Friday, October 16, 2009

Two New Rogues

Two New Rogues

Thanks to Grinler @Bleepingcomputer.com and Remixed @Malwarebytes for the heads up.

Active Security and PC Scout are the two new rogue security applications. These applications are the successors of Protection System and CoreGuard Antivirus 2009 rogue security applications.

Screenshot of Active Security application


Active Security removal instructions here


Screenshot of PC Scout application


PC Scout removal instructions here

As a tradition this family attacks the legitimate security software and attempts to uninstall the following programs if found installed on the users system.

  • F-Secure
  • Malwarebytes' Anti-Malware
  • NOD32
  • Agnitum
  • Avira AntiVir
  • avast!
  • AVG
  • BitDefender
  • Sophos
  • Kaspersky

This behavior was earlier reported by Temerc here, by Sunbelt here and by S!Ri here.

The rogue removes the legitimate applications in order to protect themselves from being detected. Further they not only try to uninstall Malwarebytes' Anti-Malware program they also use a stolen copy of MBAM database.



Stay away from this family.

Bharath M N

blog comments powered by Disqus