Fake MSE

Be aware, there is a new malware/scareware/rouge-antivirus/whatever you want to call it. It is disguising itself as Microsoft Security Essentials. We have come across rouge antivirus software before that have been convincingly disguised as a legitimate Microsoft product, but this one is impressively accurate. 

If you didn’t go to the official Microsoft Security Essentials website and explicitly download MSE to install on your computer, and you see this screen, it means that you have been infected with a rouge antivirus software. This one is particularly convincing, and if you are infected, you won’t be able to run any programs. This rouge antivirus takes over the computer much like Vundo, in fact, it may be a variation of vundo. In this particular case you will notice that it is showing a QuickBooks .exe as infected, and there was no program entry in the Add/Remove Programs.

This is the official MSE URL

In order to install Microsoft Security Essentials, you need to go to http://www.microsoft.com/security_essentials/.

Removing this infection may take several steps including a combination of booting to safe-mode and running scans with these programs.

It is relatively safe for anyone to run scans with Malwarebytes and SUPERAntiSpyware. However, if your computer is infected to the point where you need to run something like Combofix, I highly recommend that you either very carefully and thoroughly read the instructions provided on bleepingcomputer, or take your computer to a professional to have the infection removed. CCleaner is just a utility to clean out temporary files to help the scans complete a little faster. CCleaner alone will not remove any infection.

Each type of infection is unique, and the information provided above is not an absolute solution or guide to removing an malware/rouge antivirus infection. If you are not sure if or how your computer is infected, you should have a professional diagnose your computer. If handled incorrectly, your computer could suffer catastrophic data loss.

This isn’t meant to scare you, it is just a reminder to be careful, and to not take everything on the Internet at face value. Any information provided on the Internet (just like this blog) should be taken as one person’s (or group’s) opinion, and you should do your due diligence, to verify the information.