Tag Archives | smart security

OS Specific Rogues – Vista Smart Security 2010

I was hammered with a new (sort of) rogue called Vista Smart Security 2010 this week.   As far as I know this an OS specific rogue because I only saw it on Vista boxes.   This rogue is easy to delete, however it comes with an agent that suppresses commercial anti-malware.

Vista Smart Security 2010

Vista Smart Security 2010

Here is the MBAM log (from my UBCD4WIN):

Scan type: Quick scan
Objects scanned: 109550
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rjwpbgsg (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pjrevdjn (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\omtgiuok (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\leccnidu (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jfneaspr (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\SYSTEM32 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\SYSTEM32\DRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\SYSTEM32\DRIVERS\rtl8187.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\SYSTEM32\DRIVERS\rtl8187B.sys (Trojan.Agent) -> Quarantined and deleted successfully.

If you don’t know how to build an UBCD4WIN you can download the free Dr. Web live CD which get’s rid of this rogue and it’s agent easily.

Continue Reading · 2

Typical Anti-Malware Review Schedule

I usually upload all my reviews on Thursday – Saturday.  I have a few reviews that I’m working on right now:

– Eset Smart Security 4.0 Prevention

– AVG Prevention

– Repairing a PC after a malware infection

– Using UnHackMe to remove rootkits

That’s about it for now.  Anything anyone wants to see?

Continue Reading · 16

Eset Smart Security 4.0 Dectection and Removal Review

Last week (as promised) I put ESS 4.0 to the test – the detection and removal test.

Testing Condition:

  • A very infected computer (rootkits, trojans, worms, adware) that needs to be cleaned.
  • ESS 4.0 installed, set to maximum protection and updated.

Result:

  • ESS 4.0 removed quite a bit of malware, however the PC would have been unuable since ESS deleted userinit.exe.
  • Rootkits were not able to be removed, however they were detected by ESS.
  • The PC required a lot of cleanup via bootable antimalware disc just to get on the internet.

Note:

  • These tests are always fun to do, but it’s just for fun.  ESS 4.0 is designed to protect your PC from Malware being installed, not to remove it.
  • This ESS 4.0 detection and removal test is also a great tutorial for cleaning and repairing a PC after a malware infestation.

httpvh://www.youtube.com/watch?v=cqpLw1ieTiM

httpvh://www.youtube.com/watch?v=fUBS5nRqMkY

httpvh://www.youtube.com/watch?v=4VYfaK4JfKE

Continue Reading · 0