Rogue

Best Malware Protection

Best Malware Protection

17 March 2011 14 Comments

Best Malware Protection is a harmful computer application that was has a sole purpose of stealing money from its innocent victims. Initially, fake online virus scanner is put-up to introduce Best Malware Protection as needed security software that will protect the system from known virus attack. This site will automatically run a virus scan when visited and detect threats even a single one is not present on the system. Furthermore, it will advise users to download and install an unregistered version of Best Malware Protection to be able to resolve virus problems. When this unwanted application is loaded, it will again run a virus scan but then again it will notify users with false security information. More

E-SET Antivirus 2011

E-SET Antivirus 2011

17 March 2011 8 Comments

E-SET Antivirus 2011 is a malicious security program that will mimic a legitimate and trusted anti-virus software. This rogue application plays a deception techniques to computer users. To make it clear, E-SET Antivirus 2011 is not capable of removing any types of computer threats. In fact, it will never protect your system if ever you install a copy of it. The author of this software is aiming to confused end users by pretending to be a product that came from a popular anti-virus vendor. It’s previous released also employed the same trick in the name of AVG Antivirus 2011. The new rogue may have a new name but the graphical user interface and method of propagation remains the old pensioned way. It uses a Trojan that will modify Internet browser settings when executed. This leads to redirection of requested page to fake online virus scanner. More

System Diagnostic

System Diagnostic

16 March 2011 0 Comment

System Diagnostic virus is a malicious application that will disguise itself as a legitimate program to totally persuade computer users that a paid version is required in removing Trojan, virus and spyware on the system. The truth is, System Diagnostic was just developed to be sold in an illegal manner. It does not really have the capability to protect a computer neither remove a virus from the computer. In fact, it has no real components and database to be categorized as a security product. More

Windows Remedy

Windows Remedy

16 March 2011 0 Comment

Windows Remedy is a potentially unwanted application that was created in so many variants. Also known as WindowsRemedy virus, this rogue application will assert that viruses are detected and advise users to purchase the registered version of the program. Initially, it will be delivered by means of a fake Microsoft Security Essentials Alert as indicated here:

Microsoft Security Essentials Alert
Potential Threat Details
Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action. Click ‘show details’ to learn more.

The said warning may look very legitimate and intended to deceive computer users. Later it will ask to download and install the program. Once inside the computer, Windows Remedy virus will start modifying the system particularly registry that will allow itself to run each time Windows is started. Windows Remedy will initiate a scan and detects numerous threats. Then it will prompt to remove these threats by upgrading the program to a registered version. If followed, users will be redirected to a payment processing web site and extract credit card information to be charged the full amount for registration key of Windows Remedy.

In a reality, Windows Remedy was just a program created to scam computer users. It must be removed immediately and having a full version of it, as recommended, should be ignored. Use only legitimate program to completely remove Windows Remedy from the system.

Screen Shot Image:

Alias: WindowsRemedy

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Windows Remedy Removal Procedures

Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Windows Remedy”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe

2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Windows Remedy Virus.
4. Registry entries created by Windows Remedy must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Windows Remedy start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe

7. Click Apply and restart Windows.

Windows Remedy Removal Tool:
In order to completely remove the threat, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Download and run SuperAntiSpyware Portable Scanner.

Technical Details and Additional Information:

Malicious Files Added by Windows Remedy:
%UserProfile%\Application Data\[random].exe

Windows Remedy Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestoreDisableSR ” = ’1?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’

Windows Diagnostic

Windows Diagnostic

15 March 2011 16 Comments

Windows Diagnostic virus will disguise as a tool that focuses on detecting and fixing hard drive and system errors. Coming from the same group who developed Windows Tool, this new rogue program was created specifically to gain revenue from this online scam activity. Usually, this rogue application will be spread with the help of a Trojan that will modify Internet browser on infected computer and redirects it to a malicious web sites. This site will initiate a scan and reports several hard drive and system issues. At this point, a prompt to download and install a copy of Windows Diagnostic is displayed. Unknown to users, this was just an unregistered version and later on Windows Diagnostic will force victims to purchased the licensed version. More

Trojan.Artilyb

10 March 2011 0 Comment

Trojan.Artilyb is a harmful computer Trojan Horse that are capable of modifying and running executable files on the infected computer. Trojan.Artilyb will arrived using .rtf extension that will take advantage of the Microsoft Office RTF File Stack Buffer Overflow Vulnerability. More

Backdoor.Prioxer

10 March 2011 0 Comment

Backdoor.Prioxer is a detection for a Trojan that will open a back door on the compromised system that will allow a remote attacker to gain access. Backdoor.Prioxer also steals sensitive information and gathers data on victims computer. More

Windows SafeMode

Windows SafeMode

8 March 2011 8 Comments

 Windows SafeMode software is a fake application that attempts to mislead computer users with fake hard drive error. Windows Safe Mode virus will state that there are several hard disk problems particularly on boot sector. It will advise to install the licensed version of the program that will end up users paying for this unwanted application via their own online payment web site. It will display the following messages to trick its victims: More

XP Anti-virus 2011

XP Anti-virus 2011

7 March 2011 112 Comments

XP Anti-Virus 2011 or also known as Vista Anti-virus 2011 and Win 7 Anti-virus 2011 is a rogue program that will be installed on multiple operating system. XP Anti-virus 2011 is a variant that will be installed on the system running under Windows XP as detected by the Trojan. It has the capability to gather system’s specifications to match the OS and make itself look like a legitimate application.  Regardless of the name, these are all the same program developed to persuade computer users and convince them to buy the licensed version by deceptive means. Either by pop-up alerts or task bar warning messages, XP Anti-virus 2011 will declare that computer is dealing with virus problems and removal must be accomplished using the paid version of XP Anti-virus 2011. More

Antivirus Monitor

Antivirus Monitor

6 March 2011 6 Comments

Antivirus Monitor is another potentially unwanted application. Without your knowledge, this program can enter and install itself on computer. This type of application is obviously a rogue that causes malfunctions on the system just like the old version AntiMalware Go. Usually, web users can acquire Antivirus Monitor from web site that pretends as an online virus scanner. It will automatically run a virus scan on visitor’s computer and instantly detect a number of threats like Trojans and viruses. More

« 12 13 14 15 16 17 18 19 »