Win7 AV also known as Win7 Antivirus is a program that will force its installation on victims computer by getting help from another Trojan. This Trojan will look for software vulnerabilities that it will exploit in order to gain access on target computer. On some instances, executable files will be uploaded to a contracted web server and employs a drive-by-download method when someone visited that web site. A simple viewing of a web page is enough to automatically download and install Win7 AV on computers without users consent. When successfully loaded, pop-up alerts and warning messages will be noticeable on the affected computer. A virus scan will be started during Windows boot-up and shows irrelevant and untrusted results. These common tricks by rogue program has been around for quite sometime and people should familiarize itself and must know to differentiate between legit and rogue security programs. Read more »

Bloodhound.Java.3 is a heuristic detection for malicious files that will infect a computer by exploiting the Oracle Java SE and Java for Business CVE-2010-0094 Remote Java Runtime Environment Vulnerability  as stated in BID 39075. Files detected as Bloodhound.Java.3 are considered a threat to the local computer and its network environment. Read more »

Trojan.Zbot!gen10 is a  generic detection to identify malicious files with similar characteristics to a Trojan.Zbot family. Trojan.Zbot!gen10 is distributed via spam email messages and drive-by-download method. This Trojan is also capable of stealing confidential information such as online account, banking details and key pressed on the infected computer. Read more »

W32.Sality!dr is a detection for a virus that will infect executable files and have similar functions to a member of W32.Sality family. W32.Sality!dr will also search removable and networks shared drives for executable files. It will modify the file to redirect running of the polymorphic viral code that was found to be inserted on the last section of the host file. Read more »

Spy Defender 2010 or sometimes called as SpyDefender 2010 is a bogus computer security application that usually obtain from a fake online virus scanner web pages. A Trojan-infected computer will be automatically redirected to these malicious web sites that will perform an automatic virus scan on visitors computer. After, it will show false results and advise users to download an unregistered version of the endorsed program. Thinking that all that was happening are part of a legit security procedures, Spy Defender 2010 will be installed on the computer with users full consent. Read more »

Boot.Tidserv is a detection for a variant of Tidserv Trojan that is capable of infecting 64-bit Windows operating systems. Boot.Tidserv targets the Master Boot Record (MBR) of the compromised computer. MBR will be replaced with an infected version that may result to system crashes. Read more »

Backdoor.Tidserv.L is a malicious Trojan that will allow a remote attacker to gain unauthorized access on the computer via backdoor ports. Backdoor.Tidserv.L also downloads additional files on computer for a separate function that may transmit sensitive information and degrade overall system performance. Read more »

W32.Pilleuz!gen10 is a heuristic detection for a worm that propagates through file-sharing programs, instant messaging applications and removable USB drives. W32.Pilleuz!gen10 can also open a backdoor ports on the compromised computer that will allow a remote attacker to gain full access. Read more »

Trojan.Bamital!gen1 is a generic detection for a malicious Trojan or Bot that poses a security risk for the affected computer and its network environment. Files detected as Trojan.Bamital!gen1 are considered harmful and should be remove from a computer immediately by carrying a thorough virus scanning. Read more »

AWM Antivirus was observed to be a part of a group of rogue security program that has variants spread over the Internet. Computers may get contracted with this unwanted program without users knowledge by downloading executable files from an infected web server. On some instances, a Trojan will drop and install it on target computer without a detection from installed anti-virus program. This method was made possible by exploiting software vulnerabilities on outdated computer. Symptoms of AWM Antivirus may vary from browser hijacker, disabled anti-virus program, non-functioning task manager and registry editor. Not to mention the obvious ones such as an excessive pop-up alerts about a detection of threats on victims computer. Above all this, the trick will end up in promoting the said program. It will exhaust its effort to convince user to purchase the registered version of AWM Antivirus. Read more »