400,000 PCs Infected With Fake "Antivirus 2009"

nandemoari writes "The second month of Microsoft's campaign against fake security software has resulted in the removal of the rogue "Antivirus 2009" application from almost 400,000 infected PCs. Microsoft claims that December's version of the Malicious Software Removal Tool (MSRT) — the free utility included in Windows Update every month — specifically targeted 'Antivirus 2009.' According to Microsoft, MSRT removed the rogue application from over 394,000 PCs in the first nine days after it was released on December 9."

how many users will complain about removal?

[hguorbray]

I wonder how many of the clueless will complain to microsoft that the removal tool removed software THEY HAD PAID FOR

iirc some of the malware and adware 'vendors' had eulas that forbade users to remove their programs

It'll never happen, but I'd like to see one of those guys try to sue microsoft for violating their EULA -would microsoft try to claim that the EULA was invalid?....

One can always dream.

-I'm just sayin'

Re:The relationship between Windows 95/98 and DOS

[adminstring]

Here's some fun trivia: Contrary to popular belief, Windows only rode on top of DOS through version 3.11. 95 and 98 only looked like they did, by optionally loading 16-bit legacy DOS drivers as part of the Windows startup process, and by providing both DOS VMs and an option to boot into DOS Mode (which actually was MS-DOS) for backwards compatibility with legacy DOS apps.

This page has a pretty good overview of Windows 95 architecture, with some diagrams that show the various OS components, none of which is a full copy of DOS that has a GUI riding on top of it as found in Windows 3.11 and earlier. Instead, there is a 32-bit kernel which uses 32-bit device drivers exclusively, unless the user installs a legacy DOS driver.

If any DOS apps are run within Windows 95, they run in their own DOS virtual machine, and if no DOS apps are running, no DOS VM is created. These VMs are similar to those in Windows NT; what is not similar to Windows NT is the ability to load DOS device drivers to support legacy hardware that had no 32-bit protected-mode driver.

Those DOS drivers almost always ran slower than 32-bit drivers and frequently caused problems, to the extent that one of the first steps in troubleshooting a Windows 95 system was to check the autoexec.bat and config.sys for unneeded DOS drivers, or simply renaming those files to get rid of the gunk.

If there really were a copy of DOS running underneath Windows 95, renaming autoexec.bat and config.sys would have removed all the device drivers, leaving you with no access to your CD-ROM drive due to a lack of MSCDEX.EXE, which is needed by all versions of DOS, including the "DOS Mode" of Windows 95.