Wednesday, December 30, 2009

Antivirus PC 2009

Antivirus PC 2009

Antivirus PC 2009 is a new rogue security application.

Screenshot of Antivirus PC 2009 homepage


Screenshot of Antivirus PC 2009 application from Emsi blog


Sites involved:

91.210.173.25 Antiviruspc-update com
91.210.173.25 Antiviruspc2009 com

Antivirus PC 2009 removal instructions here

Bharath M N

GreatDefender

GreatDefender

Thanks to Patrick Jordan of SunbeltSoftware for the info.

GreatDefender is the new rogue security application from WiniGuard rogue Family.

Screenshot of GreatDefender application


GreatDefender removal instructions here

Bharath M N

Monday, December 28, 2009

SystemCleanerPRO

SystemCleanerPRO

Thanks to Jax for the info.

SystemCleanerPRO is a new rogue security applciation from WinSpywareProtect rogue family.

Screenshot of SystemCleanerPRO rogue applciation


SystemCleanerPRO removal instructions here

Bharath M N

Antispyware Shield Pro

Antispyware Shield Pro

Antispyware Shield Pro is a new rogue security application.

Homepage of Antispyware Shield Pro rogue application


Once you click on the "Scan Now" button, it takes you to a fake/scare scanner page.

Screenshot of Antispyware Shield Pro rogue application


Sites involved:

67.228.219.50 Entiresafescripts net
67.228.219.50 Scanner.entiresafescripts net

Antispyware Shield Pro removal instructions here

Bharath M N

Total PC Defender

Total PC Defender

Total PC Defender is a new rogue security application. This rogue comes from the same group that distributes Safety Anti-Spyware rogue security application.


This application actually originates from Unvirex rogue family

Screenshot of Total PC Defender rogue application


Total PC Defender removal instructions here

Bharath M N

Thursday, December 24, 2009

APCprotect

APCprotect

Thanks to Patrick Jordan of SunbeltSoftware for the info.

APCprotect is the new rogue security application from WiniGuard rogue Family.

Screenshot of APCprotect application


APCprotect removal instructions here

Bharath M N

Sunday, December 20, 2009

Malware Defense

Malware Defense

Malware Defense is a new rogue security application from CoreGuard Antivirus 2009 rogue family. This rogue replaces AntiMalware rogue security application.

Screenshot of Malware Defense application


This rogue contunies the family tradition of attacking legitimate security software. Malware Defense rogue also attempts to uninstall the same set of legitimate security software that this family targets.

  • F-Secure
  • Malwarebytes' Anti-Malware
  • NOD32
  • Agnitum
  • Avira AntiVir
  • avast!
  • AVG
  • BitDefender
  • Sophos
  • Kaspersky

Malware Defense removal instructions here

Bharath M N

Saturday, December 19, 2009

ProtectPcs

ProtectPcs

ProtectPcs is the new rogue security application added to the ever lasting list of clones from WiniGuard rogue Family.

Screenshot of ProtectPcs application


ProtectPcs removal instructions here

Bharath M N

Friday, December 18, 2009

SysDefence

SysDefence

SysDefence is the new rogue security application from WiniGuard rogue Family.

Screenshot of SysDefence application from Bleepingcomputer.com


SysDefence removal instructions here

Bharath M N

Thursday, December 17, 2009

TheDefend

TheDefend

TheDefend is the new rogue security application from WiniGuard rogue Family.

Screenshot of TheDefend application from S!Ri's blog


TheDefend removal instructions here

Bharath M N

Wednesday, December 16, 2009

System Adware Scanner 2010

System Adware Scanner 2010

System Adware Scanner 2010 is a new rogue security application. This rogue replaces Windows Smart Security rogue application.

Screenshot of System Adware Scanner 2010 application


The group behind this rogue application have copied the entire about us page from AVG site, more information here

System Adware Scanner 2010 removal instructions here

Bharath M N

Tuesday, December 15, 2009

GuardPCS

GuardPCS

Thanks to Patrick Jordan of SunbeltSoftware for the info.

GuardPCS is the new rogue security application from WiniGuard rogue Family.

Screenshot of GuardPCS application


GuardPCS removal instructions here

Bharath M N

Friday, December 11, 2009

IGuardPc

IGuardPc

Thanks to S!Ri for the info.

IGuardPc is the new rogue security application from WiniGuard rogue Family.

Screenshot of IGuardPc application


Bharath M N

Thursday, December 10, 2009

Internet Security 2010

Internet Security 2010

Internet Security 2010 is a new rogue security application. This rogue replaces Advanced Virus Remover rogue security application.



Screenshot of Internet Security 2010 application from Emsisoft.com site


Internet Security 2010 removal instructions here

Bharath M N

Safety Anti-Spyware

Safety Anti-Spyware

Safety Anti-Spyware is a new rouge security application. The rogue was first reported by Sunbelt here.

Screenshot of Safety Anti-Spyware rogue application from Bleepingcomputer.com


Safety Anti-Spyware removal instructions here

Bharath M N

Wednesday, December 9, 2009

SiteAdware

SiteAdware

Thanks to S!Ri for the info.

SiteAdware is the new rogue security application from WiniGuard rogue Family.

Screenshot of SiteAdware application


SiteAdware removal instructions here

Bharath M N

Tuesday, December 8, 2009

AntiTroy

AntiTroy

Thanks to Patrick Jordan of SunbeltSoftware for the info.

AntiTroy is the new rogue security application from WiniGuard rogue Family.

Screenshot of AntiTroy application


AntiTroy removal instructions here

Bharath M N

Monday, December 7, 2009

Antivirus Live

Antivirus Live

Antivirus Live is new rogue security application and a clone of Spyware Protect 2009.

Screenshot of Antivirus Live application


Antivirus Live removal instructions here

Bharath M N

Friday, December 4, 2009

PC Live Guard

PC Live Guard

PC Live Guard is the new rogue security application from Virusdoctor rogue family.


Screenshot of PC Live Guard application


PC Live Guard removal instructions here

Bharath M N

Live PC Care

Live PC Care

Live PC Care is yet another new rogue security application from Virusdoctor rogue family.


Screenshot of Live PC Care application from Bleepingcomputer.com


Live PC Care removal instructions here

Bharath M N

Thursday, December 3, 2009

AntiKeep

AntiKeep

Here Comes the 50th rogue from WiniGuard rogue Family.

Screenshot of AntiKeep application


The first variant of the family was WiniGuard which was seen in wild around October 2008. Initially this family came under Innovagest 2000 SL group. They also had plans to come up with rogues for Mac but was never seen live in wild.

You can see the traces of the file installed by this first variant on Lavasoft Malware Lab's page here

We saw a very quiet period and no activity from this rogue family for a long time and a second variant was out in April 2009 and the third in June 2009. Later, they started mimicking Kaspersky Online Scanner 7.0 to scare and push their rogue application.

Later we also observed that they used almost all fake/scare scanner page templates which is/was used by different family of rogue security applications to push their crap. Then after this we saw a steady stream of clones from this family. The family also left a message to Sunbelt research team. Reports here and here

With TRE AntiVirus they changed GUI of the rogue application for the first time. Later they changed the GUI again with AntiAID .

Here is the complete list of rogue security application from WiniGuard family.


WiniGuard
WiniBlueSoft
WinBlueSoft
Wini Fighter
Winishield
Save Keep
Save Soldier
Trust Ninja
Save Defense
Block Defense
System Cop
Quick Heal Cleaner
Save Keeper
Safety Keeper
Soft Safeness
Trust Warrior
Save Defender
Save Armor
Security Fighter
Security Soldier
Secure Veteran
Secure Fighter
Secure Warrior
Trust Cop
Safe Fighter
Trust Soldier
Trust Fighter
Soft Soldier
Soft Cop
Soft Veteran
Soft Stronghold
Shield Safeness
Soft Barrier
Block Watcher
Block Scanner
Block Keeper
Block Protector
System Veteran
System Fighter
System Warrior
TRE AntiVirus
Anti AID
Site Villain
Link Safeness
Secure Keeper
KeepCop
REAnti
RESpyWare
AntiAdd
AntiKeep


In MDL we keep the list of clones from this family updated. Follow this link here

Will this gang end their malicious activity here?


Bharath M N

Wednesday, December 2, 2009

Personal Security

Personal Security


Personal Security is a new rogue security application, this rogue replaces Cyber Security rogue security applciation.

Screenshot of Personal Security application from Bleepingcomputer.com


Personal Security removal instructions here

Bharath M N

Tuesday, December 1, 2009

AntiAdd

AntiAdd

AntiAdd is the new rogue security application from WiniGuard rogue Family.

Screenshot of AntiAdd application


AntiAdd removal instructions here

Bharath M N

Saturday, November 28, 2009

Antivir

Antivir

Thanks to Remixed for the heads up

Antivir is a new rogue security application replacing Alpha Antivirus rogue security application.

Screenshot of Antivir rogue application


Antivir removal instructions here

Bharath M N

RESpyWare

RESpyWare

RESpyWare is the new rogue security application adding to the never ending list of clones from WiniGuard Family.

Screenshot of RESpyWare Splash screen


Screenshot of RESpyWare application


RESpyWare removal instructions here

Bharath M N

Thursday, November 26, 2009

REAnti

REAnti

REAnti is yet another new rogue from never ending list of clones from WiniGuard Family.

Screenshot of REAnti application


REAnti removal instructions here

Bharath M N

Wednesday, November 25, 2009

Additional Guard

Additional Guard

Additional Guard is yet another new rogue security application from Virusdoctor rogue family.


Additional Guard is a newer version of Windows Additional Guard with Windows stripped off.

Screenshot of Additional Guard application


Additional Guard removal instructions here

Bharath M N

Tuesday, November 24, 2009

KeepCop

KeepCop

KeepCop is yet another new rogue from never ending list of clones from WiniGuard Family.

Screenshot of KeepCop application


KeepCop removal instructions here

Bharath M N

Monday, November 23, 2009

Eco AntiVirus 2010

Eco AntiVirus 2010

Thanks to Remixed for heads up.

Eco AntiVirus 2010 is yet another rogue security application from SpywareNo/SpySheriff Family of rogue security application. This rogue replaces Green AV rogue security application.

Screenshot of Eco AntiVirus 2010 rogue security application

Eco AntiVirus 2010 removal instructions here

Bharath M N

Thursday, November 19, 2009

SecureKeeper

Secure Keeper

Thanks to S!Ri

Secure Keeper is yet another new rogue from never ending list of clones from WiniGuard Family.

Screenshot of Secure Keeper application from S!Ri's blog


Secure Keeper removal instructions here

Bharath M N

Tuesday, November 17, 2009

Personal Protector

Personal Protector


Thanks to Remixed for heads up.

Personal Protector is a new rogue security application from the System Guard 2009 rogue family. This rogue replaces Personal Guard 2009.

Screenshot of Personal Protector application from Bleepingcomputer.com


Personal Protector removal instructions here

Bharath M N

Two New ones from WiniGuard rogue Family

Two New ones from WiniGuard rogue Family

SiteVillain and LinkSafeness are the two new rogues from WiniGuard rogue Family.



LinkSafeness removal instructions here

Bharath M N

Sunday, November 15, 2009

Control Center

Control Center

Control Center is a new rogue security application. This is a clone of Privacy Center.

Screenshot of Control Center application




Control Center removal instructions here

Bharath M N

Saturday, November 14, 2009

System Defender

System Defender

System Defender is yet another new rogue security application from Virusdoctor rogue family.


System Defender is a newer version of Windows System Defender with Windows stripped off.

Screenshot of System Defender application


System Defender removal instructions here

Bharath M N

Friday, November 13, 2009

Enterprise suite

Enterprise suite

Enterprise Suite is the new rogue security application from Virusdoctor rogue family.


Enterprise suite replaces Windows Enterprise Suite rogue and is being actively pushed through fake/Scare scanner pages.


Screenshot of Enterprise Suite application from S!Ri's blog


Bharath M N

Thursday, November 12, 2009

AntiAID

AntiAID

AntiAID is the latest rogue security application from WiniGuard rogue Family

Thanks to Grinler for the screeny

Screenshot of AntiAID application


This is the second time that this family has changed the GUI, First they changed the GUI with the TRE AntiVirus rogue and now with AntiAID.

Totally the family had used three different GUI's

Screenshot of the three different GUI's used by this family


AntiAID removal instructions here

Bharath M N

Wednesday, November 11, 2009

System Warrior

System Warrior

System Warrior is yet another new rogue from never ending list of clones from WiniGuard Family.

Screenshot of System Warrior application from S!Ri's blog


System Warrior removal instructions here

Bharath M N