It belongs to the same Total Virus Protection, Anti-Virus Number-1, Antivirus Sentry, Antivirus 2010, Micro Antivirus 2009, MS Antivirus, Smart Antivirus 2009, System Antivirus 2008, Antivirus 2009, Internet-antivirus
Monday, June 29, 2009
AntivirusBest
Antivirus Best is a fake security software (rogue). It displays fake alerts to justify an infection to incite users into buying a license.
It belongs to the same Total Virus Protection, Anti-Virus Number-1, Antivirus Sentry, Antivirus 2010, Micro Antivirus 2009, MS Antivirus, Smart Antivirus 2009, System Antivirus 2008, Antivirus 2009, Internet-antivirus
It belongs to the same Total Virus Protection, Anti-Virus Number-1, Antivirus Sentry, Antivirus 2010, Micro Antivirus 2009, MS Antivirus, Smart Antivirus 2009, System Antivirus 2008, Antivirus 2009, Internet-antivirus
Saturday, June 27, 2009
Secret Service Rogue
Secret Service is a new rogue made by TRITAX, (creator of Crusader Antivirus). It it using a part of the sample used by Privacy Center (the Russian female voice).
The rogue drops many fake executables on the system and also detects legit files to justify an infection and scare users to incite them into buying a license.
The rogue drops many fake executables on the system and also detects legit files to justify an infection and scare users to incite them into buying a license.
Sunday, June 21, 2009
Thursday, June 18, 2009
Virus Remover Pro.
Virus Remover Professional is a new rogue. It is from the same family as Extra Antivirus,
AV Antispyware, PAntispyware09, MS Antispyware 2009, Pro Antispyware 2009, SysAntivirus 2009, WinSpywareProtect.
As always, detection of fake infections to scare users and a promise to remove all infected files/keys when activated for $49,95 (1 year license).
Thanks fly to Bharath.
BleepingComputer Removal Guide.
AV Antispyware, PAntispyware09, MS Antispyware 2009, Pro Antispyware 2009, SysAntivirus 2009, WinSpywareProtect.
As always, detection of fake infections to scare users and a promise to remove all infected files/keys when activated for $49,95 (1 year license).
Thanks fly to Bharath.
BleepingComputer Removal Guide.
Wednesday, June 17, 2009
Malware Destructor
Malware Destructor 2009 is a new fake security scanner (rogue). It belongs to the same family as FastAntivirus,
MalwareCatcher, VirusShield, Extra Antivirus, Virus Sweeper, Ultra Antivir 2009, Virusdoctor, VirusMelt, VirusAlarm. MalwareDestructor comes from fake online scanners and detects nonexistent malwares to scare users.
MalwareCatcher, VirusShield, Extra Antivirus, Virus Sweeper, Ultra Antivir 2009, Virusdoctor, VirusMelt, VirusAlarm. MalwareDestructor comes from fake online scanners and detects nonexistent malwares to scare users.
Saturday, June 13, 2009
DOS Fake Online Scanner
VirusShield rogue comes from fake online scanners. Usually, those fake scanners have Windows (XP/Vista) style. This new one have a DOS design, in a browser page... with a STOP BSOD imitation alert.
Thursday, June 11, 2009
Advanced Virus Remover
Advanced Virus Remover Rogue displays fake infections to incite users into buying a license.
Notice the shared IP with VSCodec Pro and other rogues:
antivirus-scan-2009.com (91.212.65.29)
vs-codec-pro.com (91.212.65.29)
vscodec-pro.com (91.212.65.29)
alltubesplace.com (91.212.65.29)
antivirus-xppro2009.com (91.212.65.29)
onlinescanxpp.com (91.212.65.29)
antivirus-pppro.com (91.212.65.29)
antivirus-xppro-2009.com (91.212.65.29)
Notice the shared IP with VSCodec Pro and other rogues:
antivirus-scan-2009.com (91.212.65.29)
vs-codec-pro.com (91.212.65.29)
vscodec-pro.com (91.212.65.29)
alltubesplace.com (91.212.65.29)
antivirus-xppro2009.com (91.212.65.29)
onlinescanxpp.com (91.212.65.29)
antivirus-pppro.com (91.212.65.29)
antivirus-xppro-2009.com (91.212.65.29)
Tuesday, June 9, 2009
Loaris Trojan Remover is not Rogue
Loaris Trojan Remover was classified as rogue few days ago because of suspicious coincidences:
- It is hosted on an IP block known for criminal activity.
- HijackThis program was bundle without Trendsecure permission.
- Users had to buy a license to activate cleaning option. This should not be a problem if we ignore the fact of giving personal informations from an infected system to register. But important rogues components remains active after cleaning process when Loaris removal guide claims to remove those rogues and argues it "was created especially for such types of rouge programs".
Loaris Trojan Remover never acts like classic rogues.
- It does NOT show fakes alerts,
- It does NOT hijack internet browser,
- It is NOT promoted via Trojan or fake online scanners.
Considering that creators have quickly removed HijackThis from their tool and think about moving to another provider that does not have illegal activities.
Considering that the tool has now 15 days trial, users don't have to buy a license and can test efficiency of it. (web pages saying it can remove malware it was not able to have been removed).
Considering the creator's reactivity to fix those problems, Loaris Trojan Remover have been declassified from Rogues application.
- It is hosted on an IP block known for criminal activity.
- HijackThis program was bundle without Trendsecure permission.
- Users had to buy a license to activate cleaning option. This should not be a problem if we ignore the fact of giving personal informations from an infected system to register. But important rogues components remains active after cleaning process when Loaris removal guide claims to remove those rogues and argues it "was created especially for such types of rouge programs".
Loaris Trojan Remover never acts like classic rogues.
- It does NOT show fakes alerts,
- It does NOT hijack internet browser,
- It is NOT promoted via Trojan or fake online scanners.
Considering that creators have quickly removed HijackThis from their tool and think about moving to another provider that does not have illegal activities.
Considering that the tool has now 15 days trial, users don't have to buy a license and can test efficiency of it. (web pages saying it can remove malware it was not able to have been removed).
Considering the creator's reactivity to fix those problems, Loaris Trojan Remover have been declassified from Rogues application.
VSCodec Pro
VSCodecPro is the new version of PCCodecPack, LuxeCodecXP, WinCoDecPRO. It display fake alerts about media problems.
When trying to run Windows Media Player, it displays an alertbox and redirect to vs-vodec-pro.com webpages.
alltubesplace.com (91.212.65.29)
antivirus-xppro2009.com (91.212.65.29)
antivirus-xppro-2009.com (91.212.65.29)
free-webscaners.net (91.212.65.29)
free-web-scaners.net (91.212.65.29)
free-web-scaners.com (91.212.65.29)
free-web-scaners.biz (91.212.65.29)
onlinescanxpp.com (91.212.65.29)
onlinescanxppp.com (91.212.65.29)
vs-codec-pro.com (91.212.65.29)
vscodec-pro.com (91.212.65.29)
scan-virusremover2009.com (91.212.65.29)
When trying to run Windows Media Player, it displays an alertbox and redirect to vs-vodec-pro.com webpages.
alltubesplace.com (91.212.65.29)
antivirus-xppro2009.com (91.212.65.29)
antivirus-xppro-2009.com (91.212.65.29)
free-webscaners.net (91.212.65.29)
free-web-scaners.net (91.212.65.29)
free-web-scaners.com (91.212.65.29)
free-web-scaners.biz (91.212.65.29)
onlinescanxpp.com (91.212.65.29)
onlinescanxppp.com (91.212.65.29)
vs-codec-pro.com (91.212.65.29)
vscodec-pro.com (91.212.65.29)
scan-virusremover2009.com (91.212.65.29)
Friday, June 5, 2009
Thursday, June 4, 2009
Loaris Trojan Remover Rogue
Update: Loaris Trojan Remover have been declassified from Rogue applications: Link.
Loaris Trojan Remover is a rogue anti-spyware program. The tool has a dirty malware database. It can detects some real infections on a system but is not able to remove the full infection when registered. It is bundle with HijackThis tool.
Loaris Removal Guide says it can get rid of UnVirex rogue. After cleaning, some UnVirex componant (LSP Hijack) are still active.
loaris.com (216.97.239.105)
Installer is hosted at 88.214.197.165
hosts-file.net
Thanks to MysteryFCM
Loaris Trojan Remover is a rogue anti-spyware program. The tool has a dirty malware database. It can detects some real infections on a system but is not able to remove the full infection when registered. It is bundle with HijackThis tool.
Loaris Removal Guide says it can get rid of UnVirex rogue. After cleaning, some UnVirex componant (LSP Hijack) are still active.
loaris.com (216.97.239.105)
Installer is hosted at 88.214.197.165
hosts-file.net
Thanks to MysteryFCM
XP Deluxe Protector Rogue
XPDeluxeProtector is a new fake security software from the same creators of Win PC Antivirus, Win PC Defender, XP Police Antivirus, IE-Security, WinDefender 2009 and Total Secure 2009.
baseupdatecenter.com (217.112.94.230)
downloadsoftwareserver2.com (217.112.94.230)
softwaredownloadcentercom.com (217.112.94.230)
winbestsoftdownload.com (217.112.94.230)
deluxe-protector.com (91.212.65.140)
winpc-antivirus09.com (91.212.65.140)
winpcantivirus-2009.com (91.212.65.140)
winpcantivirus2010.com (91.212.65.140)
securebillingpayment.com (91.212.65.140)
deluxeprotector.com (91.212.65.141)
loyaldown11.com (91.212.65.141)
loyaldown99.com (91.212.65.141)
loyaltube10.com (91.212.65.141)
tubeloyaln.com (91.212.65.141)
tube-loyal.com (91.212.65.141)
winpcdown09.com (91.212.65.141)
winpcdown10.com (91.212.65.141)
winpcdown99.com (91.212.65.141)
downloadfixandlove.com (194.165.4.77)
macromedla.com (194.165.4.77)
tubeonporn09.net (194.165.4.77)
winpcdown9.com (194.165.4.77)
(...)
BleepingComputer Removal Guide.
baseupdatecenter.com (217.112.94.230)
downloadsoftwareserver2.com (217.112.94.230)
softwaredownloadcentercom.com (217.112.94.230)
winbestsoftdownload.com (217.112.94.230)
deluxe-protector.com (91.212.65.140)
winpc-antivirus09.com (91.212.65.140)
winpcantivirus-2009.com (91.212.65.140)
winpcantivirus2010.com (91.212.65.140)
securebillingpayment.com (91.212.65.140)
deluxeprotector.com (91.212.65.141)
loyaldown11.com (91.212.65.141)
loyaldown99.com (91.212.65.141)
loyaltube10.com (91.212.65.141)
tubeloyaln.com (91.212.65.141)
tube-loyal.com (91.212.65.141)
winpcdown09.com (91.212.65.141)
winpcdown10.com (91.212.65.141)
winpcdown99.com (91.212.65.141)
downloadfixandlove.com (194.165.4.77)
macromedla.com (194.165.4.77)
tubeonporn09.net (194.165.4.77)
winpcdown9.com (194.165.4.77)
(...)
BleepingComputer Removal Guide.
Antivirus System Pro
Antivirus System Pro Rogue is a clone of Spyware Protect 2009.
It displays fake infections to incite users into buying a license.
check-viruses.com (67.212.81.29)
antivir2009pro.com (209.44.111.57)
inetavirus.com (209.44.111.57)
inetantivirus.com (209.44.111.57)
inetantivir.com (209.44.111.57)
It displays fake infections to incite users into buying a license.
check-viruses.com (67.212.81.29)
antivir2009pro.com (209.44.111.57)
inetavirus.com (209.44.111.57)
inetantivirus.com (209.44.111.57)
inetantivir.com (209.44.111.57)
Wednesday, June 3, 2009
Digiweb corp. rogues
Digiweb corp. (aka ibisweb corp , G. Kavalakis) makes fake security softwares. They detect nonexistent problems (Spyware, Registry, IE Cache, Cookies,...) to scare users.
Some of their products have the old interface, some others have the new one.
RegistryCleanerPro new and old GUI:
AntiMalwarePro new and old GUI:
AdwarePro new and old GUI:
AntivirusPro new and old GUI:
AntiSpywarePro
AntiTrojanPro
SpywareDestroyer
SearchAndDestroy
Some of their products have the old interface, some others have the new one.
RegistryCleanerPro new and old GUI:
AntiMalwarePro new and old GUI:
AdwarePro new and old GUI:
AntivirusPro new and old GUI:
AntiSpywarePro
AntiTrojanPro
SpywareDestroyer
SearchAndDestroy
Tuesday, June 2, 2009
UnVirex Rogue
UnVirex is a new fake malware cleaner (rogue).
HijackThis symptoms:
Notice the LSP Hijack. Removing siglsp.dll file without restoring the LSP chain will break Internet connexion.
unvirex.com (195.2.253.43)
Registrant: andy (zaxarsoftware@gmail.com)
Thanks to Malware Database
HijackThis symptoms:
O2 - BHO: StatusBarPane - {CCB5551D-8594-4999-85F9-1E3EABCB95AC} - C:\Program Files\UnVirex\IEAddon.dll
O4 - HKLM\..\Run: [UnVirex] C:\Program Files\UnVirex\UnVirex.exe
O10 - Unknown file in Winsock LSP: c:\program files\unvirex\siglsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\unvirex\siglsp.dll
Notice the LSP Hijack. Removing siglsp.dll file without restoring the LSP chain will break Internet connexion.
unvirex.com (195.2.253.43)
Registrant: andy (zaxarsoftware@gmail.com)
Thanks to Malware Database
Subscribe to:
Posts (Atom)
