Monday, April 21, 2008

WinSpywareProtect

WinSpywareProtect

WinSpywareProtect is a rogue security application.

Site Name: WinSpywareProtect.com
IP Address: 85.255.119.26

Screenshot of WinSpywareProtect.com site

The scammers also use Fake/Scare scan tactics to lure/scare users into downloading/purchasing this application.

Screenshot of Fake/Scare scan pages:


The application does a fake scan on the system and reports fake threats, Also the application doesn’t show the exact path of the malicious files detected on the system and asks users to purchase the full version to remove the detected threats.

Screenshot of WinSpywareProtect application


The application comes up with the fake alert message even after the application is closed/shutdown.

Screenshot of Fake alerts displayed by WinSpywareProtect



The site also uses Billingserviceonline.com for payment processing which is used by many rogue applications.

The installer from the site was scanned and here are the scan results

VirusTotal Scan Result: 12/31 (38.71%)

AntiVir 7.8.0.8 2008.04.20 TR/Dldr.Delphi.Gen
AVG 7.5.0.516 2008.04.20 Generic10.IVQ
BitDefender 7.2 2008.04.20 Adware.WinSpywareProtect.A
eSafe 7.0.15.0 2008.04.17 suspicious Trojan/Worm
Ikarus T3.1.1.26 2008.04.20 not-a-virus:.FraudTool.Win32.MalWarrior.g
Kaspersky 7.0.0.125 2008.04.20 Heur.Downloader
NOD32v2 3041 2008.04.19 probably unknown NewHeur_PE virus
Norman 5.80.02 2008.04.18 W32/DLoader.GNDH
Panda 9.0.0.4 2008.04.20 Adware/WinSpywareProtect
Prevx1 V2 2008.04.20 Heuristic: Suspicious File With Persistence
Sophos 4.28.0 2008.04.20 Mal/Behav-053
Webwasher-Gateway 6.6.2 2008.04.20 Trojan.Dldr.Delphi.Gen

Stay away from this site.

Bharath M N

blog comments powered by Disqus