My Security Wall is a rogue from the same family as Virus Doctor. This rogue is promoted through the use of Trojans and fake online anti-malware scanners. When installed My Security Wall will be configured to start automatically when you log into Windows. The installer will also create numerous fake malware files that will be detected as malware when the program scans your computer. The list of fake malware files that it installs is:

%UserProfile%\Recent\ANTIGEN.drv
%UserProfile%\Recent\ANTIGEN.exe
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\gid.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddlkey.dll
%UserProfile%\Recent\std.exe
%UserProfile%\Recent\tjd.drv
%UserProfile%\Recent\tjd.sys

When My Security Wall scans your computer it will find the above files and state that they are infections. It will not, though, allow you to remove any of them until you first purchase the program. In reality, the above files are harmless and can cause no harm to your computer. They are only being created in order to validate the scan results. As these infections are fake, please do not purchase the program based upon anything that this program displays.

While the program is running it will also display numerous security alerts and warnings on your desktop. These alerts will state that your computer is under attack, sending SPAM, or that your personal data is at risk. Some of the alerts that you may see are:

An unauthorized program has been prevented from accessing your PC remotely. #Port:433 from 92.11.127.10
An unauthorized software C:\Program Files\Internet Explorer\Iexplore.exe which is potentially malicious and able to modify system files has been prevented from being installed on your PC.

My Security Wall has detected potentially harmful software in your system. It is strongly recommended that you register My Security Wall to remove all found threats immediately.

Potentially harmful programs have been detected in your system and need to be dealt with immediately. Click here to remove them using My Security Wall.
Your PC may still be infected with dangerous viruses. My Security Wall protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.

Suspicious software which may be malicious has been detected on your PC. Click here to remove this threat immediately using My Security Wall.
Click here to remove all potentially harmful programs found immediately using My Security Wall.

Malicious applications, which may contain Trojans, were found on your computer and are to be removed immediately. Click here to remove these potentially harmful items using My Security Wall.
No real-time malware, spyware and virus protection was found. Click here to activate.

Just like the scan results, these fake warnings should be ignored as they are just another attempt to make you think your computer has a security problem. This infection will also hijack your web browser's default search engine and set it to findgala.com. Last, but not least, this infection will add entries to your HOSTS file so that when you visit certain sites such as Google or Bing, you will be redirected to a site under the control of the malware developers.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges. Finally, please use the guide below to remove this infection and any related malware for free.

Security Antivirus is a rogue from the same family as Virus Doctor. This rogue is promoted through the use of Trojans and fake online anti-malware scanners. When installed Security Antivirus will be configured to start automatically when you log into Windows. The installer will also create numerous fake malware files that will be detected as malware when the program scans your computer. The list of fake malware files that it installs is:

%UserProfile%\Recent\ANTIGEN.drv
%UserProfile%\Recent\ANTIGEN.exe
%UserProfile%\Recent\cid.dll
%UserProfile%\Recent\CLSV.drv
%UserProfile%\Recent\DBOLE.sys
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\FS.drv
%UserProfile%\Recent\gid.drv
%UserProfile%\Recent\PE.drv
%UserProfile%\Recent\PE.exe
%UserProfile%\Recent\PE.sys
%UserProfile%\Recent\PE.tmp
%UserProfile%\Recent\runddlkey.dll
%UserProfile%\Recent\std.exe
%UserProfile%\Recent\tjd.drv
%UserProfile%\Recent\tjd.sys

When Security Antivirus scans your computer it will find the above files and state that they are infections. It will not, though, allow you to remove any of them until you first purchase the program. In reality, the above files are harmless and can cause no harm to your computer. They are only being created in order to validate the scan results. As these infections are fake, please do not purchase the program based upon anything that this program displays.

While the program is running it will also display numerous security alerts and warnings on your desktop. These alerts will state that your computer is under attack, sending SPAM, or that your personal data is at risk. Some of the alerts that you may see are:

An unauthorized program has been prevented from accessing your PC remotely. #Port:433 from 92.11.127.10
An unauthorized software C:\Program Files\Internet Explorer\Iexplore.exe which is potentially malicious and able to modify system files has been prevented from being installed on your PC.

Security Antivirus has detected potentially harmful software in your system. It is strongly recommended that you register Security Antivirus to remove all found threats immediately.

Potentially harmful programs have been detected in your system and need to be dealt with immediately. Click here to remove them using Security Antivirus.
Your PC may still be infected with dangerous viruses. Security Antivirus protection is needed to prevent data loss and avoid theft of your personal data and credit card details. Click here to activate protection.

Suspicious software which may be malicious has been detected on your PC. Click here to remove this threat immediately using Security Antivirus.
Click here to remove all potentially harmful programs found immediately using Security Antivirus.

Malicious applications, which may contain Trojans, were found on your computer and are to be removed immediately. Click here to remove these potentially harmful items using Security Antivirus.
No real-time malware, spyware and virus protection was found. Click here to activate.

Just like the scan results, these fake warnings should be ignored as they are just another attempt to make you think your computer has a security problem. This infection will also hijack your web browser's default search engine and set it to findgala.com. Last, but not least, this infection will add entries to your HOSTS file so that when you visit certain sites such as Google or Bing, you will be redirected to a site under the control of the malware developers.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges. Finally, please use the guide below to remove this infection and any related malware for free.

SecurePcAv is a rogue anti-spyware program from the Wini family of malware. This rogue is promoted and installed through the use of Trojans that pretend to be programs necessary to view certain online videos. When you download and install this Trojan it will install the rogue and configure it to start automatically when your computer starts. This same Trojan will also create fake malware files on your computer with random filenames that are then detected as viruses when SecurePcAv scans your computer. The program, though, will state that it will not remove these files until you first purchase it. This is obviously a scam as the program is only detecting the files it created in the first place. In reality, these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.

Please note, some variants of Wini rogues have been bundling a rootkit infection called TDL3. Therefore, though MalwareByte's may remove the rogue infection, you may still have problems with pop-ups or redirections when you click on search engine results. If this type of behavior is occurring on your computer, then you may have this infection and should follow the steps in the Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools topic.

The Trojan that installed SecurePcAv will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The current text of one of the alerts is:

German Alert:
Spzprogramm Warnzeichen!
Ihr Computer ist mit Spionprogramm infektioniert. Das kann Ihren Dateien und die im Internet zugänglich machen. Klicken bitte hier, um Ihre Kopie von SecurePcAv zu registrieren und Ihr PC von Spyprogramm frei zu machen.

English Alert:
Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of SecurePcAv and remove spyware threats from your PC.

French Alert:
Spyware Alerte!
Votre ordinateur est infecté de spyware. Il pourrait endommager vos fichiers critiques ou exposer vos données prives sur 'Internet. Cliquez ici pour enregistrer votre copie de SecurePcAv et enléver des menaces spyware de votre OP.

Italian Alert:
Spyware miniaccia!
Il suo computer è infetto di spyware. Puo dannegiare i suoi files criticali rivelare i suoi dati personali nell'Internet. Clicca qui per registrare la sua coppia di SecurePcAv e rimouvere le minacce di spyware dal suo computer.

The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase SecurePcAv to protect yourself. SecurePcAv will also hijack Internet Explorer so that it randomly displays a security warning when you browse the web. This security warning will state that the site you are visiting is infected or malicious and that you should purchase SecurePcAv to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges. Finally, please use the guide below to remove this infection and any related malware for free.

Advanced Defender is a rogue anti-spyware program from the same family as Personal Protector. This rogue is distributed through malware that will install the program onto your computer without your permission or knowledge. While being installed this program will also create fake and harmless malware files on your computer that will be detected by Advanced Defender when it scans your computer. The files it creates are:

c:\WINDOWS\certofsystem.exe
c:\WINDOWS\explorers.exe
c:\WINDOWS\microsoftdefend.dll
c:\WINDOWS\regp.exe
c:\WINDOWS\secureit.com
c:\WINDOWS\spoos.exe
c:\WINDOWS\system32\winscent.exe

Once installed, Advanced Defender will hide your desktop icons and then start scanning your computer for infections. When done it will list a variety of infections, including the fake ones above, but will not allow you to remove them until you first purchase the program. Many of the infections it states, though, are legitimate programs that if deleted would affect the proper operation of your computer. Therefore, please do not manually delete any of the files on your computer that it states are infections.

As a method to protect itself, Advanced Defender will terminate almost any executable that you run while stating that the file is an infection. It does this to stop legitimate anti-malware programs from removing it. When an executable is launched it will display a message that contains the following text:

Cmd.exe is infected with worm Lsas.Blaster.Keyloger. This worm is trying to send your credit card details using to connect to remote host.

Do not worry, though, your executables are not infected. This is just another fake alert of the program.

While the program is running you will also see fake security alerts stating that your computer is under attack or that malware has been detected that can steal your personal information. An example of one of these alerts is:

Attention! System detected a potential hazard on your computer that may infect executable files. Your private information and PC safety is at risk.
To get rid of unwanted spyware and keep your computer safe you need to update your Current security software.
Click Yes to download official intrusion detection system (IDS software)

Just like the scan results and fake infection messages, these security warnings are just another trick by Advanced Defender to make you think you are infected.

As you can see, Advanced Defender was created for one purpose; to scare you into thinking your computer has a security problem so that you will then purchase the program. It goes without saying that you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges. Finally, please use the guide below to remove this infection and any related malware for free.

Paladin Antivirus is a rogue anti-spyware program from the same family as Malware Defense. This rogue is installed and promoted through the use of Trojans that will install it on to your computer without your permission. Once installed, it will scan through the list of programs installed on your computer, and if it finds certain legitimate anti-malware programs, will prompt you to uninstall them. Some of the programs that it will attempt to remove are:

• F-Secure
• Malwarebytes' Anti-Malware
• NOD32
• Agnitum Outpost Security Suite
• Avira AntiVir
• avast!
• AntiVir
• AVG8
• Norton Internet Security

When installed, Paladin Antivirus will be configured to start automatically when your computer loads. Once started, it will scan your computer and detect numerous infections. These infections, though, are all fake or legitimate programs that should not be deleted. Therefore, please do not act upon any of the scan results that this program may show.

While Paladin Antivirus is running it will also display numerous security alerts on your desktop. These alerts will state that the program you are running is infected or that your computer is being attacked. Some of the messages you may see are:

Network Intrusion Detected!
Your computer is being attacked from a remote PC.
Process is trying to steal your passwords listed below. It is highly recommended to block this threat now.
You are using a trial version.
It is recommended to purchase a commercial version.

Adware module detected on your PC!
Zlob.Porn.Ad adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now.

Just like the scan results, these security alerts are all fake and should be ignored.

Without a doubt, Paladin Antivirus was designed to scare you into thinking that you are infected so that you will then purchase the program. If you have already purchased the program, then please contact your credit card company and dispute the charges. Finally, please use the guide below to remove Paladin Antivirus and any related malware for free.

SafePcAv is a rogue anti-spyware program from the Wini family of malware. This rogue is promoted and installed through the use of Trojans that pretend to be programs necessary to view certain online videos. When you download and install this Trojan it will install the rogue and configure it to start automatically when your computer starts. This same Trojan will also create fake malware files on your computer with random filenames that are then detected as viruses when SafePcAv scans your computer. The program, though, will state that it will not remove these files until you first purchase it. This is obviously a scam as the program is only detecting the files it created in the first place. In reality, these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.

Please note, the WiniSoft family of rogues have been incorporating TDL3 into their installers. This is a rootkit infection that is known to redirect Google search links to page thats you did not request. If you have this rogue installed on your computer and your search results are being redirected in Google then you may have this infection and should follow the steps in the Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools topic in order to receive help in removing the TDL3 infection.

The Trojan that installed SafePcAv will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The current text of one of the alerts is:

German Alert:
Spzprogramm Warnzeichen!
Ihr Computer ist mit Spionprogramm infektioniert. Das kann Ihren Dateien und die im Internet zugänglich machen. Klicken bitte hier, um Ihre Kopie von SafePcAv zu registrieren und Ihr PC von Spyprogramm frei zu machen.

English Alert:
Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of SafePcAv and remove spyware threats from your PC.

French Alert:
Spyware Alerte!
Votre ordinateur est infecté de spyware. Il pourrait endommager vos fichiers critiques ou exposer vos données prives sur 'Internet. Cliquez ici pour enregistrer votre copie de SafePcAv et enléver des menaces spyware de votre OP.

Italian Alert:
Spyware miniaccia!
Il suo computer è infetto di spyware. Puo dannegiare i suoi files criticali rivelare i suoi dati personali nell'Internet. Clicca qui per registrare la sua coppia di SafePcAv e rimouvere le minacce di spyware dal suo computer.

The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase SafePcAv to protect yourself. SafePcAv will also hijack Internet Explorer so that it randomly displays a security warning when you browse the web. This security warning will state that the site you are visiting is infected or malicious and that you should purchase SafePcAv to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges. Finally, please use the guide below to remove this infection and any related malware for free.

Your PC Protector is a rogue anti-spyware program that uses aggressive techniques to stop your from removing it from your computer. This malware is installed via Trojans that install it on to your computer without permission. Once installed the rogue will attempt to stop you from running any executable programs and will display an alert when you run them stating that the program is infected. It will also automatically restart itself via a Windows service every time you shut down the process, so you will need to shutdown both the service and the rogue process to stop it from being restarted.

Once running, Your PC Protector will scan your computer and state that there are numerous infections on it. It will not, though, allow you to remove any infections until you first purchase the program. As these scan results are all fake, please do not purchase the program as you will not get any benefit from it.

While the rogue is running you will also see fake security warnings appear on your desktop. These warnings will state that your computer is infected, that malicious programs have been found running on your computer, or that you are under attack. The Trojan that installed Your PC Protector will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The text of one of these alerts is:

Security Warning
There are critical system files on your computer that were modified by malicious program. It will cause unstable work of your system and permanent data loss. Click here to undo performed modifications and remove malicious software. (Highly Recommended)

Just like the scan results, these fake security warnings are all fake and should be ignored.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges. Finally, please use the guide below to remove this infection and any related malware for free.

GuardWWW is a rogue anti-spyware program from the Wini family of malware. This rogue is promoted and installed through the use of Trojans that pretend to be programs necessary to view certain online videos. When you download and install this Trojan it will install the rogue and configure it to start automatically when your computer starts. This same Trojan will also create fake malware files on your computer with random filenames that are then detected as viruses when GuardWWW scans your computer. The program, though, will state that it will not remove these files until you first purchase it. This is obviously a scam as the program is only detecting the files it created in the first place. In reality, these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.

Please note, some variants of Wini rogues have been bundling a rootkit infection called TDL3. Therefore, though MalwareByte's may remove the rogue infection, you may still have problems with pop-ups or redirections when you click on search engine results. If this type of behavior is occurring on your computer, then you may have this infection and should follow the steps in the Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools topic.

The Trojan that installed GuardWWW will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The current text of one of the alerts is:

German Alert:
Spzprogramm Warnzeichen!
Ihr Computer ist mit Spionprogramm infektioniert. Das kann Ihren Dateien und die im Internet zugänglich machen. Klicken bitte hier, um Ihre Kopie von GuardWWW zu registrieren und Ihr PC von Spyprogramm frei zu machen.

English Alert:
Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of GuardWWW and remove spyware threats from your PC.

French Alert:
Spyware Alerte!
Votre ordinateur est infecté de spyware. Il pourrait endommager vos fichiers critiques ou exposer vos données prives sur 'Internet. Cliquez ici pour enregistrer votre copie de GuardWWW et enléver des menaces spyware de votre OP.

Italian Alert:
Spyware miniaccia!
Il suo computer è infetto di spyware. Puo dannegiare i suoi files criticali rivelare i suoi dati personali nell'Internet. Clicca qui per registrare la sua coppia di GuardWWW e rimouvere le minacce di spyware dal suo computer.

The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase GuardWWW to protect yourself. GuardWWW will also hijack Internet Explorer so that it randomly displays a security warning when you browse the web. This security warning will state that the site you are visiting is infected or malicious and that you should purchase GuardWWW to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.

As you can see, you should not purchase this program regardless of what it may state. If you have already purchased the program, then please contact your credit card company and dispute the charges. Finally, please use the guide below to remove this infection and any related malware for free.

Antimalware Defender is a rogue anti-spyware program that is installed through the use of Trojans that pretend to be security updates for Windows. When this Trojan is executed it will show a window that looks like legitimate Windows update, but is instead the installer for the Antimalware Defender rogue. The text of this installer states the following:

Antimalware security update for Windows XP (KB961118)
Size: 433KB
This critical update will install System Security Update 2010.01.023 (Antimalware Defender Upgrade; KB648759)

It will then prompt you to install the so-called update. Once installed, it will launch Antimalware Defender, which will perform a scan of your computer. When it has finished it will state that your computer is infected with a variety of malware. If you attempt to remove these infections, though, it will state that you must first purchase it before it will allow you to do so. This is a scam because the infections it displays are either legitimate programs or do not exist at all on your computer. Therefore, please do not manually delete any of the files it shows or purchase this program thinking that it will help you.

If you have been infected with Antimalware Defender, then please do not purchase it. If you have already purchased it then we suggest you contact your credit card company and dispute the charges stating that it is a scam. Finally, to remove Antimalware Defender please use the removal guide below to remove it for free.

Antivirus Soft is a rogue anti-spyware and ransomware program from the same family as Antivirus Live. These infections are installed on to your computer through the use of malware that installs the program onto your computer without your permission or knowledge. It is also common for this rogue to be installed on your computer through the use of malicious PDF files that exploit known vulnerabilities in older versions of Adobe Reader. Once installed, Antivirus Soft will be configured to start automatically when Windows starts. Once running it will scan your computer and display numerous infections, but will state it will not remove them until you purchase the program. In reality, the infected files it detects are all fake and do not actually exist on your computer.

This program also uses aggressive techniques to protect itself from being removed by anti-malware programs. When the Antivirus Soft process is running it will close almost any running program while falsely stating that they are infected. Antivirus Soft will also change the Proxy settings in Internet Explorer so that you cannot browse to any web site other than the site for Antivirus Soft so that you can purchase the program. It does this so that you cannot browse the web to find removal guides or download software that will help you remove the infection. Using these two methods, the program essentially ransoms the normal use of your computer until you purchase the program or use the guide below to remove the infection.

While Antivirus Soft is running you will also see numerous security warnings and alerts that try to trick you into thinking that you have a security problem on your computer. An example of one of the alerts you will see is a fake Windows Security Center that looks exactly like the legitimate one, but instead suggests that you purchase Antivirus Soft to protect your computer. The infection will also show numerous alerts that state that your computer is infected, that you are sending personal data to a remote location, or a that your computer is being attacked. One of the alerts will have this text:

Antivirus Software Alert
Infiltration Alert
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
Threat: Win32/Nuqel.E

Just like the fake scan results, these security alerts are all fake and are just being shown to trick you into purchasing the program.

Without a doubt, Antivirus Soft was created solely to try and scam you into thinking that your computer is infected in the hopes that you will then purchase it. It goes without saying that you should not purchase this program, and if you already have, please contact your credit card company and dispute the charges stating the program is a scam. Finally, to remove this infection please use the removal guide below to remove it for free.