Home Personal Antivirus

HomePersonalAntivirus is a fake security software from the rogue family XP Deluxe Protector, Win PC Antivirus, Win PC Defender, XP Police Antivirus, IE-Security, WinDefender 2009 and Total Secure 2009.



Once registered, the scanner isn't detecting the infections it displays while it wasn't. No more fake alerts and disturbing warning messages...

Thanks to remixed
BleepingComputer Home Personal Antivirus removal guide.

Secure Fighter

SecureFighter is the new rogue of the Winisoft family (Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



The rogue creates files on the system so it can detect them as infected items.

Secure Veteran

SecureVeteran is the new rogue of the Winisoft family (SecuritySoldier, SecurityFighter, Save Armor, Save Defender, Trust Warrior, SoftSafeness, SafetyKeeper, SaveKeeper, Quick Heal Cleaner, System Cop, BlockDefense, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, Winishield, WiniFighter, WiniBlueSoft)



The rogue creates files on the system so it can detect them as infected items.

Security Soldier

SecuritySoldier is the new rogue of the Winisoft family (SecurityFighter, Save Armor, Save Defender, Trust Warrior, SoftSafeness, SafetyKeeper, SaveKeeper, Quick Heal Cleaner, System Cop, BlockDefense, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, Winishield, WiniFighter, WiniBlueSoft)



The rogue creates files on the system so it can detect them as infected items.

The componant with the hidden message is not downloading at this time (404).

Hidden message to Sunbelt in Mystic Compressor

The Security Fighter rogue trojan-downloader installs 3 malwares: the rogue, a fake windows security center, and a new component coming for the first time with Trust Warrior. In the packer called Mystic Compressor of this component there is a hidden message to Sunbelt Lab.

Mystic Compressor...Greetings to Sunbelt - only they know my name! ;)

Thanks to MAD

Security Tool

Security Tool is a new version of Total security 2009, System Security rogue. This fake anti-spyware tool displays fake alert messages, prevent execution of legit programs, detects inexistent infections to scare users.



Registering the software before the 1st scan begins, the tool detects no infections. Clicking on Updates button, the tool displays an "Updating" message, but there is no network activity.


Thanks to remixed
BleepingComputer Security Tool removal guide.

Security Fighter

SecurityFighter is the new rogue of the Winisoft family (Save Armor, Save Defender, Trust Warrior, SoftSafeness, SafetyKeeper, SaveKeeper, Quick Heal Cleaner, System Cop, BlockDefense, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, Winishield, WiniFighter, WiniBlueSoft)



The rogue creates files on the system so it can detect them as infected items.

A new componant came with TrustWarrior, it's going on with SecurityFighter. A RootKit patches files in memory: dump_atapi.sys and dump_WMILIB.SYS.

BleepingComputer Security Fighter removal guide.

Alpha Antivirus

Alpha Antivirus is a fake Antivirus Software (rogue). This scareware is installed from fake online scanners. It also drops a password stealer.

SaveArmor

Save Armor is the new rogue of the Winisoft family (Save Defender, Trust Warrior, SoftSafeness, SafetyKeeper, SaveKeeper, Quick Heal Cleaner, System Cop, BlockDefense, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, Winishield, WiniFighter, WiniBlueSoft)



The rogue creates files on the system so it can detects infected items.

A new componant came with TrustWarrior, it's going on with SaveArmor. Downloaded by the Trojan-Downloader, a RootKit is dropped with a Fake Alert Trojan and the Rogue (it patches files in memory: dump_atapi.sys and dump_WMILIB.SYS).

BleepingComputer Save Armor removal guide.

SaveDefender

Save Defender is the new rogue of the Winisoft family (Trust Warrior, SoftSafeness, SafetyKeeper, SaveKeeper, Quick Heal Cleaner, System Cop, BlockDefense, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, Winishield, WiniFighter, WiniBlueSoft)



The rogue creates files on the system so it can detects infected items.

A new componant came with TrustWarrior, it's going on with SaveDefender: the trojan-downloader downloads a RootKit (it patches files in memory: dump_atapi.sys and dump_WMILIB.SYS).

BleepingComputer Save Defender removal guide.

TrustWarrior

Trust Warrior is the new rogue of the Winisoft family (SoftSafeness, SafetyKeeper, SaveKeeper, Quick Heal Cleaner, System Cop, BlockDefense, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, Winishield, WiniFighter, WiniBlueSoft)



The rogue creates files on the system so it can detects infected items.

The Trojan-Downloader used to download 2 files: the rogue installer and a trojan fake alert. This new version also comes with a RootKit (it uses the same tricks as Alureon/TDSS: patch files in memory: dump_atapi.sys and dump_WMILIB.SYS).

BleepingComputer Trust Warrior removal guide.

Windows PC Defender

Windows PC Defender is a new rogue from the same family as OmegaAntivir (new interface), Windows Additional Guard, Windows Guard Pro, Ultimate System Guard, Smart Virus Eliminator, Windows Protection Suite, Windows System Suite, Windows Security Suite, Malware Destructor 2009, FastAntivirus, MalwareCatcher, VirusShield, Extra Antivirus, Virus Sweeper, Ultra Antivir 2009, Virusdoctor, VirusMelt, VirusAlarm.



It comes from fake online scanners. Detects inexistent infections to scare user, pushing them into buying a license.

Thanks to Jaxryley
BleepingComputer Windows PC Defender removal guide.

Soft Safeness

SoftSafeness is the new rogue of the Winisoft family (SafetyKeeper, SaveKeeper, Quick Heal Cleaner, System Cop, BlockDefense, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, Winishield, WiniFighter, WiniBlueSoft)



The rogue creates (junk) files on the system. So it can detects infected items and scares users.

BleepingComputer Soft Safeness removal guide.

Omega Antivir

OmegaAntivir is a new rogue. It is a new version (new Interface) of a long list of clones: Windows Additional Guard, Windows Guard Pro, Ultimate System Guard, Smart Virus Eliminator, Windows Protection Suite, Windows System Suite, Windows Security Suite, Malware Destructor 2009, FastAntivirus, MalwareCatcher, VirusShield, Extra Antivirus, Virus Sweeper, Ultra Antivir 2009, Virusdoctor, VirusMelt, VirusAlarm.



Thanks to Sparsha
BleepingComputer Omega Antivir removal guide.

Safety Keeper

SafetyKeeper is the new rogue of the Winisoft family (SaveKeeper, Quick Heal Cleaner, System Cop, BlockDefense, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, Winishield, WiniFighter, WiniBlueSoft)



The rogue creates files on the system to justify the infectem items detected, scare users and push them into buying the fake tool.

BleepingComputer Safety Keeper removal guide.

Personal Guard 2009

Personal Guard 2009 is a fake Antivirus Software (rogue). The database is null, 0Kb. Updating the software, we get an unpacked version of the PE, but still no database for malware detection.



BleepingComputer Personal Guard 2009 removal guide.

Windows Additional Guard, Windows Guard Pro, Ultimate System Guard

Windows Additional Guard, Windows Guard Pro, Ultimate System Guard are the new rogues from the same family as Smart Virus Eliminator, Windows Protection Suite, Windows System Suite, Windows Security Suite, Malware Destructor 2009, FastAntivirus, MalwareCatcher, VirusShield, Extra Antivirus, Virus Sweeper, Ultra Antivir 2009, Virusdoctor, VirusMelt, VirusAlarm.

Windows Additional Guard, Windows Guard Pro, Ultimate System Guard display fake alerts to scare users.







Thanks to Sparsha

Save Keeper

SaveKeeper is the new rogue of the Winisoft family (Quick Heal Cleaner, System Cop, BlockDefense, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, Winishield, WiniFighter, WiniBlueSoft)

Antivirus Pro 2010

Antivirus Pro 2010 is the new Braviax family rogue (PC Antispyware 2010, Home Antivirus 2010, PC Security 2009, Home Antivirus 2009).

The rogue creates fake files on the system and detects it as malware to scare users.



Thanks to Malekal and Sparsha

Contraviro

Contraviro is a new fake malware cleaner (rogue). The GUI and name has changed, but it is the same code as Unvirex rogue.



The engine is from Clam AntiVirus (ClamAV), an open source (GPL) and free anti-virus toolkit.

HijackThis symptoms:

O2 - BHO: StatusBarPane - {CCB5551D-8594-4999-85F9-1E3EABCB95AC} - C:\Program Files\Contraviro\IEAddon.dll
O4 - HKLM\..\Run: [Contraviro] C:\Program Files\Contraviro\Contraviro.exe
O10 - Unknown file in Winsock LSP: c:\program files\contraviro\siglsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\contraviro\siglsp.dll

Notice the LSP Hijack. Removing siglsp.dll file without restoring the LSP chain will break Internet connexion.

QuickHealCleaner

Quick Heal Cleaner is the new clone of the Winisoft family (System Cop, BlockDefense, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, Winishield, WiniFighter, WiniBlueSoft)

Proof Defender 2009

Proof Defender is a Fake anti-malware software, a clone of Perfect Defender.

defender2009.com (76.76.101.85)
defender-2009.com (76.76.101.85)
pdefender2009.com (76.76.101.85)
proofdefender.com (76.76.101.85)
pdefzone.com (76.76.101.85)
perfectd-review.com (76.76.101.85)

Protection System rogue

Protection System is a fake anti-malware software, clone of CoreGuard Antivirus 2009.



Sunbelt blog reports (thanks to Patrick Jordan) Protection System detects Malwarebytes MBAM installation. The rogue runs MalwareBytes uninstaller to remove the protection.



CoreGuard Antivirus 2009 was also uninstalling MBAM:


The rogues removes the legit AntiMalware to confuse users and protect itself from being detected.

Protection System steal MBAM database version 2551. Of course, if the database is used by the rogue, the engine is not the same and can only use a small part of it to its advantage.

SystemCop rogue

System Cop is the new clone of the Winisoft family (BlockDefense, SaveDefense, Trust Ninja, SaveSoldier, SaveKeep, Winishield, WiniFighter, WiniBlueSoft)



Thanks to remixed

Windows Police Pro Rogue

Windows Police Pro is a Fake Security Software (Rogue). It is a clone of Windows Antivirus Pro It displays fake alerts and prevent execution of binaries to scare users.