More unflattering imitation

[Update: more information from ESET on this malware here.]

Last October, my colleague Tasneem Patanwala blogged about rogue antivirus masquerading as an ESET product. In that instance it was a product calling itself Smart Security, and Tasneem's blog includes lots of useful information about that particular malware, and fake AV in general.

Looking through my huge backlog of mail just now, I notice mail from Aryeh Goretsky, another of my colleagues, about a program calling itself E-Set Antivirus 2011. I'll be looking at in more detail later, but I can tell you now that it has nothing to do with ESET, which has not changed its name and does not have a product called Antivirus 2011. If you run across a site that's pushing it, it will tell you that you have active malware on your system (it uses a number of real malware names such as Zhelatin and Virtumonde, though not with ESET identifiers), or that your system or data are under attack by a keylogger or from a random IP address, or that you're using unlicensed software.

More information when I have it. (Hat tip to Randy Knobloch.)

ESET Senior Research Fellow

Author David Harley, ESET

  • Randy Knobloch

    Awaiting more information as it arises.

  • Neil J. Rubenking

    David – surprise! I was testing products using the latest reported phishing URLS from and one of them dropped the E-Set rogue.

    • David Harley

      @Neil: small world. :)

  • Kolor

    Sorry for OT but is the RSS feed down?

    • David Harley

      I don’t know, but there’ve been some changes to the web site that might have affected it. I’ll check.

  • John

    I receive ESET anti-virus through a Phoenix reseller that appears to have gone out of business.  Who do I contact to find out if my coverage will continue? 

    • David Harley

      That’s way outside my competence, I’m afraid. You can get contact information via the Support tab on the ESET main web page.

  • Randy Knobloch

    Spotted again >

Follow us

Copyright © 2017 ESET, All Rights Reserved.