This rogues looks like: VirusRay, Antivir Gear, VirusProtectPro , SpyDown, SpywareQuake.
Friday, December 14, 2007
VirusProtect 3.9
A new version of VirusProtect rogue has been released:
This rogues looks like: VirusRay, Antivir Gear, VirusProtectPro , SpyDown, SpywareQuake.
This rogues looks like: VirusRay, Antivir Gear, VirusProtectPro , SpyDown, SpywareQuake.
Tuesday, December 11, 2007
IE Codec
A New fake Codec installer was found. (Thanks to nosirrah).
Compromised web sites display fake alerts about a software installation to watch a video. This Software installs a componant (BHO) in Internet Explorer displaying Fake Trojan Alerts.
Compromised web sites display fake alerts about a software installation to watch a video. This Software installs a componant (BHO) in Internet Explorer displaying Fake Trojan Alerts.
Monday, December 3, 2007
Flash Player incorrect version
Flash Player incorrect version is a fake popup linked to a fake Video ActiveX Object (see Multimedia Decoder codec).
This Trojan installs an Internet Explorer componant that displays alerts, popup, and modifies search results to encourage the user to install IEDefender Rogue.
See SunbeltBlog
This Trojan installs an Internet Explorer componant that displays alerts, popup, and modifies search results to encourage the user to install IEDefender Rogue.
See SunbeltBlog
Tuesday, November 13, 2007
VirusProtect 3.8
A new Rogue has been released: VirusProtect.
This rogues looks like: VirusRay, Antivir Gear, VirusProtectPro , SpyDown, SpywareQuake.
This rogues looks like: VirusRay, Antivir Gear, VirusProtectPro , SpyDown, SpywareQuake.
Monday, November 5, 2007
Sunday, November 4, 2007
IE Defender
Rogue IE Defender coming with the fake codec multimedia decoder has been incuded to SmitfraudFix.
The authors of IE Defender are claiming on CastleCops forum that their software is "clean and is real antispyware".
Talking about the problem of the trojan fake codec that advertise for IE Defender installation, they post:
Looking at the servers IP of IE Defender and the Trojan: they are the same. No more to say.
The authors of IE Defender are claiming on CastleCops forum that their software is "clean and is real antispyware".
Talking about the problem of the trojan fake codec that advertise for IE Defender installation, they post:
we have a partnership for our distributors to advertise our program, we pay them a percent of registration fee. Some of them use illegal methods, that we not accept, our customers send us abuses about it and we closed some of our affiliates accounts without paying them. We are watching on it but there are problems with them sometimes. We're working on this problem and it's very sad for us.
Looking at the servers IP of IE Defender and the Trojan: they are the same. No more to say.
Tuesday, October 30, 2007
Multimedia Decoder
Multimedia Decoder is another fake codec installing malware.
It displays fake alert to install IEDefender Rogue and Hijacks google pages with an alert and a malware p0rn link.
It displays fake alert to install IEDefender Rogue and Hijacks google pages with an alert and a malware p0rn link.
Wednesday, October 24, 2007
VirusRay 3.8
A new Rogue has been released: VirusRay.
This rogues looks like: Antivir Gear, VirusProtectPro , SpyDown, SpywareQuake.
This rogues looks like: Antivir Gear, VirusProtectPro , SpyDown, SpywareQuake.
Saturday, October 6, 2007
Tuesday, October 2, 2007
Spyware.WinAntiVirus
A new version of Spyware.WinAntiVirus has been released.
HijackThis symptoms:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\System32\explore.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\System32\explore.exe
O4 - Startup: info.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: info.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat
HijackThis symptoms:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\System32\explore.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\System32\explore.exe
O4 - Startup: info.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: info.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat
Sunday, September 30, 2007
AntiVirGear 3.8
A new version of the Rogue AntiVirGear has been released.
This rogues looks like: VirusProtectPro , SpyDown, SpywareQuake.
This rogues looks like: VirusProtectPro , SpyDown, SpywareQuake.
Saturday, September 29, 2007
Monday, September 24, 2007
Zlob Hijacks Winsock LSP
Zlob Malware is Hijacking Winsock.
All begins with the installation of the fake software: Video ActiveX Enhancement 2.07 which installs: AntiVirGear 3.7, BHO, Alerts Popups, IEToolBar...
Now 2 files laf?.dll and laf?.ini are dropped in %SYSTEM% folder (where ? is a number from 1 to 5). Files are detected as Trojan-Downloader.Win32.Agent.doe by Kaspersky Antivirus.
HijackThis Symptoms:
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
Use LSPFix to remove the files. (Bleeping Computer Guide)
All begins with the installation of the fake software: Video ActiveX Enhancement 2.07 which installs: AntiVirGear 3.7, BHO, Alerts Popups, IEToolBar...
Now 2 files laf?.dll and laf?.ini are dropped in %SYSTEM% folder (where ? is a number from 1 to 5). Files are detected as Trojan-Downloader.Win32.Agent.doe by Kaspersky Antivirus.
HijackThis Symptoms:
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
Use LSPFix to remove the files. (Bleeping Computer Guide)
Wednesday, September 19, 2007
AntiVirGear 3.7
After the release of different version of VirusProtectPro (3.3 to 3.6) the rogue mutates to AntiVirGear 3.7. A modified version of SpyDown, SpywareQuake.
Monday, July 2, 2007
Tuesday, May 22, 2007
Privacy Danger Desktop Hijack
Privacy Danger is a componant of NewMediaCodec/VideoAccessCodec (VideoCach), a fake codec that displays alerts, Rogue popups, installs a BHO...
Desktop background modified:
Desktop background modified:
Tuesday, March 20, 2007
Tuesday, February 13, 2007
Wednesday, February 7, 2007
SpyCrush
SpyCrush rogue, a modified version of SpywareQuake (a lot of registry keys are the same) and of VirusBurst(er), thanks to Security Cadets.
Saturday, January 27, 2007
Friday, January 26, 2007
Wednesday, January 24, 2007
Registry Cleaner
Registry Cleaner rogue installs itself with fake warning messages displayed by a Trojan Downloader.
Saturday, January 6, 2007
AntiVerminser
AntiVerminser rogue, a new version of AntiVermins. Creators of the rogue only change filenames and registry keys. Bitmaps remain the same.
Subscribe to:
Posts (Atom)
