Rogue Software

“Dammed thieves. Stole our logo. I suppose we should be flattered, though.” — A.E. Old rogue, new package: AntivirusProtectionCenter av2009.exe : crc6:7f3d73762762 crc8:003091628c68decc md5:d71d1e303ab963fdae76936ba52a05b7\ AMC.exe : crc6:1d6922972762 crc8:003005cfbb91b729 md5:e5555754fd758fc2be1374796f9433e2\ Hash’s different from their PersonalAntiMalware added 2/16/2010 opener_.exe : crc6:8ee75c08081d \ crc8:00dc55e5aaa82efa md5:5bb290cd1eb419ca98ca1f31273f7219\ “It’s the same gang that had the code saying ‘hello Sunbelt software’ They are watching us.” — P.J.

SecurePcAv is a phony antivirus program that has been infecting PC’s across the interwebs in recent days. If your PC is infected with SecurePcAv you will most likely experience the following: Fake system scans that report numerous infections and refuses to remove the supposed infections until you buy the phony software. Alerts and warnings stating the PC is under attack or unprotected and recommends you buy the phony software. Other software will not work, when attempting to open programs a warning stating the program is infected appears and the software is closed. Web browser hijacking, redirecting the user to malicious websites or showing false security warnings on sites like Google.com.

Paladin Antivirus is a phony security program, designed to rip people off. Paladin Antivirus tricks people into thinking they are downloading a legit antivirus software, then continually displays false security alerts and warnings followed up with a requests for users to buy or register the software. Once a computer becomes infected with Paladin Antivirus it will instantly begin a system scan and will report multiple infections. Paladin Antivirus will refuse to remove any of these supposed infections until the user buys or “registers” the software. Do not fall for this scam. ...

Fake antivirus software (a.k.a misleading applications or rogue antivirus) is big business nowadays with Symantec reporting 43 million installation attempts from over 250 distinct programs between July 1, 2008, to June 30, 2009. With fake AV software costing the victim anywhere from $30 to $100, this is a lucrative earner for criminals. Over time Symantec has observed various social engineering tactics being used to try and entice victims to hand over their money in this scam. The fake antivirus software known as Live PC Care has now gone as far as offering live online support to potential victims. Once a victim has installed Live PC Care onto their system via a system exploit or social engineering tactics, they are presented with the screen below falsely informing them that their system is riddled with viruses. Any suspicious computer user might wonder what this software is and where exactly it came from. To alleviate doubt and to aid with the whole scam, the designers of Live PC Care have added a yellow online support button in the top, right-hand corner of the fake AV software. ...

Advanced Defender is fake security software that tricks people into thinking it’s legitimate antispyware software in hopes they will pay for the product. Advanced Defender is a potentially dangerous and extremely frustrating PC infection that should be removed immediately. If Advanced Defender has infected your computer you may notice the following symptoms: System scans that report numerous infections, yet requires purchase of Advanced Defender before it will remove the infections (These are fictitious scan results) Alerts and Pop-Up system warnings stating the PC is infected and recommend purchase of Advanced Defender (These warnings are fake) Web browser redirecting to random websites (these websites are owned by cyber thieves and will further infect your PC) Advanced Defender will prevent other programs from opening, stating they are infected (The programs are not infected)

The creators behind the rogue antispyware appliaction WiniGuard have released yet another clone of their software. This one is called SafePcAV. SafePcAV spreads by showing fake online scanners. Once installed it will show hundreds of false infections. To remove these infections it requires the user to pay and license the software. If your computer is infected with this you must remove it soon, Click Here to learn how to remove it. ...

MyPcSecure is the latest rogue anti-spyware application and a clone from the WiniGuard family.

LiveEnterpriseSuite is a clone of InternetAntivirusPRO. Actually, the only thing that the authors of this rogue have changed is the name in the GUI. LiveEnterpriseSuite will detect false infections and require a license to remove them. If your computer is infected with this malware, you should remove it soon, Click Here to learn how to remove such malwares.

APcSafe is another rogue anti-spyware clone of the WiniGuard family. if your computer is infected with this malware you should remove it soon.

PcsSecure is the latest cloned rogue antispyware from the WiniGuard family. if your computer is infected with this malware you should remove it soon.