Sunday, September 30, 2007

AntiVirGear 3.8

A new version of the Rogue AntiVirGear has been released.
This rogues looks like: VirusProtectPro , SpyDown, SpywareQuake.

Saturday, September 29, 2007

RSS Stream Changelog

SmitfraudFix Changelog is now available in XML format

Monday, September 24, 2007

Zlob Hijacks Winsock LSP

Zlob Malware is Hijacking Winsock.

All begins with the installation of the fake software: Video ActiveX Enhancement 2.07 which installs: AntiVirGear 3.7, BHO, Alerts Popups, IEToolBar...

Now 2 files laf?.dll and laf?.ini are dropped in %SYSTEM% folder (where ? is a number from 1 to 5). Files are detected as Trojan-Downloader.Win32.Agent.doe by Kaspersky Antivirus.

HijackThis Symptoms:
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll

Use LSPFix to remove the files. (Bleeping Computer Guide)

Wednesday, September 19, 2007

AntiVirGear 3.7

After the release of different version of VirusProtectPro (3.3 to 3.6) the rogue mutates to AntiVirGear 3.7. A modified version of SpyDown, SpywareQuake.