"We immediately investigated the reports and removed the offending ads, as this is a violation of our ad-serving policy," wrote Microsoft spokeswoman Whitney Burk.

Computer security analysts noticed two advertisements for Winfixer -- a self-described security program that also goes by the name ErrorSafe -- on Windows Live Messenger.

Security companies have labeled it as a "potentially unwanted program." They believe the program falsely alerts users to problems with their computer and encourages them to purchase the application. It falls into an informally named category of program called "scareware," whose creators try to disturb users into downloading their program or face problems with their computer.

Microsoft, which called Winfixer "malware," did not detail how the ads appeared. The Center for Democracy and Technology (CDT), a civil liberties and consumer group in Washington, D.C., has investigated how questionable advertisments promoting spyware and other malicious software have appeared on ad networks.

The incident highlights how even a well-resourced company such as Microsoft can be vulnerable to the vagaries of complex associations of Internet advertising networks.

"There are often a host of parties involved in the advertising chain, making it difficult to track the journey an advertisement takes from its original source to a user's computer," according to a CDT report released last year.

It's extremely hard to police advertisements, as the organizations which offer them could suddenly substitute new ones, said Graham Cluley, senior technology consultant for Sophos, a security software company.

"There remains a risk that advertisements may be vetted and approved when first placed with an advertising network only to be later 'updated' to advertise less savory products," Cluley said. "This isn't just a problem for Microsoft, it's a problem for any company which is delivering advertisements to its userbase."

The U.S. Federal Trade Commission (FTC) has taken several actions against companies that have created special programs designed to exploit security vulnerabilities in computers, that -- like Winfixer -- purport to repair the machine.

The Winfixer incident creates concerns over end-user security and could be especially important for Microsoft. The company seeks to use advertising to subsidize the cost for free services such as Windows Live Mail, formerly Hotmail, and other Web-based services it's using to compete with online offerings from Google Inc.

"For years I have been holding up MSN Messenger banner advertisements as an example of how advertisements can be safely served up to end users without putting them at risk of malware," wrote Sandi Hardmeier, a Microsoft Most Valued Professional and specialist in Internet Explorer, on her blog. "Now, everything has changed. This simply shouldn't have happened."

Winfixer, which sells for around $39.95, has a shady history. It's a persistent program, constantly popping up on newly-created domains under various aliases, including ErrorSafe, WinAntiVirus and DriveCleaner, said Chris Boyd, security research manager for FaceTime Communications Inc.

The changing names and versions are hard to keep up with for security analysts, let alone for ad network managers who may have no idea of the true nature of the program.

The suspicions are that it [Winfixer] is a quite sophisticated operation.At one time, Winfixer was one of several bad programs installed in a bundle by hackers on vulnerable machines, wrote Ben Edelman, a malware researcher and doctoral candidate at Harvard University, on his Web site.

The hackers exploited the Windows Metafile (WMF) problem, a particularly dangerous security hole that appeared in December 2005 and prompted Microsoft to hurriedly issue an off-schedule patch.