Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Information about the other "scareware" lawsuits…

September 29th 2008 in Uncategorized

Here we go… the other lucky recipients of Microsoft’s attentions in the “John Doe” (which I earlier called “Jane Doe”) lawsuits are:

Case No. 08-2-33382-5 SEA
Judge Suzanne Barnett

Case No. 08-2-33380-9 SEA
Judge Joan DeBuque

Case No. 08-2-33377-9 SEA
Judge Michael J. Fox

Case No. 08-2-33375-2 SEA
Judge Douglas McBroom

Antivirus 2009
Case No. 08-2-33372-8 SEA
Judge Bruce Heller

Microsoft also amended two pre-existing complaints to name the parties behind SMP Soft LLC, a Delaware corporation that markets a scareware product called Scan & Repair Utilities.

According to my notes from the Press Conference, the potential end result of these lawsuits could be up to $2,000.00 per violation, plus attorney fees and restitution.

IP previously (ThePlanet)
Registrar: Directi Internet Solutions Pvt. Ltd (WHOIS notes the registration service was provided by VIVIDS MEDIA GMBH)
Created: 3 October 2007
Previously shared IP address with Allforipod.net, Antispamsoft.net, Antispamsoft1.biz, Antispamsoft2.biz, Antispamsoft3.biz, Apple2iphone.net, Audio-convertors.com, Audio-editors.net, Backup-recovery.net, Bucksoft.info, Cddvdtools.com, Digitalphototools.net, Filemanagementtool.com, Filmsglobal.net, Fuckyourvirus.com, Go2cinema.net, Graphiceditors.net, Hatepopup.com, Hunt100.info, Imageconvertors.com, Iphone4ik.net, Iphonedreams.net, Justamovie.net, Keylogger007.com, Moviesworldonline.net, Playipod.net, Radio-tools.net, Screensaverino.com, Search100world.info, Sys-def-stat.com, Thefunsearch.info, Timeandclock.net, Upmovies.net, Virtualdvdsoft.com and yoursecuritysoft.com

WinSpywareProtect (winspywareprotect.com?)
IP: (APS Telecom)
Registrar: Godaddy.com, Inc
WHOIS hidden behind Domains By Proxy, Inc
Created 11 March 2008
Shares IP address with winspywareprotects.com

WinDefender (windefender.com?)
IP: (HostFresh)
Registrar: Tucows, Inc
WHOIS hidden behind Whois Anonymizer, Brazil
Created 9 January 2004
Shares IP address with antimalwaresuite2009.com, bestwindefence.com, championwindefence.com, cleaner2009pro.com, vixitsystems.com, win-defence.com, windefencesolution.com, windefencetool.com, windefenderpro2008.com and windefenders.com

MalwareCore (malwarecore.com?)
IP previously (UkrTeleGroup)
Registrar: Estdomains, Inc
WHOIS – Registrant “Herman Pulser”, who apparently owned about 74 other domains!
Created 25 January 2008
Previously shared IP address with psehole.org, fuckteencunt.com, magic-landing.com, microsoftpublic.com, mssetup.net, supereasygo.net, thefuckteen.com, forbposter.com, allmeddrugs.com, allmedicalpills.com, emeddrugs.com, justmeddrugs.com, medpillssite.com and medpillsworld.com (Quite a variety, yes?  The domain microsoftpublic.com deserves closer attention)

Antivirus 2009 (antivirus2009.com, .net, .org and .info have all been registered – .org and .info are “on hold”, .net apparently does not have a web site – I don’t know yet which site the lawsuit is against)

antivirus2009.net – Registrar Estdomains.
IP previously (Intercage)

antivirus2009.info – Registrar Afilias Limited
IP previously and (GoDaddy and Leaseweb)

antivirus2009.com – Registrar 1&1 Internet

antivirus2009.org – Registrar Estdomains
IP previously (Intercage)

8 comments to...
“Information about the other "scareware" lawsuits…”


sheesh hope they catch those scum..


Would be nice if people could reover their loss of money and possile PC cost of repair due to these scumbags.

Tom Lamb

Why stop there? Wish they would go after ALL the bad guys. Just line them up in front of a brick wall and —-


Why civil lawsuits … This is (or should be) illegal … Microsoft & Others gets some guts and lock these guys up. I have lost days with the “Scarcware” non-sense


If you were so lucky to have obtained one of these or another, how do you remove it from your computer?

The guy who fixes this a lot for other people

Good luck on getting these guys. However, if you seriously think this will stop this garbage..you have too much faith in the justice system. These marvelous people will just set up shop somewhere else, rename their garbage and send it out. I fix this stuff for a living ..its all the same thing..variants of a theme to get your money .The only way not to get infected is to not use the internet..get used to it. You will get infected , there is no choice about that . Its what happens next. Hope you have a good antivirus company that doesnt charge you 3 bucks a minute to fix your infection.
Safe surfing..there is no such thing. Good tech support..thats what people need.

David Sain

I’ve spent many hours cleaning this stuff off of client computers that don’t “surf smart” Look at Malwarebyte’s Anti-Malware (www.malwarebytes.org). I’ve tried a lot of others. MS Defender is less than fair, Symantec A/V 10.5 is useless; it can’t clean much of what it finds, SpyBot Search and Destroy works well but it’s slow. MaywareBytes is fast and has been great so far. Detects AntiVirusXP variants and Trojans/virus’ also. Virus scan with a different manufactures software after MalwareBytes scan discovers no infection.

I’ve yet to try AVG to remove spyware/malware/rogue software but it’s something to experiment with (free.avg.com). Turning off System Restore helps (if enabled it can restore the virus). Turn it off via Start | Control Panel | System | System Restore (tab), scan/repair, and re-enable it after. You might even want to do a snapshot immediatly after your computer is clean.

Good Luck!

Jennifer Pitts

I agree with David.  There are so many threats out there that you are bound to get infected in one way or another. These people will do anything and everything they can to prey on you and scam you out of your money.  I too am in the repair business and I too see this on a literally daily basis.  One thing I ALWAYS tell our customers is this – if you are not expecting a popup, or you didnt ask for the popup, dont believe it. So what if it says you are infected. So what if it says “Scan now for free!”. So what if it offers you free screensavers, icons, smiley faces, toolbars, etc. They are all CRAP. They are all JUNK.   Even if you do get a popup ad and you can click on cancel or whatever inside the ad, it will sometimes STILL INSTALL SOMETHING on your computer!  If you want to get rid of that annoying popup, do NOT click ANYWHERE inside the popup itself. Either right-click on the popup on the taskbar (at the bottom of your screen) and click “close”, OR, bring up the task manager (CTRL + ALT + DEL) , find the popup in the “applications” list, and end it there.  

I agree with David to disable your system restore (this will delete all previous system restore points and therefore, will delete the infection too). The Antivirus2009 infection creates its own System Restore registry value so even if you remove it, you can be for sure it WILL COME BACK.

I do my homework. I research. and I NEVER buy my antivirus, spyware, adware, or any other computer maintenance programs. I USE:  AVG AntiVirus (OR AntiVir), both free. I also use Spybot Search & Destroy (free), Malwarebytes’ Anti Malware (also free), and a few other select programs/utilities. I have, to this day, never gotten a virus or other infection.

Good luck to everyone.  🙂


ComputerMasters dot com

Edited to update documentary links.. Washington Attorney General, Rob McKenna (whose work has been featured on this blog several times) and Richard Boscovich, Senior Attorney for Microsoft’s Internet Safety Enforcement Team, unveiled several lawsuits against malware (what they call “scareware”) pushers today.  The lawsuits are the first to be filed under the State’s recently […]

Previous Entry

No biggie. Before: estdomains.com  A – ZAO Petersburg Transit Telecom (PTT), Russia (AS31353)estdomains.com  A – Ecatel LTD, Amsterdam (AS29073)estdomains.com  NS  ans1.esthost.comestdomains.com  NS  ans2.esthost.com estdomains.com  NS  temp1.estdomains.com estdomains.com  NS  ns1.estdomains.com estdomains.com  NS  temp2.estdomains.com estdomains.com  NS  ns2.estdomains.com estdomains.com  NS  a.estdomains.com estdomains.com  NS  b.estdomains.com esthost.com  A – Ecatel LTD, Amsterdam (AS29073) *C*esthost.com  NS  ens1.esthost.com […]

Next Entry