Friday, May 22, 2009

Presto TuneUp

PrestoTuneUp is a new fake optimizer/cleaner (rogue). It is a clone of My Supervisor.

PrestoTuneUp is made by the same creators of: FastAntivirus, MalwareCatcher, VirusShield, Extra Antivirus, Virus Sweeper, Ultra Antivir 2009, Virusdoctor, VirusMelt, VirusAlarm.

Presto TuneUp detects nonexistent problems (registry, IE Cache, Cookies,...) to scare users. Unlike FastAntivirus/MalwareCatcher family, PrestoTuneUp doesn't detect malware.



Thanks to Bharath

Thursday, May 21, 2009

FastAntivirus

Fast Antivirus (aka Fast Antivirus 2009) is a new fake security scanner (rogue). It belongs to the same family as MalwareCatcher, VirusShield, Extra Antivirus, Virus Sweeper, Ultra Antivir 2009, Virusdoctor, VirusMelt, VirusAlarm. Fast Antivirus comes from fake online scanners and detects nonexistent malwares to scare users.

Like the other members of the family, FastAntivirus2009 uses Google Code pages: hxxp://favprj1.googlecode.com

Wednesday, May 20, 2009

Crusader Antivirus Rogue

Crusader Antivirus has been classified as rogue. This software is produced by TRITAX Limited Software Company (DuckForce).



Looking at CrusaderAntivirus GUI and code, we can see references and common codes from AGAVA Antispy.





The registration verification code shows the contacted host:


activate.antispy.ru (89.108.66.62)
antispy.ru (89.108.65.143)
agava.ru (89.108.65.143)
(...)
AGAVA JSC: 89.108.64.0-89.108.71.255

Crusader Antivirus is a clone of AVAGA Antispy, but AVAGA is free. Unlike Crusader Antivirus there's no need to register to remove detected items.
Crusader Antivirus is a TRITAX Limited Software Company (DuckForce) product, but it contacts home (antispy.ru) to register itself...

Tuesday, May 12, 2009

Desktop Hijack

New malware has been found, it hijacks Desktop Background and promotes System Security 2009 Rogue with fake alerts.



It also pops up pr0n pages and display a fake BSOD:



Thanks to Malekal_Morte