Wednesday, December 30, 2009

Antivirus PC 2009

Antivirus PC 2009

Antivirus PC 2009 is a new rogue security application.

Screenshot of Antivirus PC 2009 homepage


Screenshot of Antivirus PC 2009 application from Emsi blog


Sites involved:

91.210.173.25 Antiviruspc-update com
91.210.173.25 Antiviruspc2009 com

Antivirus PC 2009 removal instructions here

Bharath M N

GreatDefender

GreatDefender

Thanks to Patrick Jordan of SunbeltSoftware for the info.

GreatDefender is the new rogue security application from WiniGuard rogue Family.

Screenshot of GreatDefender application


GreatDefender removal instructions here

Bharath M N

Monday, December 28, 2009

SystemCleanerPRO

SystemCleanerPRO

Thanks to Jax for the info.

SystemCleanerPRO is a new rogue security applciation from WinSpywareProtect rogue family.

Screenshot of SystemCleanerPRO rogue applciation


SystemCleanerPRO removal instructions here

Bharath M N

Antispyware Shield Pro

Antispyware Shield Pro

Antispyware Shield Pro is a new rogue security application.

Homepage of Antispyware Shield Pro rogue application


Once you click on the "Scan Now" button, it takes you to a fake/scare scanner page.

Screenshot of Antispyware Shield Pro rogue application


Sites involved:

67.228.219.50 Entiresafescripts net
67.228.219.50 Scanner.entiresafescripts net

Antispyware Shield Pro removal instructions here

Bharath M N

Total PC Defender

Total PC Defender

Total PC Defender is a new rogue security application. This rogue comes from the same group that distributes Safety Anti-Spyware rogue security application.


This application actually originates from Unvirex rogue family

Screenshot of Total PC Defender rogue application


Total PC Defender removal instructions here

Bharath M N

Thursday, December 24, 2009

APCprotect

APCprotect

Thanks to Patrick Jordan of SunbeltSoftware for the info.

APCprotect is the new rogue security application from WiniGuard rogue Family.

Screenshot of APCprotect application


APCprotect removal instructions here

Bharath M N

Sunday, December 20, 2009

Malware Defense

Malware Defense

Malware Defense is a new rogue security application from CoreGuard Antivirus 2009 rogue family. This rogue replaces AntiMalware rogue security application.

Screenshot of Malware Defense application


This rogue contunies the family tradition of attacking legitimate security software. Malware Defense rogue also attempts to uninstall the same set of legitimate security software that this family targets.

  • F-Secure
  • Malwarebytes' Anti-Malware
  • NOD32
  • Agnitum
  • Avira AntiVir
  • avast!
  • AVG
  • BitDefender
  • Sophos
  • Kaspersky

Malware Defense removal instructions here

Bharath M N

Saturday, December 19, 2009

ProtectPcs

ProtectPcs

ProtectPcs is the new rogue security application added to the ever lasting list of clones from WiniGuard rogue Family.

Screenshot of ProtectPcs application


ProtectPcs removal instructions here

Bharath M N

Friday, December 18, 2009

SysDefence

SysDefence

SysDefence is the new rogue security application from WiniGuard rogue Family.

Screenshot of SysDefence application from Bleepingcomputer.com


SysDefence removal instructions here

Bharath M N

Thursday, December 17, 2009

TheDefend

TheDefend

TheDefend is the new rogue security application from WiniGuard rogue Family.

Screenshot of TheDefend application from S!Ri's blog


TheDefend removal instructions here

Bharath M N

Wednesday, December 16, 2009

System Adware Scanner 2010

System Adware Scanner 2010

System Adware Scanner 2010 is a new rogue security application. This rogue replaces Windows Smart Security rogue application.

Screenshot of System Adware Scanner 2010 application


The group behind this rogue application have copied the entire about us page from AVG site, more information here

System Adware Scanner 2010 removal instructions here

Bharath M N

Tuesday, December 15, 2009

GuardPCS

GuardPCS

Thanks to Patrick Jordan of SunbeltSoftware for the info.

GuardPCS is the new rogue security application from WiniGuard rogue Family.

Screenshot of GuardPCS application


GuardPCS removal instructions here

Bharath M N

Friday, December 11, 2009

IGuardPc

IGuardPc

Thanks to S!Ri for the info.

IGuardPc is the new rogue security application from WiniGuard rogue Family.

Screenshot of IGuardPc application


Bharath M N

Thursday, December 10, 2009

Internet Security 2010

Internet Security 2010

Internet Security 2010 is a new rogue security application. This rogue replaces Advanced Virus Remover rogue security application.



Screenshot of Internet Security 2010 application from Emsisoft.com site


Internet Security 2010 removal instructions here

Bharath M N

Safety Anti-Spyware

Safety Anti-Spyware

Safety Anti-Spyware is a new rouge security application. The rogue was first reported by Sunbelt here.

Screenshot of Safety Anti-Spyware rogue application from Bleepingcomputer.com


Safety Anti-Spyware removal instructions here

Bharath M N

Wednesday, December 9, 2009

SiteAdware

SiteAdware

Thanks to S!Ri for the info.

SiteAdware is the new rogue security application from WiniGuard rogue Family.

Screenshot of SiteAdware application


SiteAdware removal instructions here

Bharath M N

Tuesday, December 8, 2009

AntiTroy

AntiTroy

Thanks to Patrick Jordan of SunbeltSoftware for the info.

AntiTroy is the new rogue security application from WiniGuard rogue Family.

Screenshot of AntiTroy application


AntiTroy removal instructions here

Bharath M N

Monday, December 7, 2009

Antivirus Live

Antivirus Live

Antivirus Live is new rogue security application and a clone of Spyware Protect 2009.

Screenshot of Antivirus Live application


Antivirus Live removal instructions here

Bharath M N

Friday, December 4, 2009

PC Live Guard

PC Live Guard

PC Live Guard is the new rogue security application from Virusdoctor rogue family.


Screenshot of PC Live Guard application


PC Live Guard removal instructions here

Bharath M N

Live PC Care

Live PC Care

Live PC Care is yet another new rogue security application from Virusdoctor rogue family.


Screenshot of Live PC Care application from Bleepingcomputer.com


Live PC Care removal instructions here

Bharath M N

Thursday, December 3, 2009

AntiKeep

AntiKeep

Here Comes the 50th rogue from WiniGuard rogue Family.

Screenshot of AntiKeep application


The first variant of the family was WiniGuard which was seen in wild around October 2008. Initially this family came under Innovagest 2000 SL group. They also had plans to come up with rogues for Mac but was never seen live in wild.

You can see the traces of the file installed by this first variant on Lavasoft Malware Lab's page here

We saw a very quiet period and no activity from this rogue family for a long time and a second variant was out in April 2009 and the third in June 2009. Later, they started mimicking Kaspersky Online Scanner 7.0 to scare and push their rogue application.

Later we also observed that they used almost all fake/scare scanner page templates which is/was used by different family of rogue security applications to push their crap. Then after this we saw a steady stream of clones from this family. The family also left a message to Sunbelt research team. Reports here and here

With TRE AntiVirus they changed GUI of the rogue application for the first time. Later they changed the GUI again with AntiAID .

Here is the complete list of rogue security application from WiniGuard family.


WiniGuard
WiniBlueSoft
WinBlueSoft
Wini Fighter
Winishield
Save Keep
Save Soldier
Trust Ninja
Save Defense
Block Defense
System Cop
Quick Heal Cleaner
Save Keeper
Safety Keeper
Soft Safeness
Trust Warrior
Save Defender
Save Armor
Security Fighter
Security Soldier
Secure Veteran
Secure Fighter
Secure Warrior
Trust Cop
Safe Fighter
Trust Soldier
Trust Fighter
Soft Soldier
Soft Cop
Soft Veteran
Soft Stronghold
Shield Safeness
Soft Barrier
Block Watcher
Block Scanner
Block Keeper
Block Protector
System Veteran
System Fighter
System Warrior
TRE AntiVirus
Anti AID
Site Villain
Link Safeness
Secure Keeper
KeepCop
REAnti
RESpyWare
AntiAdd
AntiKeep


In MDL we keep the list of clones from this family updated. Follow this link here

Will this gang end their malicious activity here?


Bharath M N

Wednesday, December 2, 2009

Personal Security

Personal Security


Personal Security is a new rogue security application, this rogue replaces Cyber Security rogue security applciation.

Screenshot of Personal Security application from Bleepingcomputer.com


Personal Security removal instructions here

Bharath M N

Tuesday, December 1, 2009

AntiAdd

AntiAdd

AntiAdd is the new rogue security application from WiniGuard rogue Family.

Screenshot of AntiAdd application


AntiAdd removal instructions here

Bharath M N