Feb 02

Disk Antivirus Professional

Disk Antivirus Professional is a rogue of the WinWeb Security Family.

Disk Antivirus Professional like so many of today’s rogues, block the running of all other applications and the constant pop ups and re-directs to scare messages designed to scare those infected into buying the rogue.

Disk Antivirus Professional GUI

Files and Locations:

%APPDATA%\<random named> .exe

%APPDATA% is a token path that relates to the following:

XP OS:
<Drive>:\Documents and Settings\Users\Application Data

Vista and Windows 7:
<Drive> \USERS\<USER>\AppData\ROAMING

The Disk Antivirus Professional rogue can be removed with manually, however, because of blocking apps and possible infections by other malware that may have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the Disk Antivirus Professional rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Nov 02

Windows Protection Maintenance Rogue

The Windows Protection Maintenance is referred to as a rogue because it is designed to look like a real Antispyware program that uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Protection Maintenance creates pop-up messages designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Protection Maintenance includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Windows Protection Maintenance GUI

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Protection Maintenance rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Oct 29

Rogue using name Micorsoft Essential Security Pro 2013

Rogue using name Micorsoft Essential Security Pro 2013

This fake Antivirus comes down from fake flash Update scam sites and immediately runs from where it is dropped to. It doesn’t show fake alerts but it does hijack the .exe file associations in the registry.

Micorsoft Essential Security Pro 2013 GUI

Rogue made a transmission to site used for the payment page:
john.denebasendtoend(DOT)pro/users/?ch=1&id=75ab7c06-9dc6-4bbf-b5b9-72b7511a12c3

Registry of file associations hijacking

HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\DefaultIcon
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\open
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\open\command
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\runas
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\.exe\shell\runas\command
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\DefaultIcon
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\open
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\open\command
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\runas
HKEY_USERS\S-1-5-21-484763869-1844823847-839522115-1003_Classes\exefile\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\.exe\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\.exe\shell
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas
HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command
HKEY_CURRENT_USER\Software\Classes\exefile
HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon
HKEY_CURRENT_USER\Software\Classes\exefile\shell
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas
HKEY_CURRENT_USER\Software\Classes\exefile\shell\runas\command
HKEY_CLASSES_ROOT\.exe\DefaultIcon
HKEY_CLASSES_ROOT\.exe\shell
HKEY_CLASSES_ROOT\.exe\shell\open
HKEY_CLASSES_ROOT\.exe\shell\open\command
HKEY_CLASSES_ROOT\.exe\shell\runas
HKEY_CLASSES_ROOT\.exe\shell\runas\command

The rogue can be removed with manually, however, because of file associations Hijacking and possible infections by other malware that may have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial of Vipre to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Sep 27

System Progressive Protection of the WinWeb Security Family Rogues

System Progressive Protection is a rogue of the WinWeb Security Family

System Progressive Protection  blocks the running of all other applications and the constant pop ups and re-directs to scare messages designed to scare those infected into purchasing the rogue.

System Progressive Protection GUI

Files and Locations:

%APPDATA%\<random named> .exe

%APPDATA% is a token path that relates to the following:

XP OS:
<Drive>:\Documents and Settings\Users\Application Data

Vista and Windows 7:
<Drive> \USERS\<USER>\AppData\ROAMING

The System Progressive Protection rogue can be removed with manually, however, because of blocking apps and possible infections by other malware that may have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial of Vipre to remove the System Progressive Protection rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Aug 14

Windows Safety Series Rogue

The Windows Safety Series is referred to as a rogue because it is designed to look like a real Antispyware program that uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Safety Series creates pop-up messages that are fake and designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Safety Series includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Windows Safety Series GUI

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Safety Series rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Aug 13

Windows Secure Workstation Rogue

The Windows Secure Workstation is called a rogue because it is designed to look like a real Antispyware program that uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Secure Workstation produces pop-up messages that are fake and designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Secure Workstation includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Windows Secure Workstation GUI

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Secure Workstation rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Aug 12

Windows Anti-Malware Patch Rogue

The Windows Anti-Malware Patch is a program made to look like a real Antivirus application that is referred to as a rogue and which uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Anti-Malware Patch generates fake pop-up messages designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Anti-Malware Patch includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Windows Anti-Malware Patch GUI

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Anti-Malware Patch rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Aug 10

Windows Virtual Security Rogue

The Windows Virtual Security is called a rogue because it is designed to look like a real Antispyware program that uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Virtual Security produces pop-up messages that are fake and designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Virtual Security includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Windows Virutal Security GUI

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Virtual Security rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Aug 08

Windows Antivirus Release Rogue

The Windows Antivirus Release is an application designed to look like a real Antispyware program that is referred to as a rogue and which uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Antivirus Release generates fake pop-up messages designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Antivirus Release includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Windows Antivirus Release GUI

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Antivirus Release rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Aug 06

Windows Interactive Safety Rogue

The Windows Interactive Safety is a application designed to look like a real Antispyware program that is referred to as a rogue and which uses fake online scan sites users are re-directed to make the user think their computer is infected and need download and install the rogue.

The Windows Interactive Safety generates fake pop-up messages designed to make the user think they have been infected by blocking all applications used in the fake alert messages as a way to scare users into purchasing the rogue application in order to clean their computers.

The Windows Interactive Safety includes in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options, with hundreds of entries of the different legitimate Antivirus companies’ executable files to block them from being able to be ran.

Windows InterActive Safety GUI

Files and Locations:
XP
<Drive>:\DOCUMENTS AND SETTINGS\<USER>\APPLICATION DATA\Protector-<random Names>.exe
Win7
<Drive>:\USERS\<USER>\AppData\ROAMING\Protector-<Random Names>.exe

The Windows Interactive Safety rogue can be removed manually, however, because of blocking apps and possible infections by other malware that could have been included, it is best to use our Antivirus removal tool, VIPRE Antivirus.

You can download a free trial to remove the rogue by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

 If you are unable to download and install our malware removal tool because the rogue has infected your computer and is not allowing you to  install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Older posts «