Threat Research & Response Blog
The United States Federal Trade Commission announced that it will begin issuing refunds to 300,000 consumers that were victims of several rogue security software scams such as "Winfixer", "Drive Cleaner" and "XP Antivirus". The following is a list of Microsoft antimalware product detection names that are linked to the Winfixer family:
Program:Win32/AdvancedCleaner Program:Win32/Antivirus2008 Program:Win32/Antivirus2009 Program:Win32/SpywareIsolatorProgram:Win32/WinFixer Program:Win32/WinSpywareProtectTrojan:Win32/Antivirusxp
Rogue authors commonly brand their programs to appear as legitimate security scanners. The following is a list of some names that are associated with the above mentioned rogue security software detections:
AdvancedCleaner AntiMalwareGuardAntiSpywareExpertAntiSpywareMasterAntispywaresuiteAntivirus 2008Antivirus XP 2008AV XP 2005AvsystemcareBestsellerantivirusData DoctorDriveCleanerDriveproteccion (sic)ErrCleanErrorSafeExterminadordevirusFixThemNowGubbishremoverLongLifePCMalwareAlarmNetTurboProPcprivacytoolPcsecuresystemPerformanceOptimizerPower Antivirus 2008Power Antivirus 2009SpyGuarderSpyKiller ProSpyware SweeperSpywareIsolatorSwiftCleanerSystemDoctorSystemErrorFixerSystemSweeperTotalAntivirusTrasheraserTrustedprotecionUltimateCleanerVirusRemover 2008WinAntiSpywareWinAntiVirusProWinBugFixerWinDefender2008WinFixerWinsecureavWinSpyware ProtectWinxDefenderXLifeGuarderXP AntiSpyware 2009XP AntiVirus
The following text is from the FTC announcement (http://www.ftc.gov/opa/2011/12/rebates.shtm):
Approximately 320,000 checks will be mailed by the FTC's settlement administrator, Epiq Systems. Consumers who believe they are entitled to a refund or have questions may call the settlement administrator toll free at 1-877-853-3541 or visit www.FTC.gov/refunds for more information.