Information about the other "scareware" lawsuits...

Here we go... the other lucky recipients of Microsoft's attentions in the "John Doe" (which I earlier called "Jane Doe") lawsuits are:

XPdefender.com
Case No. 08-2-33382-5 SEA
Judge Suzanne Barnett

WinSpywareProtect
Case No. 08-2-33380-9 SEA
Judge Joan DeBuque

WinDefender
Case No. 08-2-33377-9 SEA
Judge Michael J. Fox

MalwareCore
Case No. 08-2-33375-2 SEA
Judge Douglas McBroom

Antivirus 2009
Case No. 08-2-33372-8 SEA
Judge Bruce Heller

Microsoft also amended two pre-existing complaints to name the parties behind SMP Soft LLC, a Delaware corporation that markets a scareware product called Scan & Repair Utilities.

According to my notes from the Press Conference, the potential end result of these lawsuits could be up to $2,000.00 per violation, plus attorney fees and restitution.

XPdefender.com
IP previously 74.52.55.179 (ThePlanet)
Registrar: Directi Internet Solutions Pvt. Ltd (WHOIS notes the registration service was provided by VIVIDS MEDIA GMBH)
Created: 3 October 2007
Previously shared IP address with Allforipod.net, Antispamsoft.net, Antispamsoft1.biz, Antispamsoft2.biz, Antispamsoft3.biz, Apple2iphone.net, Audio-convertors.com, Audio-editors.net, Backup-recovery.net, Bucksoft.info, Cddvdtools.com, Digitalphototools.net, Filemanagementtool.com, Filmsglobal.net, Fuckyourvirus.com, Go2cinema.net, Graphiceditors.net, Hatepopup.com, Hunt100.info, Imageconvertors.com, Iphone4ik.net, Iphonedreams.net, Justamovie.net, Keylogger007.com, Moviesworldonline.net, Playipod.net, Radio-tools.net, Screensaverino.com, Search100world.info, Sys-def-stat.com, Thefunsearch.info, Timeandclock.net, Upmovies.net, Virtualdvdsoft.com and yoursecuritysoft.com

WinSpywareProtect (winspywareprotect.com?)
IP: 216.195.50.66 (APS Telecom)
Registrar: Godaddy.com, Inc
WHOIS hidden behind Domains By Proxy, Inc
Created 11 March 2008
Shares IP address with winspywareprotects.com

WinDefender (windefender.com?)
IP: 58.65.234.193 (HostFresh)
Registrar: Tucows, Inc
WHOIS hidden behind Whois Anonymizer, Brazil
Created 9 January 2004
Shares IP address with antimalwaresuite2009.com, bestwindefence.com, championwindefence.com, cleaner2009pro.com, vixitsystems.com, win-defence.com, windefencesolution.com, windefencetool.com, windefenderpro2008.com and windefenders.com

MalwareCore (malwarecore.com?)
IP previously 85.255.120.20 (UkrTeleGroup)
Registrar: Estdomains, Inc
WHOIS - Registrant "Herman Pulser", who apparently owned about 74 other domains!
Created 25 January 2008
Previously shared IP address with psehole.org, fuckteencunt.com, magic-landing.com, microsoftpublic.com, mssetup.net, supereasygo.net, thefuckteen.com, forbposter.com, allmeddrugs.com, allmedicalpills.com, emeddrugs.com, justmeddrugs.com, medpillssite.com and medpillsworld.com (Quite a variety, yes?  The domain microsoftpublic.com deserves closer attention)

Antivirus 2009 (antivirus2009.com, .net, .org and .info have all been registered - .org and .info are "on hold", .net apparently does not have a web site - I don't know yet which site the lawsuit is against)

antivirus2009.net - Registrar Estdomains.
IP previously 69.50.160.212 (Intercage)

antivirus2009.info - Registrar Afilias Limited
IP previously 68.178.232.100 and 85.17.45.148 (GoDaddy and Leaseweb)

antivirus2009.com - Registrar 1&1 Internet
IP 74.208.128.155

antivirus2009.org - Registrar Estdomains
IP previously 69.50.160.212 (Intercage)

Comments

# re: Information about the other "scareware" lawsuits...

Wednesday, October 01, 2008 2:30 PM by dragon

sheesh hope they catch those scum..

# re: Information about the other "scareware" lawsuits...

Thursday, October 02, 2008 12:16 PM by Joetech

Would be nice if people could reover their loss of money and possile PC cost of repair due to these scumbags.

# re: Information about the other "scareware" lawsuits...

Thursday, October 02, 2008 12:42 PM by Tom Lamb

Why stop there? Wish they would go after ALL the bad guys. Just line them up in front of a brick wall and ----

# re: Information about the other "scareware" lawsuits...

Thursday, October 02, 2008 3:53 PM by Clint

Why civil lawsuits ... This is (or should be) illegal ... Microsoft & Others gets some guts and lock these guys up.  I have lost days with the "Scarcware" non-sense

# How do you remove them

Sunday, October 05, 2008 6:45 PM by Pamela

If you were so lucky to have obtained one of these or another, how do you remove it from your computer?

# re: Information about the other "scareware" lawsuits...

Monday, October 06, 2008 11:18 AM by The guy who fixes this a lot for other people

Good luck on getting these guys. However, if you seriously think this will stop this garbage..you have too much faith in the justice system. These marvelous people will just set up shop somewhere else, rename their  garbage and send it out. I fix this stuff for a living ..its all the same thing..variants of a theme to get your money .The only way not to get infected is to not use the internet..get used to it. You will get infected , there is no choice about that . Its what happens next. Hope you have a good antivirus company that doesnt charge you 3 bucks a minute to fix your infection.

Safe surfing..there is no such thing. Good tech support..thats what people need.

# re: How do you remove them

Monday, October 06, 2008 2:27 PM by David Sain

I've spent many hours cleaning this stuff off of client computers that don't "surf smart"  Look at Malwarebyte's Anti-Malware (www.malwarebytes.org).  I've tried a lot of others.  MS Defender is less than fair, Symantec A/V 10.5 is useless; it can't clean much of what it finds, SpyBot Search and Destroy works well but it's slow.  MaywareBytes is fast and has been great so far.  Detects AntiVirusXP variants and Trojans/virus' also. Virus scan with a different manufactures software after MalwareBytes scan discovers no infection.

I've yet to try AVG to remove spyware/malware/rogue software but it's something to experiment with (free.avg.com). Turning off System Restore helps (if enabled it can restore the virus).  Turn it off via Start | Control Panel | System | System Restore (tab), scan/repair, and re-enable it after.  You might even want to do a snapshot immediatly after your computer is clean.

Good Luck!

# re: Information about the other "scareware" lawsuits...

Tuesday, December 02, 2008 10:04 AM by Jennifer Pitts

I agree with David.  There are so many threats out there that you are bound to get infected in one way or another. These people will do anything and everything they can to prey on you and scam you out of your money.  I too am in the repair business and I too see this on a literally daily basis.  One thing I ALWAYS tell our customers is this - if you are not expecting a popup, or you didnt ask for the popup, dont believe it. So what if it says you are infected. So what if it says "Scan now for free!". So what if it offers you free screensavers, icons, smiley faces, toolbars, etc. They are all CRAP. They are all JUNK.   Even if you do get a popup ad and you can click on cancel or whatever inside the ad, it will sometimes STILL INSTALL SOMETHING on your computer!  If you want to get rid of that annoying popup, do NOT click ANYWHERE inside the popup itself. Either right-click on the popup on the taskbar (at the bottom of your screen) and click "close", OR, bring up the task manager (CTRL + ALT + DEL) , find the popup in the "applications" list, and end it there.  

I agree with David to disable your system restore (this will delete all previous system restore points and therefore, will delete the infection too). The Antivirus2009 infection creates its own System Restore registry value so even if you remove it, you can be for sure it WILL COME BACK.

I do my homework. I research. and I NEVER buy my antivirus, spyware, adware, or any other computer maintenance programs. I USE:  AVG AntiVirus (OR AntiVir), both free. I also use Spybot Search & Destroy (free), Malwarebytes' Anti Malware (also free), and a few other select programs/utilities. I have, to this day, never gotten a virus or other infection.

Good luck to everyone.  :)

Jennifer

ComputerMasters dot com