Speaking of rogues, which I do a lot, I am always on the lookout for more information about the infections we see on victims computers in the help forums.
One of my feed subscriptions is to the Microsoft® Malware Protection Center blog and I was drawn to the title of a new article, “FakeXPA… Journey of a Rogue”.
Quick scroll to the bottom to see who wrote it, Subratam, a friend who was always analysing malware when a volunteer in the forums. 
The rogue in question is Trojan:Win32/FakeXPA which was added to December’s update of the Microsoft Windows Malicious Software Removal Tool. (MSRT) You did update, right?
As Windows users become more familiar with the Windows Security Center interface, the perpetrators are spoofing that interface to take advantage of that budding familiarity. FakeXPA was and is one of the first rogue products to exploit this strategy. It is interesting to note, however, that the latest rendition actually deviates from the original spoofs and introduce new variations.
Complete article with screenshots:
http://blogs.technet.com/mmpc/default.aspx
