This rogues looks like: VirusProtectPro , SpyDown, SpywareQuake.
Sunday, September 30, 2007
AntiVirGear 3.8
A new version of the Rogue AntiVirGear has been released.
This rogues looks like: VirusProtectPro , SpyDown, SpywareQuake.
This rogues looks like: VirusProtectPro , SpyDown, SpywareQuake.
Saturday, September 29, 2007
Monday, September 24, 2007
Zlob Hijacks Winsock LSP
Zlob Malware is Hijacking Winsock.
All begins with the installation of the fake software: Video ActiveX Enhancement 2.07 which installs: AntiVirGear 3.7, BHO, Alerts Popups, IEToolBar...
Now 2 files laf?.dll and laf?.ini are dropped in %SYSTEM% folder (where ? is a number from 1 to 5). Files are detected as Trojan-Downloader.Win32.Agent.doe by Kaspersky Antivirus.
HijackThis Symptoms:
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
Use LSPFix to remove the files. (Bleeping Computer Guide)
All begins with the installation of the fake software: Video ActiveX Enhancement 2.07 which installs: AntiVirGear 3.7, BHO, Alerts Popups, IEToolBar...
Now 2 files laf?.dll and laf?.ini are dropped in %SYSTEM% folder (where ? is a number from 1 to 5). Files are detected as Trojan-Downloader.Win32.Agent.doe by Kaspersky Antivirus.
HijackThis Symptoms:
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf1.dll
Use LSPFix to remove the files. (Bleeping Computer Guide)
Wednesday, September 19, 2007
AntiVirGear 3.7
After the release of different version of VirusProtectPro (3.3 to 3.6) the rogue mutates to AntiVirGear 3.7. A modified version of SpyDown, SpywareQuake.
Subscribe to:
Posts (Atom)
