Since the last 3-4 days we have come across a lot of cases of reported infection of W32.Xpaj virus and surprisingly, found Net Protector Antivrus (NPAV) installed on the computers of all those cases. We were surprised to find the connection and were attempting to find the connection between this malware and the dubious NPAV software.
Today I came across a news article in a local (regional language) newspaper “Lokmat” which had the title of “AntiVirusach banla virus chi shikar”. This literally means – “AntiVirus gets infected by Virus”. This piece of news talks about how all the customers of NPAV are facing the problem of a new virus infection which the antivirus is not able to detect or remove properly for the last four days. (Link to full news article in Lokmat)
For all those who may not be aware, NPAV is a dubious product. Being a competitor, we had been observing this product since its origin and had noted a lot of abnormalities in the product. In its early days we had found that NPAV used McAfee command line (DOS based) scan engine for detection of viruses. When we made contact with McAfee they denied any business relations with the NetProtector group. In spite of this, the team behind NPAV was boldly using the free DOS based McAfee scanner inside their commercial NPAV scanner illegitimately and selling the product commercially in the market. When NPAV found that McAfee has an office in India and can legally reproach them, they switched their engine from McAfee to BitDefender, again in an illicit way. They started using the BitDefender scan engine without having any business relations with BitDefender and also started working on their own scan engine by hiring a few software engineers. Now it has been observed that they do not use any third party engine but use modules from open source ClamAV instead.
One cannot develop an antivirus product without having the necessary background and experience of years of Research & Development in virus analysis, or without adopting a virus scan engine from a third-party commercial antivirus vendor. In the case of NPAV, both these approaches are missing. They do not have a credible or experienced research team and they are using parts of open source scan engines and hence cannot guarantee timely updates for any new malware outbreak.
Customers using NPAV are thus unknowingly becoming a part of the fraudulent practice of using open source without proper GNU GPL license in place (in spite of paying for the antiVirus service) and at the same time remain under the false belief of being protected from viruses.
All this has been exposed with the recent outbreak of W32.Xpaj which is a very sophisticated polymorphic virus that needs experts help to detect and clean it from the system, something which the NPAV team clearly lacks because of obvious reasons.
Our recommendation is to use genuine Windows products and genuine and certified antivirus software. After all, it’s your data and business that is at stake.