Malware Warnings
AntiVirus 2008 XP - Path To Infection
First, don’t click on any emails claiming to be an update from MSN or Microsoft. MSN/Microsoft never sends emails about a “Free Update”. If you want to update your PC *always* go to Microsoft.com (NEVER click on any links in an email offering windows updates).
Next, I did click on this link through one of my [...]
More Greeting Card Malware
I was just checking my mail at remove-malware.com and someone was nice enough to send me e-card malware! I think I’m going to see what the .exe does in one of my clean virtual machines. I had 3 clients this week that opened this e-card.exe file. They didn’t get a cute card, [...]
A Weekend Of RootKits: Figaro.sys Rootkit
I took a few appointments this weekend and witnessed the same infection over and over again…Figaro.sys. The Figaro.sys rootkit is dropped in c:\windows\system32\drivers (on vista) and on XP i’ve seen it in the DLLCACHE folder.
I don’t know exactly what it does but I can give you the symptoms:
Random reboots
Virtumonde drops
Very slow logins
I removed Figaro.sys [...]
Malware Being Advertised Through Adwords
Well, I just signed into my Gmail account and noticed this:
Do you see it???
“Free Antivirus XP 2008″…sad but true. I’m seeing XP Antivirus 2008 ads all over the place inside of Google related sites that use Adwords. In-case anyone doesn’t know XP Antivirus 2008 is Rogue (fake) Anti-malware designed to basically steal your [...]
Rogue Antivirus: How They Work and How to Remove Them
Rogue Anti-virus applications are being produced in ever increasing numbers each week now. Why? This is a scam that works big time! Rogue Anti-Virus scams are able to steal money, credit card numbers and sometimes entire identities. Below you can see the life cycle of a Rogue Anti-Virus scam.
1. You get infected with a Trojan [...]
Worst Worm…
Ugggg…I just got my first USB stick worm and let me tell you….it SUCKED!!! This worm created or infected autorun.exe on my usb flash drive. Once you insert the USB stick into a PC it drops the files below into the following folders:
C:\windows\system32\ftp32.dll
C:\windows\system32\drivers\spools.exe (boy is that little .exe annoying)
C:\Documents and Settings\user\ctfmon.exe
Once these [...]
Fake YouTube Emails
Per Alex at Sunbelt
Fake YouTube emails are being spammed to unsuspecting users. The email appears to be from YouTube, but isn’t. Instead when the dopy reader clicks on the link email they are brought to youtube-r dot com, then to youtube-s dot com where multiple exploits are run against the PC.
Be very suspicious [...]
New Flash Exploits – Update Your Flash Software
Malware distributors have found another exploit in flash files (.swf) today and are distributing malware through both IE and Firefox. The exploit works like this:
You get an email or visit a site with a malicious flash animation (this may look like a video).
At some point in the animation (usually early) malicious code is executed.
The [...]
MP3 Trojan Downloader-UA.h
Downloader-UA.h is a fake mp3 file that once played downloads play_mp3.exe (a Trojan). Once the Trojan is executed (if it is) it will display a barrage of ads on the PC. Downloader-UA.h has been seen on all the major p2p networks. I have found this Trojan on 2 PC’s, both pc’s had [...]
Security Toolbar 7.1 removal
Security Toolbar 7.1 is a fake internet explorer toolbar. The purpose of Security Toolbar 7.1 is to “scare” you into buying another fake piece of anti-malware (rogue anti-malware). This fraudbar may be easily removed with our free anti-malware tools. Security Toolbar 7.1 is a Zlob based Trojan and is usually obtained via [...]
