Thursday, September 4, 2008

My sister got hosed by MS Antivirus

[Wow, I haven't blogged for awhile. Been enjoying retirement, I guess. This pic is now way out of date. My hair got much longer and is now way shorter than my blogger headshot :P.]

First, kind reader, be fully confident: Microsoft does *not* make an antivirus product. There is a malware program going around that calls itself MS Antivirus. I know, because I just installed it for my sister.

Her laptop was hosed, she told me. I thought she meant that the hard drive was shot, but then she continued and described all the problems her computer was having, and it was obviously infected with spyware.

So I took her laptop home, did a low level reformat, and installed Windows XP. Got all the patches loaded on, and of course gave her Firefox.

She sent me info on some antivirus software she had just purchased, including the activation code, and wanted me to make sure I loaded that on since it was bought and paid for. I'm a good brother, so I did.


Spybot Search and Destroy cleaned the resulting mess up, except for MS Antivirus itself. To kill that, I Ctrl+Alt+Deleted and killed the program, then deleted the install directory.

So, a couple tips:
- Whenever I want to fix someones computer, I always download the utilities I need from Don't do a Google Search for the stuff you need, since any ads may be compromised. I don't know who the hell makes Spybot Search and Destroy but for years I've gone to to get it; it's always one of the most popular downloads.
- An the new corollary I will pass on to my sister: If you suspect your computer is infected with spyware, don't click on any of the pop-ups said spyware produces looking for a cure.

Props to PC Mag for info on MS Antivirus.

And finally, here are the emails my sister got, in an effort to let any other victims know that they've been had.

From: eSafeBill Transaction
Date: Wed, Aug 27, 2008 at 5:29 PM
Subject: Your MS Antivirus License purchase
To: my sister

Thank you for making a purchase with eSafeBill!

Transaction information:
Amount: 77.9 USD Including SCHD Bundle chosen
Activation Code: 873465112334272
Transaction ID:
Order Number:
Item: MS Antivirus License + System Cleaner and Hardware Doctor Bundle
You have chosen to purchase your software along with System Cleaner and Hardware Doctor bundle offer. Please download the installer for the additional software:
Quantity: 1
Date: 08/27/2008 12:21:40
Download source:

This purchase will appear in your credit card statement as "".
Total amount of 77.9 USD will be charged to your credit card.
If you are not completely satisfied with this purchase, please do not hesitate
to contact us using SUPPORT REQUEST APPLICATION at
Please do not dispute this charge as doing so may affect your credit rating.


Please download the software from the following link if you
do not have it already installed.
Download source:

Please activate the program by entering the following
code when prompted.

Make sure you enter your activation code correctly.
Just copy it and paste into the activation code box with no changes.
The code consists of 15 characters.
Your code is: 873465112334272

The product is activated now.
In case of any difficulties,
please do not hesitate to contact us.


If you are not completely satisfied with this purchase, please do not hesitate

to contact us using SUPPORT REQUEST APPLICATION at
Please do not dispute this charge as doing so may affect your credit rating.


Ok, lets note that dead giveaway too: if it says "Don't contact your credit card company to dispute the charge, it will affect your credit rating" then please call Visa or Mastercard right now and do just that. Their operators are standing by. :)


Steve Bywater said...

Update: I am now going over to my parents house to remove this same spyware infection from their computer. Wish they read my blog...

Courtz09 said...

I bought this program too and it made my laptop basically useless to the point that it wouldn't load past the login screen to get to my desktop. I called the bank to get contact info because I want a refund, since this obviously wasn't what it was advertised as. They could not find info and I looked at my statement which had 2 sites (since it charged me for it twice), one being and the other, which i typed and neither site exists. Before the computer crashed I had saved the transaction receipt as a word document and deleted it but after I talked to Dell and reinstalled my operating system I lost it. I want a refund since they obviously didn't provide me a service, how would you recommend contacting the company?

Steve Bywater said...

Courtz09: don't contact the spyware company. Contact your credit card company and cancel the charge. Tell them it was fraud.