Friday, January 29, 2010

MyPcSecure

MyPcSecure (My Pc Secure) is a fake security software (rogue) from the Winisoft family (PcSecureNet, PcsSecure, APcSafe, APcSecure, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcsProtector, GreatDefender, APCprotect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SiteVillain, LinkSafeness, SecureKeeper, AntiAID, System Warrior, System Veteran, System Fighter, Block Protector, Block Keeper, Block Scanner, Block Watcher, SoftBarrier, Shield Safeness, Soft Stronghold, Soft Veteran, SoftCop, Soft Soldier, Trust Fighter, Trust Soldier, Safe Fighter, Trust Cop, Secure Warrior, Secure Fighter, Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



MyPcSecure comes from fake online antivirus scanners or fake video codecs, creates random files on the system and detects them as infected. It also display a lot of disturbing warning messages to scare users.

If your PC is infected with some of the WiniSoft family rogue, use MBAM to remove the infection.

Thursday, January 28, 2010

Antivir 2010

Antivir 2010 is a new fake security application.

Antivir 2010 takes its name from the real Antivir Antivirus by Avira. Antivir 2010 detects fake infections on a clean system to scare users. It also installs a BHO to display error messages in Internet Explorer.



If your PC is infected with Antivir 2010 use MBAM to remove the infection.

Wednesday, January 27, 2010

Win 7 Antispyware 2010

Win 7 Antispyware 2010 is the new Braviax family rogue (Antivirus Pro 2010, PC Antispyware 2010, Home Antivirus 2010, PC Security 2009, Home Antivirus 2009).

Win 7 Antispyware 2010 detects fake infections on a clean system to scare users. It is also changing it's name (self renaming):

Win 7 Antispyware 2010


Win 7 Internet Security 2010


On Windows XP, the rogue has a different GUI.

Antivirus XP 2010


XP Guardian


XP Internet Security


On Windows Vista, it has a Vista based name.
Vista Antivirus Pro 2010


Vista Internet Security 2010


The rogue register itself to be run with .exe binaries. It looks at the processes in memory and stops legit security tools.

If your PC is infected with some of the Braviax family rogue, use MBAM to remove the infection.

PcSecureNet

PcSecureNet is a fake security software (rogue) from the Winisoft family (PcsSecure, APcSafe, APcSecure, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcsProtector, GreatDefender, APCprotect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SiteVillain, LinkSafeness, SecureKeeper, AntiAID, System Warrior, System Veteran, System Fighter, Block Protector, Block Keeper, Block Scanner, Block Watcher, SoftBarrier, Shield Safeness, Soft Stronghold, Soft Veteran, SoftCop, Soft Soldier, Trust Fighter, Trust Soldier, Safe Fighter, Trust Cop, Secure Warrior, Secure Fighter, Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



PcSecureNet comes from fake online antivirus scanners or fake video codecs, creates random files on the system and detects them as infected. It also display a lot of disturbing warning messages to scare users.

If your PC is infected with some of the WiniSoft family rogue, use MBAM to remove the infection.

Live Entreprise Suite

Live Entreprise Suite is a fake security application. Replaces Internet Antivirus Pro.

Live Entreprise Suite detects fake infections on a clean system to scare users. Installed from fake online security scanners, it comes with TDSS RK.



If your PC is infected with Live Entreprise Suite, follow the BleepingComputer removal guide.

Spy Doc Pro

SpyDocPro is a fake security software. It is edited by the same editor who release PC Doc Pro.



pcdocpro.com (72.52.146.60)
spydocpro.com (72.52.146.60)
spyresearchcenter.com (72.52.146.60)

Registry Elite

Registry Elite is a fake registry cleaner. It detects Fake registry problems, file association errors and other symptoms on a brand new system (383 errors on this capture test (Windowns XP SP3 installed few minutes ago).



registryelite.com (67.227.208.84)
tweaklogic.com (67.227.208.84)

Registry Elite is a clone of PC Doc Pro

PC Doc Pro

PC Doc Pro is a fake registry cleaner. It detects Fake registry problems, file association errors and other symptoms on a brand new system (192 errors on this capture test (Windowns XP SP3 installed few minutes ago).



pcdocpro.com (72.52.146.60)
spydocpro.com (72.52.146.60)
spyresearchcenter.com (72.52.146.60)

PC Doc Pro is a clone of Registry Elite

Monday, January 25, 2010

PcsSecure

PcsSecure is a fake security software (rogue) from the Winisoft family (APcSafe, APcSecure, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcsProtector, GreatDefender, APCprotect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SiteVillain, LinkSafeness, SecureKeeper, AntiAID, System Warrior, System Veteran, System Fighter, Block Protector, Block Keeper, Block Scanner, Block Watcher, SoftBarrier, Shield Safeness, Soft Stronghold, Soft Veteran, SoftCop, Soft Soldier, Trust Fighter, Trust Soldier, Safe Fighter, Trust Cop, Secure Warrior, Secure Fighter, Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



PcsSecure comes from fake online antivirus scanners or fake video codecs, creates random files on the system and detects them as infected. It also display a lot of disturbing warning messages to scare users.

If your PC is infected with some of the WiniSoft family rogue, use MBAM to remove the infection.

SpyEraser

SpyEraser is a fake security software. It detects non existent infections to scare users pushing them to buy a license.



spyeraser-security.com (193.104.110.81)
spyeraser.ir (193.104.110.81)
spyeraser-software.ru (193.104.110.81)
spyeraser-trial.com (193.104.110.81)
spyeraserstore.com (193.104.110.81)
vipimagine.cn (193.104.110.81)

Saturday, January 23, 2010

APcSafe

APcSafe (A Pc Safe) is a fake security software (rogue) from the Winisoft family (APcSecure, DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcsProtector, GreatDefender, APCprotect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SiteVillain, LinkSafeness, SecureKeeper, AntiAID, System Warrior, System Veteran, System Fighter, Block Protector, Block Keeper, Block Scanner, Block Watcher, SoftBarrier, Shield Safeness, Soft Stronghold, Soft Veteran, SoftCop, Soft Soldier, Trust Fighter, Trust Soldier, Safe Fighter, Trust Cop, Secure Warrior, Secure Fighter, Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



APcSafe comes from fake online antivirus scanners or fake video codecs, creates random files on the system and detects them as infected. It also display a lot of disturbing warning messages to scare users.

If your PC is infected with some of the WiniSoft family rogue, use MBAM to remove the infection.

Friday, January 22, 2010

Desktop Security 2010

Desktop Security 2010 is a fake security software (rogue). It is from the same family as: Total PC Defender 2010, Desktop Defender 2010, Contraviro, UnVirex.



Desktop Security 2010 displays a lot of disturbing warning messages pushing users to purchase a license.

If your PC is infected with Desktop Security 2010 rogue, use MBAM to remove the infection.

Total PC Defender 2010

Total PC Defender 2010 is a fake security software (rogue). It replaces Desktop Defender 2010. (Contraviro and UnVirex family).



Total PC Defender 2010 displays a lot of disturbing warning messages to scare users inviting them to purchase a license.

If your PC is infected with Total PC Defender 2010 rogue, use MBAM to remove the infection.

APcSecure

APcSecure (A Pc Secure) is a fake serurity software (rogue) from the Winisoft family (DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcsProtector, GreatDefender, APCprotect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SiteVillain, LinkSafeness, SecureKeeper, AntiAID, System Warrior, System Veteran, System Fighter, Block Protector, Block Keeper, Block Scanner, Block Watcher, SoftBarrier, Shield Safeness, Soft Stronghold, Soft Veteran, SoftCop, Soft Soldier, Trust Fighter, Trust Soldier, Safe Fighter, Trust Cop, Secure Warrior, Secure Fighter, Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



APcSecure comes from fake online antivirus scanners or fake video codecs, creates random files on the system and detects them as infected. It also display a lot of disturbing warning messages to scare users.

If your PC is infected with some of the WiniSoft family rogue, use MBAM to remove the infection.

Thursday, January 21, 2010

Protect Soldier

Protect Soldier is a fake security software (rogue) from the Winisoft family (Protect Defender, Armor Defender, DefendAPc, REAnti, ...)



Protect Soldier comes from fake online antivirus scanners or fake video codecs, creates random files on the system and detects them as infected. It also display a lot of disturbing warning messages to scare users.

If your PC is infected with Protect Defender, use MBAM to remove the infection.

LSP Hijack

Internet Security 2010 is a recent rogue that prevent softwares and media players execution.

The trojan-downloader installing the rogue is also registering a LSP Hijack that blocks some sites, displaying an error message in the brower:



Restricted Site!
This web site is restricted based on your security preferences.
Your system is infected. Please activate your antivirus software.

Hijackthis symptoms:
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll


Sites blocked by this Malware are:

facebook.com
youtube.com
myspace.com
live.com
craigslist.org
wikipedia.org
ebay.com
blogger.com
amazon.com
twitter.com
go.com
bing.com
flickr.com
wordpress.com
photobucket.com
weather.com
nytimes.com
linkedin.com
pornhub.com
mapquest.com
foxnews.com
hulu.com
livejasmin.com
youporn.com
digg.com
adultfriendfinder.com
mywebsearch.com
rapidshare.com
redtube.com
ask.com
tube8.com
imageshack.us
livejournal.com
thepiratebay.org
xvideos.com
godaddy.com
mozilla.com
washingtonpost.com
monster.com
bbc.co.uk
bebo.com
guardian.co.uk

Do not delete the LSP File without unregistering it, you will break the Internet connection !

If your PC is infected with Internet Security 2010, use MBAM to remove the infection.

Wednesday, January 20, 2010

Protect Defender

Protect Defender is a fake security software (rogue) from the Winisoft family (Armor Defender, DefendAPc, REAnti, ...)



Protect Defender comes from fake online antivirus scanners or fake video codecs, creates random files on the system and detects them as infected. It also display a lot of disturbing warning messages to scare users.

If your PC is infected with Protect Defender, use MBAM to remove the infection.

Tuesday, January 19, 2010

Armor Defender

Armor Defender is a fake security software (rogue) from the Winisoft family (DefendAPc, SysDefenders, InSysSecure, SysProtector, APcDefender, PcsProtector, GreatDefender, APCprotect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SiteVillain, LinkSafeness, SecureKeeper, AntiAID, System Warrior, System Veteran, System Fighter, Block Protector, Block Keeper, Block Scanner, Block Watcher, SoftBarrier, Shield Safeness, Soft Stronghold, Soft Veteran, SoftCop, Soft Soldier, Trust Fighter, Trust Soldier, Safe Fighter, Trust Cop, Secure Warrior, Secure Fighter, Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



It use the same GUI used once in the TRE Antivirus rogue:



Armor Defender comes from fake online antivirus scanners or fake video codecs, creates random files on the system and detects them as infected. It also display a lot of disturbing warning messages to scare users.

If your PC is infected with some of the WiniSoft family rogue, use MBAM to remove the infection.

Thanks to remixed.

Monday, January 18, 2010

Control Center

Control Center aka Ctrl Center is a fake security application. This rogue displays fake warning messages pushing users to buy a license. It replaces Privacy Center.



Once registered, Control Center proposes to download (or update) a list of softwares. There is various categories: Antivirus, Firewall, P2P, Compression, System utilities (...)



By selecting some of them, no one has ever start downloading. There is also some bugs: some categories display non related tools.

If your PC is infected with Control Center use MBAM to remove the infection.

Sunday, January 17, 2010

Personal Security

Personal Security is a fake security application. This rogue detects fake infections, trying to push users to buy a license for disinfection.



Like Alpha Antivirus, Personal Security uses an Anti Virtual Machine protection (same code) to prevent execution on a Virtual System (video).

If your PC is infected with Personal Security use MBAM to remove the infection.

Ghost Antivirus

Ghost Antivirus is a fake security application. It detects fake infections on a clean system to scare users.



If your PC is infected with Ghost Antivirus, follow the BleepingComputer removal guide.