You are here: Home > AntiMalware > Rogue Anti-Malware
Archive | Rogue Anti-Malware RSS feed for this section

Fake YouTube Messages – Your Account is Infected!

I was just doing my morning email chores when I stumbled across an email from my YouTube account.  This is what it said:

s0m3b0de has sent you a message:

Your Account is Infected
Your YouTube account has been infected with a self mailing worm and will be terminated in approx. 48 hours if malicious activities continue… Scan your account NOW with YouTubes online scanner to remove this dangerous threat from your computer and prevent further spread of this worm.

http://scanner01(dot)netai(dot)net/scan (hyperlink removed)

Since I was on my Mac Book I decided to click that link and this it what I found:
Oh no’s … a fake alert
Wow, my Mac just turned into a Windows box! …Fake scanner page.
Well, I haven’t seen this one before. MediaFire is hosting malware.
FYI – YouTube will never ever send you messages like the one mentioned above.


Read full story · Comments { 14 }

OS Specific Rogues – Vista Smart Security 2010

I was hammered with a new (sort of) rogue called Vista Smart Security 2010 this week.   As far as I know this an OS specific rogue because I only saw it on Vista boxes.   This rogue is easy to delete, however it comes with an agent that suppresses commercial anti-malware.

Vista Smart Security 2010

Vista Smart Security 2010

Here is the MBAM log (from my UBCD4WIN):

Scan type: Quick scan
Objects scanned: 109550
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rjwpbgsg (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pjrevdjn (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\omtgiuok (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\leccnidu (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jfneaspr (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\SYSTEM32 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\SYSTEM32\DRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\SYSTEM32\DRIVERS\rtl8187.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\SYSTEM32\DRIVERS\rtl8187B.sys (Trojan.Agent) -> Quarantined and deleted successfully.

If you don’t know how to build an UBCD4WIN you can download the free Dr. Web live CD which get’s rid of this rogue and it’s agent easily.

Read full story · Comments { 2 }

Remove-Malware Traffic Stats