WiniBlueSoft is malicious security application that belongs to a large group of fake antivirus software. This malware can be dropped by a Trojan and installed without user consent. To run during Windows start-up, WiniBlueSoft will add certain entries on the registry. After that, this malware will repeatedly run virus scan and identify threats that do not really exists on the computer.

“Infiltration Alert” pop-up messages is a method of WiniBlueSoft to attract computer users to purchase the program. The full message reads: Read more »

NTOSKRNL-HOOK is a detection for technique used by Rootkit Trojan and be able to hide malicious files and process from Windows and security programs. NTOSKRNL-HOOK Rootkit are  programs that can be utilized by malware authors to conceal malicious files from being seen during a real-time scanning of security programs. Read more »

W32/Conficker.worm.gen.d is a heuristic detection for worm that propagates on computers by exploiting the Microsoft Windows Server Service Vulnerability (MS08-067). W32/Conficker.worm.gen.d can also drop additional malicious files to further harm the computer. When infected computers with NTFS file system, this worm will modify access permissions and can disable Administrators account. Read more »

Mal Vundo-9 is a dangerous Trojan that was developed to spread fake antivirus application. This is a generic detection for a family of Trojan that serves similar payloads. It is capable of executing remote malicious files and downloads more malware from various specified locations.

Tanatos.P.Dropper is a worm that propagates through email attachment. Once executed, Tanatos.P.Dropper registers itself in the system registry auto-run key so that its malicious code will activate each time Windows is started. Read more »

Win32.Vitro is a computer Trojan that can be acquired by visiting maliciously created web sites. Legitimate web sites that are also compromised by a Trojan may also distribute Win32.Vitro to target computer. It will enter the system through security breach and security weaknesses.

BOO/Sinowal.C is a master boot record (MBR) virus that will make the system unstable. BOO/Sinowal.C requires a boot sector utility software to be able to restore the boot sector record. Read more »

Trojan-Downloader.Win32.Small.dge is a trojan that will download other programs via the Internet and install them on the victim computer without the user’s knowledge. Trojan-Downloader.Win32.Small.dge is also detected as a threat by a bogus security application if the scanner report was shown is similar in the image below. Read more »

Backdoor.Win32.Haxdoor.gu is a backdoor trojan with remote administration and spreads via the Internet using infected messages. Backdoor.Win32.Haxdoor.gu is packed to prevent antivirus programs from detecting it. On some occasions, this detection was used as a misleading techniques by a rogue security program as shown in the image below. Read more »