Sunday, November 25, 2007

New fake security alert web page

Another fake Security Site, it will scare you into downloading it. Also, it will install a Rogue Anti-Spyware application called Malware Destructor.




IP address is

85.255.120.99
http://www.malwaredestructor(dot)com/

Result: 15/32 (46.88%)


Antivirus Version Last Update Result
AhnLab-V3 2007.11.24.0 2007.11.23 Win-Trojan/Agent.23072.B
AntiVir 7.6.0.34 2007.11.23 -
Authentium 4.93.8 2007.11.24 -
Avast 4.7.1074.0 2007.11.23 -
AVG 7.5.0.503 2007.11.24 Downloader.Agent.TIV
BitDefender 7.2 2007.11.25 Trojan.Downloader.JJCE
CAT-QuickHeal 9.00 2007.11.24 TrojanDownloader.Agent.eyv
ClamAV 0.91.2 2007.11.25 Trojan.Downloader-15450
DrWeb 4.44.0.09170 2007.11.24 -
eSafe 7.0.15.0 2007.11.21 -
eTrust-Vet 31.3.5324 2007.11.24 -
Ewido 4.0 2007.11.24 Downloader.Agent.eyv
FileAdvisor 1 2007.11.25 -
Fortinet 3.14.0.0 2007.11.25 Misc/Renos
F-Prot 4.4.2.54 2007.11.23 -
F-Secure 6.70.13030.0 2007.11.24 Trojan-Downloader.Win32.Agent.eyv
Ikarus T3.1.1.12 2007.11.25 Trojan-Downloader.Win32.Agent.eyv
Kaspersky 7.0.0.125 2007.11.21 Trojan-Downloader.Win32.Agent.eyv
McAfee 5170 2007.11.23 -
Microsoft 1.3007 2007.11.25 -
NOD32v2 2684 2007.11.25 -
Norman 5.80.02 2007.11.23 -
Panda 9.0.0.4 2007.11.25 -
Prevx1 V2 2007.11.25 Heuristic: Suspicious Self Modifying File
Rising 20.19.60.00 2007.11.25 Trojan.DL.Win32.Agent.dps
Sophos 4.23.0 2007.11.25 -
Sunbelt 2.2.907.0 2007.11.24 -
Symantec 10 2007.11.25 ExpertAntiVirus
TheHacker 6.2.9.141 2007.11.24 -
VBA32 3.12.2.5 2007.11.23 Trojan-Downloader.Win32.Agent.dps
VirusBuster 4.3.26:9 2007.11.24 Trojan.DL.Agent.WVG
Webwasher-Gateway 6.0.1 2007.11.25 -


If you happen to get infected, please download this free tool. It will remove the rogue program and all its components.

RogueRemover FREE 1.22

Monday, October 29, 2007

New rogue Anti-Spyware program



Please stay away from this program, its a scam. Uninstalling this program is not easy, you have to kill the following process AdwareRemover.exe .


Here is a VirusTotal results of the install file

File Install1216.exe received on 10.30.2007 02:34:50 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 12/32 (37.5%)

Antivirus Version Last Update Result
AhnLab-V3 2007.10.30.0 2007.10.29 -
AntiVir 7.6.0.30 2007.10.29 TR/Renos.29776
Authentium 4.93.8 2007.10.29 -
Avast 4.7.1074.0 2007.10.29 -
AVG 7.5.0.503 2007.10.29 Potentially harmful program Downloader.IY
BitDefender 7.2 2007.10.30 -
CAT-QuickHeal 9.00 2007.10.29 -
ClamAV 0.91.2 2007.10.30 -
DrWeb 4.44.0.09170 2007.10.30 Trojan.Fakealert
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5252 2007.10.30 -
Ewido 4.0 2007.10.29 -
FileAdvisor 1 2007.10.30 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.29 -
F-Secure 6.70.13030.0 2007.10.30 not-virus:Hoax.Win32.Renos.mw
Ikarus T3.1.1.12 2007.10.30 not-a-virus:Hoax.Win32.Renos.mw
Kaspersky 7.0.0.125 2007.10.30 not-virus:Hoax.Win32.Renos.mw
McAfee 5151 2007.10.29 BraveSentry
Microsoft 1.2908 2007.10.30 TrojanDownloader:Win32/Renos.CF
NOD32v2 2625 2007.10.30 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.10.29 -
Panda 9.0.0.4 2007.10.30 Suspicious file
Prevx1 V2 2007.10.30 Generic.Dropper.xCodec
Rising 19.47.02.00 2007.10.29 -
Sophos 4.23.0 2007.10.30 -
Sunbelt 2.2.907.0 2007.10.29 -
Symantec 10 2007.10.30 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.29 -
Webwasher-Gateway 6.6.1 2007.10.29 Trojan.Renos.29776

Here are more screenshots of this rogue app.





Wednesday, September 12, 2007

Another fake codec site

Please don't visit this site

hxxp://codec-scan.com/




Anti-Virus detection is minimal at best.

Sunday, September 9, 2007

new codec malware

Please stay away from site!!!!!!

hxxp://codec-fun.com/








Currently, virus detection is not good. My best recommendation is never download a video file that asks you to install a video codec. Its normally malware. Safe surfing.

Friday, August 10, 2007

Some more rogue Security programs!!!!

These programs use tricks to get you to download and pay for there software. Here is an example:



Typically, you can get infected by going to malicious porn sites. They make you download a video codec to watch the video. When you download the codec, you get infected.

Here are some of the latest rogue app's.




















Careful browsing

Thursday, August 9, 2007

New Rogue Security Program

Anti-SpyGolden v4.9 is a new rogue program. Please stay away!!!!!






I believe Sunbelt CounterSpy can detect and remove Anti-SpyGolden.

Saturday, July 28, 2007

Today, i received the following friend request on MySpace.



Looks like a legit request, but this is a red flag My Other Pics. When you click on that link, you are sent to Fling.com. Beware of the previous link, it contains adult content!!!!!!







This is similer to one i recieved in June, but i was sent to AdultFinder.com. This is a pretty bad why to market your website and buisness. For everyone, who frequents MySpace. Please be careful.


Thursday, July 5, 2007

Update on Privacy Protector

There are now tools available to remove Privacy Protector trojan installs. The following sites have experts that can work you through the disinfection.

Castlecops

BleepingComputer

TechSupport Guy

MalwareRemoval

Saturday, June 30, 2007

PC Drive Tool

Here is another rogue Anti-Spyware app and its linked to http://www.pcprivacytool.com/. When you click on Buy Now, you are directed there.



What a rip off. Here are some more screenshots. The installer is installer_en.exe and is not detected well at all. However, i am not getting the program via a trojan. So, the install file could be different.


Privacy Protector





Here is a new Rogue Anti-Spyware program, please stay away!!!!


You will be directed to a site to remove porn form websites. It obliviously a scam. The program costs 39.95 to remove malware. However the stuff it detects is bogus!!!





When you click on Detect and Erase Porn Now you will prompted to download installprivacyprotectorfree.exe. This will install the rogue app. Here are some more screenshots of the install. Anti-Virus detect is limited at best.

As of right know nothing will remove it. When there is a removal, i will post it.

Friday, June 29, 2007

Mozilla Firefox Extension "NoScript"



NoScript is another tool to keep malicious hackers from getting into your computer. You say how can this be?? Well, NoScript blocks all Javascript on websites. You have the option to Allow sites you deem secure, my recommendation is to bank sites only. However, some good sites may need Javascript enabled. Most of the time, you will get a little message "You have Javascript disabled." You can then allow it. Moreover, NoScript will disable all flash ads on untrusted sites. I know these ads can be annoying, so its nice to have that option. Furthermore, NoScript will block any Cross-Site scripting. What is Cross-Site Scripting?? Cross-site Scripting is a type of computer security vulnerability in web application that allow code injections by a malicious attacker. These attacks have been linked to powerful phishing attacks and browser exploits. Finally, NoScript can protect you from malicious Javascript vulnerabilities. There are many kinds of malware installed via malicious sites that inject the code via a Javascript vulnerability.

I don't want to bash Microsoft and IE7 because Microsoft has made great strides with IE 7. However, to prevent scripting in IE7 you have to Okay five or more prompts to allow scripts to run. This is not a very good option, how many of us will actually do this for every site. NoScript makes it easier because you select what to allow and forbid. Here are some screenshots.

Sunday, May 27, 2007

Beware of malicious Myspace sites



Please beware of the following program called Myspace Viewer. Most of the time you will get a unknown friend request, once you click on the link to the profile. You are sent to a malicious page wanting you to download a program called MyInstaller.exe . Do not install it!!!



The Virus is variant of the popular Trojan Zlob, but can be Trojan.DNS.Hijacker. Which Hijacks your searches. If you ever come across this please visit this site to get help Castlecops