Monthly Archive: August 2011

Aug 28

OpenCloud Antivirus Rogue of the FakeScanti Family

OpenCloud Antivirus is a rogue of the FakeScanti Family, that uses scare tactics of fakealerts and the blocking of any application trying to run to scare the user into purchasing the rogue to clean the fake scan results it shows. Files and Locations: %APPDATA%\OpenCloud Antivirus\OpenCloud Antivirus.exe %APPDATA%\OpenCloud Antivirus\OpenCloud Antivirus.ico %APPDATA%\OpenCloud Antivirus\sysl32.dll %APPDATA%\OpenCloud Antivirus\wf.conf %PROGRAMS%\OpenCloud Antivirus\OpenCloud Antivirus.lnk …

Continue reading »

Aug 27

PC Repair rogue of the FakeSysDef Family

PC Repair rogue of the FakeSysDef Family, is a fake analysis and optimization application using scareware messages of having hard drive and system errors to goad the user into purchasing the rogue. This family of rogues are part of an infection that includes an MBR (Master Boot Record) Rootkit like TDSS, and one of the …

Continue reading »

Aug 20

Home Safety Essentials rogue of the FakeVimes Family

Home Safety Essentials is a rogue of the FakeVimes Family which replaces the Anti-Malware Lab clone. The rogue uses the scare tactics of generating pop up fake alerts to get the users infected to purchase the rogue. The FakeVimes rogues also hijacks the hosts file and sets a proxy in the Internet Options, Connections, Lan …

Continue reading »

Aug 14

Security Protection Rogue of the Malware Protection Family

Security Protection is a rogue that is part of the Malware Protection family of rogues that uses fake alert and fake scan results as scare tactics to get the user to purchase the rogue.   Files and Locations: %COMMON_APPDATA%\defender.exe Registry: HKEY_CURRENT_USER\TWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SECURITY PROTECTION\C:\Documents and SETTINGS\ALL USERS\APPLICATION DATA\Defender.exe /MI How Do I Remove Security Protection from My PC? …

Continue reading »

Aug 13

Sites of the FakeRean Rogue

Sites of the FakeRean Rogue  The main sites used by a person or persons that whois information uses Win32Parit.B in emails, and is constantly using free domain forwarding sites for the PDF Exploits and the FakeRean downloader’s. Main Sites: directredirection DOT com imeemer DOT cn lastfmer DOT cn nsrecord DOT org picspics DOT cn redspacetube DOT …

Continue reading »

Aug 12

How to Remove the FakeRean Rogue

On April 2009 a new rogue appeared which many infected where calling the rogues shown as different names and which Micorosft began naming as FakeRean. The rogue unlike others in 2009 was different in that the downloader contained a list of rogue names and which then included the OS (Operating System) in the title of the …

Continue reading »

Aug 12

Wolfram Antivirus Rogue of the FakeScanti Family

Wolfram Antivirus Rogue of the FakeScanti Family is a rogue security program that blocks the running of all applications and continual pop up fake alerts designed to scare the infected user into purchasing the rogue. Files and Locations: %APPDATA%Wolfram Antivirus\ %APPDATA%Wolfram Antivirus\crss.exe %APPDATA%Wolfram Antivirus\Wolfram Antivirus.exe %APPDATA%Wolfram Antivirus\wf.conf %APPDATA%Wolfram Antivirus\wolfram Antivirus.ico %APPDATA%Wolfram Antivirus\sysl32.dll %APPDATA%Microsoft\conhost.exe %APPDATA%dwm.exe Registry Entries: …

Continue reading »

Aug 08

Rogues of the FakeSysDef Family

Rogues of the FakeSysDef Family (Fake System Deframenter)  This family of rogues is also known to include MBR Rootkit infections. System Restore 10/10/2011 Data Restore 9/30/2011 System Recovery 9/6/2011 Master Utilities 9/01/2011 PC Repair 8/27/2011 Defragmenter 12/17/2010 DiskOK 1/9/2011 DiskOptimizer 1/15/2011 DiskRecovery 2/4/2011 DiskRepair 12/22/2010 FastDisk 1/12/2011 GoodMemory 1/12/2011 HDDControl 4/12/2011 HDDDiagnostic 12/13/2010 HDDFix 1/4/2011 …

Continue reading »

Aug 06

Rogues of the FakeXPA (XPAntivirus) Family

Rogues of the FakeXPA (XPAntivirus) Fake bitDefender 4/21/2011 Fake E-Set Antivirus 3/16/2011 Fake AVG Antivirus 1/28/2011 Antivirus8 9/21/2010 AntivirusGT 7/13/2010 Antivirus7 3/12/2010 Antivir.XPA 1/30/2010 Personal Security 12/1/2009 Cyber Security 10/7/2009 AlphaAV 9/29/2009 Antivirus 360 12/11/2008 Antivirus 2009 7/3/2008 XP Antivirus 10/10/2007 The Rogues of the FakeXPA (XPAntivirus) Family can be removed with manually methods, however, …

Continue reading »

Aug 06

Rogues of the FakeVimes Family

Rogues of the FakeVimes Family Home Safety Essentials 8/20/2011 Anti-Malware Lab 7/6/2011 System Smart Security 6/7/2011 PC Security Guardian 5/6/2011 Best Malware Protection 3/16/2011 Internet Security Essentials 2/21/2011 Smart Internet Protection 2011 1/27/2011 Personal Internet Security 2011 12/27/2010 Personal Security Sentinel 12/15/2010 Internet Security Suite 11/11/2010 Smart Engine 10/11/2010 Smart Security 9/29/2010 My Security Shield …

Continue reading »