NEWS FROM THE LAB - Friday, November 21, 2008

Search-and-Destroy Posted by Response @ 12:07 GMT

Some rogue antivirus applications are overtly malicious. XP Antivirus 2008 and XP Antivirus 2009 have numerous affiliates utilizing rootkits and plenty of other nasty techniques in order to get themselves installed (and purchased). They're a real pain in the… neck.

As an interesting aside – XP Antivirus 2008 and XP Antivirus 2009 are actually produced by two different gangs. Variants of one sometimes attempt to uninstall and disable the other.

Then there are some "rogues" that are just kind of sad… we're tempted to call them lame-ware rather than scareware.

Last week, someone calling himself "Mirando" submitted this to our moderated comment system:

Search-and-Destroy Antispyware

What are the odds that such a comment, promoting a dubious application, will be approved by us? Not likely.

This is how the search-and-destroy .com site appears:


The site just uses a simple Flash graphic for basic animation; there are no fake "scans" that attempt to scare the visitor. It's all very quiet, relying perhaps on its name.

This application, search-and-destroy, should not of course be confused with Spybot Search & Destroy, a well known and respected antispyware application.

We downloaded and tested the Search-and-Destroy Antispyware application.

First it prompted a warning that there were zero risks.

Startup Risk

Then we performed the scan and there were 159 "problems" discovered. All 159 were not fixable in the trial version.

Scan Finished

Within the "malicious threats" that were discovered, were invalid shortcuts.

Threat Details

True, the links were invalid, but that's hardly a threat.

So we uninstalled the application, and it left behind a registry key:

After Uninstall

Typical. The scan warned us about invalid shortcuts, and then leaves behind an invalid registry key.

Mirando has posted to other forums as well.


Based on the IP address used when posting to our comments system, Mirando lives in New Delhi, India. We suspect that he's young and that these posts are early attempts at making money via an affiliate program.

We hope that he'll consider quiting while he's ahead, and doesn't move on to the hard-rogues.