Thursday, September 3, 2009

Protection System rogue

Protection System is a fake anti-malware software, clone of CoreGuard Antivirus 2009.

Sunbelt blog reports (thanks to Patrick Jordan) Protection System detects Malwarebytes MBAM installation. The rogue runs MalwareBytes uninstaller to remove the protection.

CoreGuard Antivirus 2009 was also uninstalling MBAM:

The rogues removes the legit AntiMalware to confuse users and protect itself from being detected.

Protection System steal MBAM database version 2551. Of course, if the database is used by the rogue, the engine is not the same and can only use a small part of it to its advantage.