Sunday, May 25, 2008

Pest-Patrol

Pest-Patrol

Pest-Patrol is a new rogue security application. Not to be confused with the Legitimate PestPatrol from CA (Currently CA Anti-Spyware). Dancho Danchev reported about this rogue a week ago here.

Site Name: Pest-Patrol.com
IP Address: 85.255.121.181

Screenshot of Pest-Patrol.com site


Screenshot of Pest-Patrol application


The rogue also installs a malicious BHO along the application.

BHO Details:

Filename: IEWarning.dll
Objest Name: WarningBHO
Hijack this entry:
O2 - BHO: WarningBHO Class - {56FA7933-DC3E-403b-8D47-BB5E3F345A21} - C:\Program Files\Pest-Patrol\IEWarning.dll

The BHO blocks navigation in IE and displays the following screen (Reported Insecure Browsing Navigation blocked) nagging users into purchasing Pest-Patrol rogue application.

Currently none of the AV/AS vendors detects this Pest. Stay away from this site.

Bharath M N

blog comments powered by Disqus