The Malicious Software Removal Tool (MSRT) is a small program Microsoft pushes out to computers on Patch Tuesday to clean out a list of malware. On this month's Patch Tuesday, Microsoft added scans for a malware file that masks itself as security software, and it found plenty of copies.

Win32/FakeSecSen has gone by various names, including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, and Ultra Antivirus 2009. Furthermore, it is skinnable, so each of these variants has a different GUI, although the basic functionality is the same: bother users with warnings of malware until they pay up.

The Microsoft Malware Protection Center recently released some data on how the removal tool performed this month: FakeSecSen was removed from 994,061 machines. That number isn't the highest Microsoft has recorded before, and the number of removals depends on which malware Microsoft adds each month and how widespread it is.

The company did note, however, that for every one thousand machines in the US scanned by MSRT during the last seven days, roughly five were infected with FakeSecSen rogues. That's quite high for just one piece of malware, but things could have been much worse, according to Microsoft:

Normally each FakeSecSen installation contains one EXE, one or two DAT files, one Control Panel applet (CPL), one desktop shortcut and sometimes one uninstaller. It is interesting that only 20 percent of these removals contain executables of FakeSecSen. This indicates either the other 80 percent had at one point been infected by FakeSecSen and the threat was then manually and partially removed, or the machines were cleaned by other AV products/tools, or FakeSecSen had failed to install, etc.

Once Microsoft gets into the game of free real-time antivirus solutions, it will be worth watching how infection rates fare, instead of just taking note of cleanup numbers each month.

Further reading: