Saturday, October 31, 2009

Block Scanner

BlockScanner is the new rogue of the Winisoft family (Block Watcher, SoftBarrier, Shield Safeness, Soft Stronghold, Soft Veteran, SoftCop, Soft Soldier, Trust Fighter, Trust Soldier, Safe Fighter, Trust Cop, Secure Warrior, Secure Fighter, Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



BlockScanner comes from fake online antivirus scanners or fake video codecs. It creates random files on the system and detects them as infected. It also display a lot of disturbing warning messages to scare users, pushing them to buy a license.

If your PC is infected with BlockScanner, use MBAM to remove it.

Friday, October 30, 2009

Security Central

Security Central is a fake Antivirus tool. It is from the same rogue family as Home Personal Antivirus, XP Deluxe Protector, Win PC Antivirus, Win PC Defender, XP Police Antivirus, IE-Security, WinDefender 2009 and Total Secure 2009.



Once registered, Security Central doesn't detect infections anymore (same system, no cleanings). There is no more fake alerts and disturbing warning messages... Easy proof of a scareware application.



If your PC is infected with Security Central, follow the BleepingComputer removal guide.

Thanks to Sparsha and Patrick Jordan

BlockWatcher

BlockWatcher is the new rogue of the Winisoft family (SoftBarrier, Shield Safeness, Soft Stronghold, Soft Veteran, SoftCop, Soft Soldier, Trust Fighter, Trust Soldier, Safe Fighter, Trust Cop, Secure Warrior, Secure Fighter, Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



BlockWatcher creates random files on the system so it can detect them as infected items.

If your PC is infected with BlockWatcher, follow the BleepingComputer removal guide.

Thanks fly to Bharath & Tachikoma

Thursday, October 29, 2009

Windows Entreprise Suite

Windows Entreprise Suite is a new rogue. Installed from fake online antivirus scanners, it replaces Windows Entreprise Defender.

Both are coming from a big family: Volcano Security Suite, Windows Entreprise Defender, Windows PC Defender, Windows Additional Guard, Windows Guard Pro, Ultimate System Guard, Smart Virus Eliminator, Windows Protection Suite, Windows System Suite, Windows Security Suite, Malware Destructor 2009, FastAntivirus, MalwareCatcher, VirusShield, Extra Antivirus, Virus Sweeper, Ultra Antivir 2009, Virusdoctor, VirusMelt, VirusAlarm.

Windows Entreprise Suite displays false alerts and warning messages to scare users pushing them to purchase a full license.



If your PC is infected with Windows Entreprise Suite, follow the BleepingComputer removal guide.

Wednesday, October 28, 2009

Soft Barrier

SoftBarrier is the new rogue of the Winisoft family (Shield Safeness, Soft Stronghold, Soft Veteran, SoftCop, Soft Soldier, Trust Fighter, Trust Soldier, Safe Fighter, Trust Cop, Secure Warrior, Secure Fighter, Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



SoftBarrier creates random files on the system so it can detect them as infected items.



If your system is infected with Soft Barrier, follow the BleepingComputer removal guide.

Desktop Defender 2010

Desktop Defender 2010 is a new fake antivirus from the same family as: Contraviro and UnVirex.



Like the previous versions, the database of Desktop Defender 2010 has been ripped from Clam AntiVirus (ClamAV), an open source (GPL) and free anti-virus toolkit.

HijackThis symptoms:
O2 - BHO: StatusBarPane - {CCB5551D-8594-4999-85F9-1E3EABCB95AC} - C:\Program Files\Desktop Defender 2010\IEAddon.dll
O4 - HKLM\..\Run: [Desktop Defender 2010] C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
O10 - Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll
Notice the LSP Hijack: Removing siglsp.dll file without restoring the LSP chain will break Internet connexion.
Leaving it will allow an infected componant to watch the network traffic.



If your system is infected with Desktop Defender 2010, follow the Bleeping Computer removal guide. MBAM is the only free tool to remove completely Desktop Defender 2010 AND the LSP Hijack.

Tuesday, October 27, 2009

Volcano Security Suite

Volcano Security Suite is a fake security software installed from fake online antivirus scanners. It replaces Smart Virus Eliminator rogue.

Both are coming from a big family: Windows Entreprise Defender, Windows PC Defender, Windows Additional Guard, Windows Guard Pro, Ultimate System Guard, Smart Virus Eliminator, Windows Protection Suite, Windows System Suite, Windows Security Suite, Malware Destructor 2009, FastAntivirus, MalwareCatcher, VirusShield, Extra Antivirus, Virus Sweeper, Ultra Antivir 2009, Virusdoctor, VirusMelt, VirusAlarm. Usually, the new comer replaces the old one, but here, the latest rogues are in the wild simultaneously.

Volcano Security Suite displays false alerts and warning messages to scare users pushing them to purchase a full license.





If your system is infected with Volcano Security Suite, follow the Bleeping Computer removal guide.

Thursday, October 22, 2009

Soft Veteran

SoftVeteran is the new rogue of the Winisoft family (SoftCop, Soft Soldier, Trust Fighter, Trust Soldier, Safe Fighter, Trust Cop, Secure Warrior, Secure Fighter, Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



SoftVeteran creates random files on the system so it can detect them as infected items.

Thanks to Grinler
To remove Soft Veteran, follow the BleepingComputer removal guide.

Friday, October 16, 2009

Secure Shield fake rogue

The previous post: Secure Shield rogue was a test.

Some blog webmasters are regularly using the screenshots I made on their blog post. They just take the pictures, wrote a text about the rogue dangerousness and link to a "Free Scan", "Free Removal" tool (which is NOT free). Without analyzing the rogue itself.

Those blogs are cleaners affiliates. If the downloaded cleaner they link to is installed and registered, they get a retribution. They don't care if the tool can remove or not the infection. They don't analyze the infection. They just make a maximum traffic and try to be ranked on google first page.
Some others blogs webmasters are promoting PUP softwares. Here again, PUP softwares creators don't analyze files. They try to sell their tools with a good google rank.

So I decided to MAKE a picture of a new rogue that does NOT exist: Secure Shield. I post the picture and wait for the "serious" guys.

10 minutes after my blog and my digg post, Loaris posts a modified picture of mine (his digg). Loaris Trojan Remover was classified once as rogue.



Few minutes later, another webmaster blogs about Secure Shield removal: Trojan Killer (a clone of Loaris Trojan Remover).



Then it is PC Tools / Spyware Doctor affiliates turn to promise full removal of the rogue. Those guys are inventing files, folders and keys name.



Another PC Tools / Spyware Doctor Affiliates:









Edit: One day after, it's still going on:







3 days after, there is more posts about the Fake Trojan romover. Spyware Doctor PC Tools affiliates copying others Spyware Doctor PC Tools affiliates posts.



Users should not trust cleaners promoted by affiliates business plan.
Click on the pictures to see the full capture of the blogs pages. The seed has germinate, you can search on google for more. Some of them manage to get removed from google (Loaris Trojan Remover delete his post about SecureShield).

Secure Shield

SecureShield is the new rogue of the Winisoft family (Soft Soldier, Trust Fighter, Trust Soldier, Safe Fighter, Trust Cop, Secure Warrior, Secure Fighter, Secure Veteran, Security Soldier, Security Fighter, Save Armor, Save Defender, Trust Warrior, Soft Safeness, Safety Keeper, Save Keeper, Quick Heal Cleaner, System Cop, Block Defense, Save Defense, Trust Ninja, Save Soldier, Save Keep, Winishield, Wini Fighter, WiniBlueSoft)



Secure Shield creates random files on the system so it can detect them as infected items.