Wednesday March 31 2010
These are screenshots from a customer computer that was infected with this fake antivirus. This software is detected as Rogue.MultipleAV by MalwareBytes. This particular rogue disables the Windows Security Center and replaces it with a look-alike that pops up the Vista Defender registration box whenever any item is clicked.
Here is one of the many alerts that the program generates. There are others that pop up in Windows notification balloons as well.
This is what the main page of the Vista Defender fake av looks like. It reports many virus infections, and generates junk files in the reported locations to make the infections look realistic.
It will also pop up more intrusive alerts like this one that appear on top of all running applications.
Clicking 'Stay unprotected' pops up this screen.
Clicking 'Activate Vista Defender' or 'Yes, delete now' results in this screen being displayed.