Crescent City Networking » Virus/Malware

Crescent City Networking » Virus/Malware http://ccnetworking.com/wordpress Thu, 09 Sep 2010 16:45:00 +0000 en hourly 1 SafetyGuard http://rogueantispyware.blogspot.com/2010/09/safetyguard.html http://rogueantispyware.blogspot.com/2010/09/safetyguard.html#comments Thu, 09 Sep 2010 12:36:00 +0000 Tom Kelchner tag:blogger.com,1999:blog-1641410171038712287.post-9192371123158339148
SafetyGuard online scanner scam

It has nothing to do with dating or searching.

(Click graphic to enlarge)

SafetyGuard graphic interface

(Click graphic to enlarge)

SafetyGuard installer

(Click graphic to enlarge)

SafetyGuard splash screen

(Click graphic to enlarge)

How to remove SafetyGuard:

If SafetyGuard has infected your pc, you should remove it immediately. Click here to use VIRPE to remove SafetyGuard from your computer now.]]> http://rogueantispyware.blogspot.com/2010/09/safetyguard.html/feed 0 Malware Destructor 2011 http://rogueantispyware.blogspot.com/2010/09/malware-destructor-2011.html http://rogueantispyware.blogspot.com/2010/09/malware-destructor-2011.html#comments Wed, 08 Sep 2010 13:27:00 +0000 Tom Kelchner tag:blogger.com,1999:blog-1641410171038712287.post-1962850101266862528

(Click on graphic to enlarge)

It pretends to find malicious code on a victim’s machine in order to frighten him or her into purchasing useless software.

(Click on graphic to enlarge)

(Click on graphic to enlarge)

Malware Destructor 2011 is a clone of AVDefender2011.FakeSpyPro that was distributed late in August 2010.

How to remove Malware Destructor 2011:

If Malware Destructor 2011 has infected your pc, you should remove it immediately. Click here to use VIRPE to remove Malware Destructor 2011 from your computer now.

VIPRE already detected the downloader (VirTool.Win32.Obfuscator.da!a (v)) and module it downloaded.

After VIPRE cleans Malware Destructor 2011, a randomly named folder: %APPDATA%\ 72C9D8190B531E44EFA48DBEF901A78F remains. It contains two files which are not executable. One is called enemies-names.txt and contains the fake scan results which the rogue displays. The second file is local.ini which contains the messages that Malware Destructor 2011 displays.]]> http://rogueantispyware.blogspot.com/2010/09/malware-destructor-2011.html/feed 0 AV Defender 2011 http://rogueantispyware.blogspot.com/2010/08/av-defender-2011.html http://rogueantispyware.blogspot.com/2010/08/av-defender-2011.html#comments Tue, 31 Aug 2010 16:37:00 +0000 Tom Kelchner tag:blogger.com,1999:blog-1641410171038712287.post-928702891136832779

(Click on graphic to enlarge)

It fakes a “scan” of the potential victim’s machine in order to frighten him or her into making an unwise purchase:

(Click on graphic to enlarge)

The “payment” screen, of course, looks very professional. However the rogue vendors have used graphics of “Antivirus Soft” – evidence that they probably are the same distributors of that rogue as well. Here’s our description of Antivirus Soft from last February.

(Click on graphic to enlarge)

The downloader we found was detected as BehavesLike.Win32.Malware (v) and its executable module was detected as Trojan.Win32.FakeAlert.

This rogue is somewhat similar to those in of the FakeSpyPro family, although the downloader actually creates the module.

AV Defender 2011 creates the following registry key:
HKEY_CURRENT_USERSOFTWARE\AVDEFENDER 2011

It also creates the following files on a victim’s machine:
%APPDATA%\AVDEFENDER2011
%STARTMENU%\AVDEFENDER2011

VIPRE detects it as AVDefender2011.FakeSpyPro

How to remove AV Defender 2011:

If AV Defender 2011 has infected your pc, you should remove it immediately. Click here to use VIRPE to remove AV Defender 2011 from your computer now.]]> http://rogueantispyware.blogspot.com/2010/08/av-defender-2011.html/feed 0 Advanced Security Tool 2010 http://rogueantispyware.blogspot.com/2010/08/advanced-security-tool-2010.html http://rogueantispyware.blogspot.com/2010/08/advanced-security-tool-2010.html#comments Fri, 27 Aug 2010 18:00:00 +0000 Tom Kelchner tag:blogger.com,1999:blog-1641410171038712287.post-8413385969619620666

(Click on graphic to enlarge)

VIPRE detects it as AdvancedSecurityTool2010.

To remove Advanced Security Tool 2010:

If Advanced Security Tool 2010 has infected your pc, you should remove it immediately. Click here to use VIRPE to remove Advanced Security Tool 2010 from your computer now.]]> http://rogueantispyware.blogspot.com/2010/08/advanced-security-tool-2010.html/feed 0 AntiSpy Safeguard http://rogueantispyware.blogspot.com/2010/08/antispy-safeguard.html http://rogueantispyware.blogspot.com/2010/08/antispy-safeguard.html#comments Fri, 27 Aug 2010 12:41:00 +0000 Tom Kelchner tag:blogger.com,1999:blog-1641410171038712287.post-4750426039277136170

(click to enlarge graphic)

It requires you to pay for the fake software before it “cleans” your machine of the fictitious infections.

(click to enlarge graphic)

One way (there may be others) that AntiSpy Safeguard is delivered is through a phony “Microsoft Security Essentials Alert” which is displayed by a Trojan.

Basically, it mimics the idea of VirusTotal, (http://www.virustotal.com/ ) a site which enables you to see how 40 legitimate security companies identify a sample of malicious code that you submit.

The downloader copies itself into multiple folders under different names. After five to 15 minutes it generates a fake alert pop-up window:

(click to enlarge graphic)

If you click ANY of the four buttons on the scary “Potential threat details” screen, it takes you to a web site that shows you how different anti-malware products allegedly identify the malware that is (not really) on your computer. It includes a long list of legitimate ones, which, oddly enough find no infection on your machine.

However, the display shows that some of them -- all of which are rogues -- have identified malicious files. They have a “free install” button listed next to their names. Clicking on the buttons installs the rogues. (AntiSpy Safeguard is lower on list and not shown).

(click to enlarge graphic)

To Remove AntiSpy Safeguard:

If AntiSpy Safeguard has infected your PC, you should remove it immediately. Click here to use VIRPE to remove AntiSpy Safeguard from your computer now.]]> http://rogueantispyware.blogspot.com/2010/08/antispy-safeguard.html/feed 0 AntiSpy Safeguard http://rogueantispyware.blogspot.com/2010/08/antispy-safeguard.html http://rogueantispyware.blogspot.com/2010/08/antispy-safeguard.html#comments Fri, 27 Aug 2010 12:41:00 +0000 Tom Kelchner tag:blogger.com,1999:blog-1641410171038712287.post-4750426039277136170

(click to enlarge graphic)

It requires you to pay for the fake software before it “cleans” your machine of the fictitious infections.

(click to enlarge graphic)

To Remove AntiSpy Safeguard:

If AntiSpy Safeguard has infected your PC, you should remove it immediately. Click here to use VIRPE to remove AntiSpy Safeguard from your computer now.]]> http://rogueantispyware.blogspot.com/2010/08/antispy-safeguard.html/feed 0 Major Defense Kit http://rogueantispyware.blogspot.com/2010/08/major-defense-kit.html http://rogueantispyware.blogspot.com/2010/08/major-defense-kit.html#comments Thu, 26 Aug 2010 20:46:00 +0000 Tom Kelchner tag:blogger.com,1999:blog-1641410171038712287.post-7496216591021882205

(click to enlarge graphic)

It requires you to pay for the fake software before it “cleans” your machine of the fictitious infections.

(click to enlarge graphic)

One way (there may be others) that Major Defense Kit is delivered is through a phony “Microsoft Security Essentials Alert” which is displayed by a Trojan.

Basically, it mimics the idea of VirusTotal, (http://www.virustotal.com/ ) a site which enables you to see how 40 legitimate security companies identify a sample of malicious code that you submit.

The downloader copies itself into multiple folders under different names. After five to 15 minutes it generates a fake alert pop-up window:

(click to enlarge graphic)

To Remove Major Defense Kit:

If Major Defense Kit has infected your PC, you should remove it immediately. Click here to use VIRPE to remove Major Defense Kit from your computer now.]]> http://rogueantispyware.blogspot.com/2010/08/major-defense-kit.html/feed 0 Pest Detector 4.1 http://rogueantispyware.blogspot.com/2010/08/pest-detector-41.html http://rogueantispyware.blogspot.com/2010/08/pest-detector-41.html#comments Thu, 26 Aug 2010 20:30:00 +0000 Tom Kelchner tag:blogger.com,1999:blog-1641410171038712287.post-4732210559231010488

(click to enlarge graphic)

It requires you to pay for the fake software before it “cleans” your machine of the fictitious infections.

(click to enlarge graphic)

One way (there may be others) that Pest Detector 4.1 is delivered is through a phony “Microsoft Security Essentials Alert” which is displayed by a Trojan.

Basically, it mimics the idea of VirusTotal, (http://www.virustotal.com/ ) a site which enables you to see how 40 legitimate security companies identify a sample of malicious code that you submit.

The downloader copies itself into multiple folders under different names. After five to 15 minutes it generates a fake alert pop-up window:

(click to enlarge graphic)

To Remove Pest Detector 4.1:

If Pest Detector 4.1 has infected your PC, you should remove it immediately. Click here to use VIRPE to remove Pest Detector 4.1 from your computer now.]]> http://rogueantispyware.blogspot.com/2010/08/pest-detector-41.html/feed 0 Peak Protection 2010 http://rogueantispyware.blogspot.com/2010/08/peak-protection-2010.html http://rogueantispyware.blogspot.com/2010/08/peak-protection-2010.html#comments Thu, 26 Aug 2010 20:10:00 +0000 Tom Kelchner tag:blogger.com,1999:blog-1641410171038712287.post-5853128080792130529

(click to enlarge graphic)

One way (there may be others) that Peak Protection 2010 is delivered is through a phony “Microsoft Security Essentials Alert” which is displayed by a Trojan.

Basically, it mimics the idea of VirusTotal, (http://www.virustotal.com/ ) a site which enables you to see how 40 legitimate security companies identify a sample of malicious code that you submit.

The downloader copies itself into multiple folders under different names. After five to 15 minutes it generates a fake alert pop-up window:

(click to enlarge graphic)

To Remove Peak Protection:

If Peak Protection 2010 has infected your PC, you should remove it immediately. Click here to use VIRPE to remove Peak Protection 2010 from your computer now.]]> http://rogueantispyware.blogspot.com/2010/08/peak-protection-2010.html/feed 0 Red Cross Antivirus http://rogueantispyware.blogspot.com/2010/08/red-cross-antivirus.html http://rogueantispyware.blogspot.com/2010/08/red-cross-antivirus.html#comments Thu, 26 Aug 2010 19:32:00 +0000 Tom Kelchner tag:blogger.com,1999:blog-1641410171038712287.post-6972283931700729842

(click to enlarge graphic)

One way (there may be others) that Red Cross Antivirus is delivered is through a phony “Microsoft Security Essentials Alert” which is displayed by a Trojan.

Basically, it mimics the idea of VirusTotal, (http://www.virustotal.com/ ) a site which enables you to see how 40 legitimate security companies identify a sample of malicious code that you submit.

The downloader copies itself into multiple folders under different names. After five to 15 minutes it generates a fake alert pop-up window:

(click to enlarge graphic)

To Remove Red Cross Antivirus:

If Red Cross Antivirus has infected your PC, you should remove it immediately. Click here to use VIRPE to removeRed Cross Antivirus from your computer now.]]> http://rogueantispyware.blogspot.com/2010/08/red-cross-antivirus.html/feed 0