Here is an example of a Hacked Google Groups link to download Ring tones
When you click on the link you are prompted to download a file named msetup.exe.
Monday, April 28, 2008
Google Groups spawning Malware
Recently Google Groups has been a growing place for malware and Google needs to clean this up soon. Please do not download anything from a Google Groups link.
Here is an example of a Hacked Google Groups link to download Ring tones
When you click on the link you are prompted to download a file named msetup.exe.
Here is an example of a Hacked Google Groups link to download Ring tones
When you click on the link you are prompted to download a file named msetup.exe.
Sunday, March 16, 2008
New Rogue Anti-Spyware Program
SpywareIsolator
Below is the pop up, you may receive in Internet Explorer. When you have a Trojan called FakeAlert you may receive this pop up too.
This pop up tries to lure you into thinking you are infected with dangerous spyware, however you aren't infected. Please do not install this program!!!!
For those unfortunate to get infected with Spywareisolator, Malwarebytes Anti-Malware will completely remove the infection. You can download Malwarebytes Anti-Malware from Here for free.
Below is the pop up, you may receive in Internet Explorer. When you have a Trojan called FakeAlert you may receive this pop up too.
This pop up tries to lure you into thinking you are infected with dangerous spyware, however you aren't infected. Please do not install this program!!!!
For those unfortunate to get infected with Spywareisolator, Malwarebytes Anti-Malware will completely remove the infection. You can download Malwarebytes Anti-Malware from Here for free.
Thursday, March 13, 2008
Saturday, March 1, 2008
new codec malware
Please beware of this site
http://porntubecodec2008.com/
it installs the following fake codec MediaTubeCodec.exe. Please stay away from this as it will install rogue security applications and other malware.
Amazon's MP3 downloader
Just a few months ago, Amazon has released its MP3 downloader for linux. I installed in Ubuntu Gusty Gibbon, i have to say it was very easy. Amazon provides a pretty basic instructions on installing it on Fedora, OpenSuse, Debian and Ubuntu. I really think this is a milestone for linux, we all finally have a way to purchase legal music. We all need to spread the word on DRM free music because that is the future. Go amazon!!!!
Sunday, November 25, 2007
New fake security alert web page
Another fake Security Site, it will scare you into downloading it. Also, it will install a Rogue Anti-Spyware application called Malware Destructor.
IP address is
85.255.120.99
http://www.malwaredestructor(dot)com/
Result: 15/32 (46.88%)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.24.0 2007.11.23 Win-Trojan/Agent.23072.B
AntiVir 7.6.0.34 2007.11.23 -
Authentium 4.93.8 2007.11.24 -
Avast 4.7.1074.0 2007.11.23 -
AVG 7.5.0.503 2007.11.24 Downloader.Agent.TIV
BitDefender 7.2 2007.11.25 Trojan.Downloader.JJCE
CAT-QuickHeal 9.00 2007.11.24 TrojanDownloader.Agent.eyv
ClamAV 0.91.2 2007.11.25 Trojan.Downloader-15450
DrWeb 4.44.0.09170 2007.11.24 -
eSafe 7.0.15.0 2007.11.21 -
eTrust-Vet 31.3.5324 2007.11.24 -
Ewido 4.0 2007.11.24 Downloader.Agent.eyv
FileAdvisor 1 2007.11.25 -
Fortinet 3.14.0.0 2007.11.25 Misc/Renos
F-Prot 4.4.2.54 2007.11.23 -
F-Secure 6.70.13030.0 2007.11.24 Trojan-Downloader.Win32.Agent.eyv
Ikarus T3.1.1.12 2007.11.25 Trojan-Downloader.Win32.Agent.eyv
Kaspersky 7.0.0.125 2007.11.21 Trojan-Downloader.Win32.Agent.eyv
McAfee 5170 2007.11.23 -
Microsoft 1.3007 2007.11.25 -
NOD32v2 2684 2007.11.25 -
Norman 5.80.02 2007.11.23 -
Panda 9.0.0.4 2007.11.25 -
Prevx1 V2 2007.11.25 Heuristic: Suspicious Self Modifying File
Rising 20.19.60.00 2007.11.25 Trojan.DL.Win32.Agent.dps
Sophos 4.23.0 2007.11.25 -
Sunbelt 2.2.907.0 2007.11.24 -
Symantec 10 2007.11.25 ExpertAntiVirus
TheHacker 6.2.9.141 2007.11.24 -
VBA32 3.12.2.5 2007.11.23 Trojan-Downloader.Win32.Agent.dps
VirusBuster 4.3.26:9 2007.11.24 Trojan.DL.Agent.WVG
Webwasher-Gateway 6.0.1 2007.11.25 -
If you happen to get infected, please download this free tool. It will remove the rogue program and all its components.
RogueRemover FREE 1.22
IP address is
85.255.120.99
http://www.malwaredestructor(dot)com/
Result: 15/32 (46.88%)
Antivirus Version Last Update Result
AhnLab-V3 2007.11.24.0 2007.11.23 Win-Trojan/Agent.23072.B
AntiVir 7.6.0.34 2007.11.23 -
Authentium 4.93.8 2007.11.24 -
Avast 4.7.1074.0 2007.11.23 -
AVG 7.5.0.503 2007.11.24 Downloader.Agent.TIV
BitDefender 7.2 2007.11.25 Trojan.Downloader.JJCE
CAT-QuickHeal 9.00 2007.11.24 TrojanDownloader.Agent.eyv
ClamAV 0.91.2 2007.11.25 Trojan.Downloader-15450
DrWeb 4.44.0.09170 2007.11.24 -
eSafe 7.0.15.0 2007.11.21 -
eTrust-Vet 31.3.5324 2007.11.24 -
Ewido 4.0 2007.11.24 Downloader.Agent.eyv
FileAdvisor 1 2007.11.25 -
Fortinet 3.14.0.0 2007.11.25 Misc/Renos
F-Prot 4.4.2.54 2007.11.23 -
F-Secure 6.70.13030.0 2007.11.24 Trojan-Downloader.Win32.Agent.eyv
Ikarus T3.1.1.12 2007.11.25 Trojan-Downloader.Win32.Agent.eyv
Kaspersky 7.0.0.125 2007.11.21 Trojan-Downloader.Win32.Agent.eyv
McAfee 5170 2007.11.23 -
Microsoft 1.3007 2007.11.25 -
NOD32v2 2684 2007.11.25 -
Norman 5.80.02 2007.11.23 -
Panda 9.0.0.4 2007.11.25 -
Prevx1 V2 2007.11.25 Heuristic: Suspicious Self Modifying File
Rising 20.19.60.00 2007.11.25 Trojan.DL.Win32.Agent.dps
Sophos 4.23.0 2007.11.25 -
Sunbelt 2.2.907.0 2007.11.24 -
Symantec 10 2007.11.25 ExpertAntiVirus
TheHacker 6.2.9.141 2007.11.24 -
VBA32 3.12.2.5 2007.11.23 Trojan-Downloader.Win32.Agent.dps
VirusBuster 4.3.26:9 2007.11.24 Trojan.DL.Agent.WVG
Webwasher-Gateway 6.0.1 2007.11.25 -
If you happen to get infected, please download this free tool. It will remove the rogue program and all its components.
RogueRemover FREE 1.22
Monday, October 29, 2007
New rogue Anti-Spyware program
Please stay away from this program, its a scam. Uninstalling this program is not easy, you have to kill the following process AdwareRemover.exe .
Here is a VirusTotal results of the install file
File Install1216.exe received on 10.30.2007 02:34:50 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 12/32 (37.5%)
Antivirus Version Last Update Result
AhnLab-V3 2007.10.30.0 2007.10.29 -
AntiVir 7.6.0.30 2007.10.29 TR/Renos.29776
Authentium 4.93.8 2007.10.29 -
Avast 4.7.1074.0 2007.10.29 -
AVG 7.5.0.503 2007.10.29 Potentially harmful program Downloader.IY
BitDefender 7.2 2007.10.30 -
CAT-QuickHeal 9.00 2007.10.29 -
ClamAV 0.91.2 2007.10.30 -
DrWeb 4.44.0.09170 2007.10.30 Trojan.Fakealert
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5252 2007.10.30 -
Ewido 4.0 2007.10.29 -
FileAdvisor 1 2007.10.30 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.29 -
F-Secure 6.70.13030.0 2007.10.30 not-virus:Hoax.Win32.Renos.mw
Ikarus T3.1.1.12 2007.10.30 not-a-virus:Hoax.Win32.Renos.mw
Kaspersky 7.0.0.125 2007.10.30 not-virus:Hoax.Win32.Renos.mw
McAfee 5151 2007.10.29 BraveSentry
Microsoft 1.2908 2007.10.30 TrojanDownloader:Win32/Renos.CF
NOD32v2 2625 2007.10.30 probably unknown NewHeur_PE virus
Norman 5.80.02 2007.10.29 -
Panda 9.0.0.4 2007.10.30 Suspicious file
Prevx1 V2 2007.10.30 Generic.Dropper.xCodec
Rising 19.47.02.00 2007.10.29 -
Sophos 4.23.0 2007.10.30 -
Sunbelt 2.2.907.0 2007.10.29 -
Symantec 10 2007.10.30 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.29 -
Webwasher-Gateway 6.6.1 2007.10.29 Trojan.Renos.29776
Here are more screenshots of this rogue app.
Subscribe to:
Posts (Atom)