Summary

AntiVirus 2008 is a family of "rogue" antivirus software that will display false virus warnings. It creates popups and attempts to connect to a series of websites to make the user download additional malware and trick them into paying for the false services the applications provide.

New variants of this family are as of this writing created continously.

Spreading description

"Drive-by" infection by download script on infected websites which the user has been tricked into visiting by a forged email or by downloading the software from the creators' web site.
When visiting a malicious website you will get a message that you need to download new version of Video ActiveX Object to play a video.

You will then get a question if you want to run or save a file.

If you run the file Antivirus2008 will be installed and you will get lot of popups with false virus warnings and a message informing you that you will have to pay for the full version of Antivirus 2008 to remove all these threats.

Threat description

The programs in this family download and install malware.

Some versions also disable antivirus programs, and block Internet access to security sites

Removal

The first version of Antivirus 2008 was added to Norman's virus detection files 4 June 2008.
New versions are added continously.

General information about removal of malicious software

Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.