New fake security alert web page

Another fake Security Site, it will scare you into downloading it. Also, it will install a Rogue Anti-Spyware application called Malware Destructor.




IP address is

85.255.120.99
http://www.malwaredestructor(dot)com/

Result: 15/32 (46.88%)


Antivirus Version Last Update Result
AhnLab-V3 2007.11.24.0 2007.11.23 Win-Trojan/Agent.23072.B
AntiVir 7.6.0.34 2007.11.23 -
Authentium 4.93.8 2007.11.24 -
Avast 4.7.1074.0 2007.11.23 -
AVG 7.5.0.503 2007.11.24 Downloader.Agent.TIV
BitDefender 7.2 2007.11.25 Trojan.Downloader.JJCE
CAT-QuickHeal 9.00 2007.11.24 TrojanDownloader.Agent.eyv
ClamAV 0.91.2 2007.11.25 Trojan.Downloader-15450
DrWeb 4.44.0.09170 2007.11.24 -
eSafe 7.0.15.0 2007.11.21 -
eTrust-Vet 31.3.5324 2007.11.24 -
Ewido 4.0 2007.11.24 Downloader.Agent.eyv
FileAdvisor 1 2007.11.25 -
Fortinet 3.14.0.0 2007.11.25 Misc/Renos
F-Prot 4.4.2.54 2007.11.23 -
F-Secure 6.70.13030.0 2007.11.24 Trojan-Downloader.Win32.Agent.eyv
Ikarus T3.1.1.12 2007.11.25 Trojan-Downloader.Win32.Agent.eyv
Kaspersky 7.0.0.125 2007.11.21 Trojan-Downloader.Win32.Agent.eyv
McAfee 5170 2007.11.23 -
Microsoft 1.3007 2007.11.25 -
NOD32v2 2684 2007.11.25 -
Norman 5.80.02 2007.11.23 -
Panda 9.0.0.4 2007.11.25 -
Prevx1 V2 2007.11.25 Heuristic: Suspicious Self Modifying File
Rising 20.19.60.00 2007.11.25 Trojan.DL.Win32.Agent.dps
Sophos 4.23.0 2007.11.25 -
Sunbelt 2.2.907.0 2007.11.24 -
Symantec 10 2007.11.25 ExpertAntiVirus
TheHacker 6.2.9.141 2007.11.24 -
VBA32 3.12.2.5 2007.11.23 Trojan-Downloader.Win32.Agent.dps
VirusBuster 4.3.26:9 2007.11.24 Trojan.DL.Agent.WVG
Webwasher-Gateway 6.0.1 2007.11.25 -


If you happen to get infected, please download this free tool. It will remove the rogue program and all its components.

RogueRemover FREE 1.22

New rogue Anti-Spyware program

Please stay away from this program, its a scam. Uninstalling this program is not easy, you have to kill the following process AdwareRemover.exe .


Here is a VirusTotal results of the install file

File Install1216.exe received on 10.30.2007 02:34:50 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 12/32 (37.5%)

Antivirus Version Last Update Result
AhnLab-V3 2007.10.30.0 2007.10.29 -
AntiVir 7.6.0.30 2007.10.29 TR/Renos.29776
Authentium 4.93.8 2007.10.29 -
Avast 4.7.1074.0 2007.10.29 -
AVG 7.5.0.503 2007.10.29 Potentially harmful program Downloader.IY
BitDefender 7.2 2007.10.30 -
CAT-QuickHeal 9.00 2007.10.29 -
ClamAV 0.91.2 2007.10.30 -
DrWeb 4.44.0.09170 2007.10.30 Trojan.Fakealert
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5252 2007.10.30 -
Ewido 4.0 2007.10.29 -
FileAdvisor 1 2007.10.30 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.29 -
F-Secure 6.70.13030.0 2007.10.30 not-virus:Hoax.Win32.Renos.mw
Ikarus T3.1.1.12 2007.10.30 not-a-virus:Hoax.Win32.Renos.mw
Kaspersky 7.0.0.125 2007.10.30 not-virus:Hoax.Win32.Renos.mw
McAfee 5151 2007.10.29 BraveSentry
Microsoft 1.2908 2007.10.30 TrojanDownloader:Win32/Renos.CF
NOD32v2 2625 2007.10.30 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.10.29 -
Panda 9.0.0.4 2007.10.30 Suspicious file
Prevx1 V2 2007.10.30 Generic.Dropper.xCodec
Rising 19.47.02.00 2007.10.29 -
Sophos 4.23.0 2007.10.30 -
Sunbelt 2.2.907.0 2007.10.29 -
Symantec 10 2007.10.30 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.29 -
Webwasher-Gateway 6.6.1 2007.10.29 Trojan.Renos.29776

Here are more screenshots of this rogue app.

Another fake codec site

Please don't visit this site

hxxp://codec-scan.com/




Anti-Virus detection is minimal at best.

new codec malware

Please stay away from site!!!!!!

hxxp://codec-fun.com/








Currently, virus detection is not good. My best recommendation is never download a video file that asks you to install a video codec. Its normally malware. Safe surfing.

Some more rogue Security programs!!!!

These programs use tricks to get you to download and pay for there software. Here is an example:



Typically, you can get infected by going to malicious porn sites. They make you download a video codec to watch the video. When you download the codec, you get infected.

Here are some of the latest rogue app's.

Careful browsing

New Rogue Security Program

Anti-SpyGolden v4.9 is a new rogue program. Please stay away!!!!!






I believe Sunbelt CounterSpy can detect and remove Anti-SpyGolden.

This summary is not available. Please click here to view the post.

Update on Privacy Protector

There are now tools available to remove Privacy Protector trojan installs. The following sites have experts that can work you through the disinfection.

Castlecops

BleepingComputer

TechSupport Guy

MalwareRemoval

PC Drive Tool

Here is another rogue Anti-Spyware app and its linked to http://www.pcprivacytool.com/. When you click on Buy Now, you are directed there.



What a rip off. Here are some more screenshots. The installer is installer_en.exe and is not detected well at all. However, i am not getting the program via a trojan. So, the install file could be different.

Privacy Protector

Here is a new Rogue Anti-Spyware program, please stay away!!!!


You will be directed to a site to remove porn form websites. It obliviously a scam. The program costs 39.95 to remove malware. However the stuff it detects is bogus!!!





When you click on Detect and Erase Porn Now you will prompted to download installprivacyprotectorfree.exe. This will install the rogue app. Here are some more screenshots of the install. Anti-Virus detect is limited at best.

As of right know nothing will remove it. When there is a removal, i will post it.

Mozilla Firefox Extension "NoScript"

NoScript is another tool to keep malicious hackers from getting into your computer. You say how can this be?? Well, NoScript blocks all Javascript on websites. You have the option to Allow sites you deem secure, my recommendation is to bank sites only. However, some good sites may need Javascript enabled. Most of the time, you will get a little message "You have Javascript disabled." You can then allow it. Moreover, NoScript will disable all flash ads on untrusted sites. I know these ads can be annoying, so its nice to have that option. Furthermore, NoScript will block any Cross-Site scripting. What is Cross-Site Scripting?? Cross-site Scripting is a type of computer security vulnerability in web application that allow code injections by a malicious attacker. These attacks have been linked to powerful phishing attacks and browser exploits. Finally, NoScript can protect you from malicious Javascript vulnerabilities. There are many kinds of malware installed via malicious sites that inject the code via a Javascript vulnerability.

I don't want to bash Microsoft and IE7 because Microsoft has made great strides with IE 7. However, to prevent scripting in IE7 you have to Okay five or more prompts to allow scripts to run. This is not a very good option, how many of us will actually do this for every site. NoScript makes it easier because you select what to allow and forbid. Here are some screenshots.

Beware of malicious Myspace sites

Please beware of the following program called Myspace Viewer. Most of the time you will get a unknown friend request, once you click on the link to the profile. You are sent to a malicious page wanting you to download a program called MyInstaller.exe . Do not install it!!!

The Virus is variant of the popular Trojan Zlob, but can be Trojan.DNS.Hijacker. Which Hijacks your searches. If you ever come across this please visit this site to get help Castlecops