Thursday, May 22, 2008

SpyGuarder

SpyGuarder

SpyGuarder is a new Rogue security application currently advertised/pushed by Trojan horse.

Site Name: SpyGuarder.com
IP Address: 208.85.178.132

Screen shot of SpyGuarder site

Screen shot of SpyGuarder Fake/Scare scan pages


Screen shot of SpyGuarder application


SpyGuarder uses Software-payment.com site for payment processing. Beware that this site is also used by many other rogue security applications for payment processing.

The installer was scanned at VirusTotal and here are the scan results:

spyguarder_install.exe:

VirusTotal Scan Result: 3/32 (9.38%)

AntiVir 7.8.0.19 2008.05.22 TR/Dldr.FraudLoa.MC
Rising 20.45.32.00 2008.05.22 Suspicious.Trojan.Win32.VBDownLoader.a
Webwasher-Gateway 6.6.2 2008.05.22 Trojan.Dldr.FraudLoa.MC

spyguarder.exe:

VirusTotal Scan Result: 6/32 (18.75%)

AntiVir 7.8.0.19 2008.05.22 SPR/Fake.WinXDe.A.1
Fortinet 3.14.0.0 2008.05.22 Misc/Defender
Kaspersky 7.0.0.125 2008.05.22 not-a-virus:FraudTool.Win32.Defender.q
Panda 9.0.0.4 2008.05.22 Suspicious file
Prevx1 V2 2008.05.22 Malicious Software
Webwasher-Gateway 6.6.2 2008.05.22 Riskware.Fake.WinXDe.A.1

As you can see detection of the rogue is poor Stay away from this site.

Bharath M N

blog comments powered by Disqus