List of Malware sites for Dec 10, 2009

Personal Antivirus — Download SUPERAntiSpyware (Database Version 4349):

• update-protection-z4.cn
• update-protection-z6.cn
• lenovosecurity01.cn
• lenovosecurity51.cn
• new-antimalware01.cn
• update-protection-z1.cn
• ferrari-scan9.cn
• radius-protect-c1.cn
• radius-protect-a1.cn
• radius-protect-b1.cn
• intel-secure10.cn
• intel-secure20.cn
• intel-secure90.cn
• intel-secure02.cn
• intel-secure01.cn
• atomantispyware11.cn
• atomantispyware21.cn
• atomantispyware31.cn
• atomantispyware51.cn
• atomantispyware61.cn
• pc-antispy013.cn
• pc-antispy999.cn
• pc-antispy051.cn
• pc-antispy001.cn
• windefscanm9.cn
• windefscanm0.cn
• vip-protectionv9.cn
• vip-protectionz4.cn
• windefscanm1.cn
• vip-protectionv8.cn
• top2009security.cn

Internet Antivirus Pro Scareware

• ewiali.cn
• ewiaguh.cn
• inb6sh.com
• divyza.cn
• jynuroh.cn
• jypebgi.cn
• diwehym.cn
• enoihup.cn
• kanjiur.cn

Fake Scanner Pages:

• scan.dewesan.cn

Rogue Antivirus scareware sites:

• siteadware.com
• antitroy.com
• letmeguard-yourzone-pc.com
• systempc-scan-check.net
• livepcguard.com
• downloadavr13.com
• clean-vironmypc.net
• cleanvir-onmypc.net
• cleanviron-mypc.net
• cleanvironmypc.net
• internal-scanforpc.com
• internal-scanforpc.net
• internalscanforpc.com
• internalscanforpc.net
• safetyantispywareshop.com

SuperAntiSpyware Pro Is it Worth 29.95?

I have a couple people ask me “is SUPERAntiSpyware worth it?” when I am working on clients computers and I thought I would show you just how good SuperAntiSpyware works with removing scareware:

Part 1

Part 2

Part 3

Part 4

Thanks to Matt from www.remove-malware.com for posting these videos.

As you can see SuperAntiSpyware with the Real time Blocking can help block and remove malware on your system. Some of the key differences from free to Pro are easy to see. Now I can’t make the decision for you but I hope these videos help your decide if it is worth it. I do know I recommend Pro to all my clients and customers who want to have the cheapest possible Antivirus And Spyware. You can visit my Review of AVG 8.5 Free and SuperAntispyware Pro for further details. This is what I recommend to my clients and customers who want to keep it cheap. I hope this helps you decide when it comes to buying it. The nice part of about Buying SuperAntispyware is that it is 29.95 and if you buy it with the Lifetime Subscription you get it for $39.90 and you don’t have to pay for it anymore.

Fake Security Adviser from explorersecurityhelper.com

I saw this come in my way and I thought I would share it:

Here is a site that is another scareware attempt from the makers of Personal Antivirus.   They do this to get money from unsuspecting users who think this will protect there system but the truth of the matter, they are either trying to get you to install even more Malware or buy a program that doesn’t do what it claims.   You should never buy from a site you do not know anything about and you should never install software from a site you have no knowledge of

Threat to System : Critical

Rating:

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware. This has altered your browser and can be monitoring your system and should be taken off your system. You should consider your system compromised until you clean your system.

I recommend :

Download SUPERAntiSpyware

Download Malwarebytes

SUPERAntiSpyware now has an ONLINE Scanner that you can use to help get rid of some of the malware that keeps you from running your anti virus. You should give it a try....

Twitter Spam attempt: “See the NSFW pics twitter deleted from my profile here”

Looks like this might have been a improper adult content or maybe a Malware attack:

If people are wonder what NSFW means:

Not suitable/safe for work (NSFW), not work-suitable/safe (NWS), or not school-suitable (NSS) is Internet slang or shorthand. Typically, the NSFW tag is used in E-mail, movies (such as on Youtube) and on interactive discussion areas (such as internet forums, blogs and community websites) to mark URLs or hyperlinks which may be sexually explicit or include audio containing profanity, helping the reader avoid potentially objectionable content.
[via Wikipedia]

It looks like this was done with using Tinyurl and has been flagged for either Spam, Fraud, Malware, or Any other use that is illegal. I am glad Tinyurl did catch this and stop it. If you see something that say NSFW in your twitter account your best bet is to delete it and go on with your life. I am sure it is something your should not go to probably because it was a malicious way to get your to go to the link. If you want to preview the urls that are used by Tinyurl, just visit the preview feature. If anyone else hears of some kind of Twitter attempt let me know and I’ll blog about it. This would be the best time to install Free Anti-virus and Free Firewalls to help prevent from getting Viruses or Malware.

Tools for Virus Removal : The ones I like to use!

In this post I want to talk about virus removal tools that I like to use when I need to remove a virus.   Some thing to consider when using these tools are:

• Is it a Rootkit?
• Is it Spyware?
• Is it a Virus?
• Is it a Trojan?
• Is it a Worm?

Each of these have to be dealt with differently because each requires something different.  Like rootkits if you have one installed and know that it is a rootkit you only options are to download some rootkit removers like:

• Sopho’s Anti-rootkit remover –  This is good for those more known viruses and can remove several types of rootkits.   This isn’t the only one I use, but it is a part of group that does the rootkit removing for me.
• Microsoft Rootkit Revealer –  This is good for proving there is a rootkit.  I’ve not seen it not detect a rootkit.  Most of the time when I find a rootkit from the other rootkit revealers this one actually dos better with information.
• Panda Anti-Rootkit Remover — This one is another one I use when the other ones can’t remove it.  Each one does remove certain rootkit differently and works better than the other.

Trojan.PWS.ChromeInject.A is not a Firefox plugin.

A new type of malware designed to harvest web passwords has been detected in-the-wild by BitDefender’s antivirus research labs. This latest e-threat – called Trojan.PWS.ChromeInject.A – is intended to be delivered onto a compromised computer system by other malware for subsequent download into Mozilla Firefox’s Plugin folder. Once installed it gets to work every time Firefox is started.

[Via Bitdefender]

So having seen this I thought I’d come up with ways around this to better protect yourself.  One way to prevent this from getting your sensitive data is to get a program like Sandboxie.   You could stop using Firefox that would be silly, because right now Firefox is more secure than Chrome and Internet Explorer.   I’d also suggest checking out my Anti-spyware page and Anti-Virus page and get some more protection.

The key to this virus protection is just be cautious of where you go and keep all you system update to date to prevent all this from happening.  It is also advisable to not have your passwords saved on Firefox, you should use something like Roboform, it is free  to download and try.  It will encrypt your passwords so if they don’t know the master password then they are out of luck.  Roboform is also good for coming up with some strong passwords.  Just some suggestions to prevent from people seeing your sensitive data, you don’t want anyone to get that data.

Are you patched, Secunia Says NO

Think you’ve got nothing to worry about, according to Secunia 98% of computers are not fully patched and are vulnerable to some kinda of attack.

So I wanted to talk about this a little and give you a few good ways to make sure you are patched.  There are several ways to get your system up to almost 100%.

Some things to do is make sure you have your Windows systems updated.  This is easy to make sure, if you have an internet connection you can just check for updates.  If you don’t know how to do it, it is quite simple, Just go here.    If you have Windows Vista all you have to do is hit Start and type in the search box “Windows Update” and hit Enter and you will be taken to the update page.

If you have a system that is off of the Net you could use the Clone of Autopatcher Program to do it for you.   You also need to update all your secondary programs such as Audacity, Open Office, and other programs that you use weekly.

Spying on Spyware.ISpynow!!

This is another Virus that is going around and thought I’d tell you about it:

Spyware.ISpyNow monitors files, network traffic, and keystrokes. This Spyware gives the person who installed it a Web-based interface with summaries of logged information on the host computer.

[Via Symantec]

Now this one isn’t to hard to figure out what happened.  You have to manually install it on your system to get infected.  Symantec has a great way on uninstalling this annoyance.  I also suggest checking out my other program list just in case you don’t want to buy Symantec Anti-Virus programs.  Some other things to check out is:

• Avg detected Trojan Horse Generic 12.htc? – This has a great article on how to use HiJackthis program and how to make sure you no longer have the virus.
  
• Some Important programs to prevent yourself from having viruses and Malware!! — This article gives you some other programs to use other than Symantec.   You have a wide variety of choices on Anti-virus programs and Firewall Choices.  You also have some choices on Spyware removal programs.

Microsoft kills a fake antivirus tool from 994,061 computers!

According to Arstechnica and I’ll quote:

Win32/FakeSecSen has gone by various names, including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, and Ultra Antivirus 2009. Furthermore, it is skinnable, so each of these variants has a different GUI, although the basic functionality is the same: bother users with warnings of malware until they pay up.

The Microsoft Malware Protection Center recently released some data on how the removal tool performed this month: FakeSecSen was removed from 994,061 machines. That number isn’t the highest Microsoft has recorded before, and the number of removals depends on which malware Microsoft adds each month and how widespread it is.

[via Arstechnica]

This seemed to of happened this month with the usual Windows update.  If you haven’t updated your system just yet you should.   This troublesome fake virus seems to have been killed  from several systems.  This could effectively make it harder for these guys who ever designed this program to make money.  I hope microsoft does even more virus removals in next month.  If you still want to try to get rid of these viruses don’t forget to check out my tips on Virus removal.