't have an ...

Edited: Over a year ago I saw a black box from MS on a store shelf. It was called Microsoft Antivirus and Windows Defender. It was 'on sale' for $29, right between Symantec AV and McAfee.
So, at one point it was separate from Defender, and now it is a 'package deal'

Collapse -

Maybe it was at one time.....

by ThumbsUp2 In reply to Are you sure Thummy??

... I had forgotten about that one and it didn't last very long. But, if the shelf version is what got installed "accidentally", it wouldn't be requiring them to purchase the full package now. If they've downloaded a trial version of a legitimate program and it's expired or requiring them to purchase the full version to do anything with it, all they need to do is uninstall it, not just delete the folder.

Naaaaa.... I'd be willing to bet they've caught "the nasty".

Collapse -

I dont doubt it

by w2ktechman In reply to Maybe it was at one time. ...

that is why my second post mentioned it. Like the XP2008 or 2009 virus ('antivirus' malware package)

Collapse -

If you removed it from the

by w2ktechman In reply to Microsoft Antivirus Malwa ...

program files (uninstalled it), then it should have cleaned itself up a bit. If it is erroring still (trying to load), it was probably added to a startup group somewhere, in which case all you should need to do is uninstall it.

If it is actually not MS Antivirus, then it is likely spyware/malware or a virus (like XP AV08/09). If this is the case, it is probably better to pull out the toolkit and make sure it is removed completely!
You should use Antivirus, Antispyware, and more than 1 of each to scan the systenm (it will take a bit of time).
Good Hunting

Collapse -

Thanks to all

by khunter In reply to If you removed it from th ...

I'll do some more digging with various utilities and also a manual search of the registry. At least these folks are paying me for my time!

Collapse -

Sounds like a WinAntivirus variant

by applejosh In reply to Microsoft Antivirus Malwa ...

It sounds like a WinAntivirus variant of some variety. Depending on the variant, level of access the user had when the malware was installed (Local Admin, Power User, etc.), it can be difficult to remove. I'd check the registry "Run" keys and also the Winlogon\Notify key for traces of how's it's starting. And I've had some success using Trend Micro's housecall ( while running in Safe Mode with Networking.

Collapse -

If it's XP AV 08/09

by Kenone In reply to Microsoft Antivirus Malwa ...

Downloaded "Malwarebytes" and "SDFix"

Ran Malwarebytes - rebooted to "Safe" mode - used the same login (important) - ran SDFix


Worked for me, so far so good, may not work for everyone cause there are so many variants out there.

Collapse -

I cleaned that virus the same way as you

by Dumphrey In reply to If it's XP AV 08/09

but needed to run spybot and combo fix as well. I also ran ccleaner a few times after.

I had problems with it preventing malwarebytes installer from running and hijackthis, and combofix as well until each were renamed.

1) Adaware.
2) Malwarebytes
3) Combofix
4) SDfix (run in safe mode, it will reboot to normal to finish)
5) Spybot
6) Ccleaner.

Took some time, but I was also dealing with several other infections.

Collapse -

I haven't seen a single Virus

by Jacky Howe In reply to I cleaned that virus the ...

on its own for a few years now as there always seems to be a couple of others.

Not like the old days when you normally only had one to contend with.

Related Discussions

Related Forums