MS Antivirus (malware)

The company and the individuals behind Bakasoftware operated under other different 'company' names, including Innovagest2000, Innovative Marketing Ukraine, Pandora Software, LocusSoftware, etc.

Once the scan is completed, a warning message appears that lists the spyware ‘found’ and the user either has to click on a link or a button to remove it.

This deceptive tactic is an attempt to scare the Internet user into clicking on the link or button to purchase MS Antivirus.

Some variants are more harmful; they display popups whenever the user tries to start an application or even tries to navigate the hard drive, especially after the computer is restarted.

In some rare cases, with the newest version of the malware, it can prevent the user from performing a system restore.

In November 2008, it was reported that a hacker known as NeoN hacked the Bakasoftware's database, and posted the earnings of the company received from XP Antivirus.

According to the FTC, the combined malware of WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus has fooled over one million people into purchasing the software marketed as security products.

The court also froze the assets of the companies in an effort to provide some monetary reimbursement to affected victims.

According to the FTC complaint, the companies charged in the case operated using a variety of aliases and maintained offices in the countries of Belize and Ukraine (Kyiv).

SWP '09 "protecting" the user from microsoft.com. Notice that the font is different than what Internet Explorer usually uses.