Windows 8 Consumer Preview - Windows Smart Partner (FakeAV) - 03.03.2012 -...
This is the new Metro UI in Windows 8 I figured I should start experimenting with Windows 8. What better way to learn Windows 8 than infecting the OS with a Fake Antivirus and then removing it? :-D I...
View ArticleZeroAccess Authors Are Now Faking Company Name: Iomega
In a previous post I mentioned that ZeroAccess authors were faking the Company name: Oak Technologies Inc. Well, they have changed who they want to disguise their malicious .dll files to the company...
View ArticleBest Virus Protection (FakeAV) bundled with RLoader (Rootkit) - 03.08.2012 -...
This was performed on a virtual machine. __________________________________________________________________________________ Looks similar to Microsoft Security Essentials, a legitimate antivirus. It...
View ArticlePanda Security Creates ZeroAccess Cleaning Tool (Yorkyt.exe) - Removes Abnow...
Panda Security has created an AntiZeroAccess tool that works very well compared to others I have tested in the past. In fact, it practically removed every trace of ZeroAccess minus 2-3 dormant files....
View ArticleGEMA - Germany (Ransom Trojan) - 03.29.2012 - Analysis and Removal
Once you are infected with GEMA, you will be prompted a white screen with text that reads: "Please wait while the connection is beeing established." and then the German translation......
View ArticleGimemo - France - Gendarmerie Nationale (Ransom Trojan) - 04.01.2012 -...
__________________________________________________________________________________ HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows|Load...
View ArticleTobfy - Germany (Ransom Trojan) - 04.07.2012 - Analysis and Removal
Hijacks HKCU\Software\Microsoft\Windows\CurrentVersion\Run "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" + "(Default)" "" "" "File not found: C:\Documents and...
View ArticleWindowsSecurity (Ransom Trojan) - 04.13.2012 - Analysis and Removal
Creates this registry value: HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell points to the malicious that was run. Creates a bad value under this key:...
View ArticleGVU - Germany (Ransom Trojan) - 04.16.2012 - Analysis and Removal
__________________________________________________________________________________ FRST HKLM\...\Run: [5kS43ADO0bzprWo] C:\Documents and Settings\thisisu\Application Data\soundblaster_fx648.exe [x]...
View ArticleRannoh - Canada (Ransom Trojan) - 05.04.2012 - Analysis and Removal
Figure 1.a __________________________________________________________________________________ This is very similar to Gendarmerie Nationale (French) in the sense that the bad files are practically...
View ArticlePolice Nationale Francaise - France (Ransom Trojan) - 05.14.2012 - Analysis...
__________________________________________________________________________________ Easy way to defeat: If on XP: Press F8 upon boot to get to the Windows Advanced Options Menu From the list, choose...
View ArticleGimemo Ransom - Germany - "Please wait while the connection is beeing...
This list will be maintained. I will try to organize them in chronological order ______________________________________________________________________________ flint4ytw.exe -...
View ArticleWeelsof - Metropolitan Police - United Kingdom (Ransom Trojan) - 05.22.2012 -...
________________________________________________________________________________ FRST HKLM\...\Run: [voitjxghtvngqbu] C:\Documents and Settings\All Users\Application Data\jhdmxqskgvmtxilxyiwh.exe...
View ArticleLive Security Platinum (FakeAV) - 06.02.2012 - Analysis and Removal
Proceeds Security Sphere 2012, Smart Protection 2012, and Smart Fortress 2012 _______________________________________________________________________________ RogueKiller ¤¤¤ Bad processes: 1 ¤¤¤ [SUSP...
View ArticleZeroAccess CLSID variant versus ComboFix
http://www.youtube.com/watch?v=B0sY_1ZXxTU http://youtu.be/B0sY_1ZXxTU
View ArticleCrapRemover - Introduction and Demonstration
CrapRemover will remove unwanted browser hijacks such as Babylon, Facemoods, Funmoods, Searchqu, iClaro and many others that I see populating forums of the anti-malware community. See the following...
View ArticleJunkware Removal Tool (JRT) Released - Freeware
About Many of the infections we see on the forums and in the work environment nowadays involve a user that has an unwanted program, toolbar, or browser helper object (BHO) on their computer. Some...
View ArticleMalware Removal and PC TuneUp Guide
Hello, I'm going to provide you a free guide to perform malware removal and a basic PC tuneup on practically any PC provided that it at least boots to the Windows desktop. You may be wondering, why a...
View ArticleJunkware Removal Tool - Module Check Testing
http://www.youtube.com/watch?v=ubG5Lq-JPb8 This was beta, current version is 4.1.4 includes Modules check for all OS ;)
View Article