List of Malware Sites for Aug 14, 2009

personalantivirus3

  • secure-spyware-scannerv3.com ([intlink id=”3607″ type=”post”]Personal Antivirus Scareware Site[/intlink])
  • secure-antispyware-scanv3.com ([intlink id=”3607″ type=”post”]Personal Antivirus Scareware Site[/intlink])
  • best-virus-scanner.com ([intlink id=”3607″ type=”post”]Personal Antivirus Scareware Site[/intlink])
  • homeantispywarescan.com ([intlink id=”3607″ type=”post”]Personal Antivirus Scareware Site[/intlink])
  • livetimeprotectionscan.com ([intlink id=”3607″ type=”post”]Personal Antivirus Scareware Site[/intlink])
  • beeves.info ([intlink id=”4217″ type=”post”]Internet Antivirus Pro Scareware[/intlink])
  • securitytoolworks.com (New Rogue Total Security Antivirus)

These sites gets installed in unsuspecting computers by way of exploits, backdoors, Trojans, or unsafe downloading practices. This usually means that if you have it you should remove it by any means necessary because this software has been know to cause more and more trouble as time goes by. This software is fake ware, it tries to tell you have a virus and that they can get rid of it. In fact, this software is not designed with Antivirus engine in it but to illicit pop ups and warning to raise the users security concerns about the computer in question. Downloading programs from bit torrents or other unsafe ways can and most likely will have these types of programs installed alongside the program you wanted.

Threat to System : Moderate

[rating:4/5]

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware.

I recommend :

Do a Full System with One of these Free Antivirus Software:

[ad#SUPERAntiSpyware]

Insanity Run Rampant — Antivirus Pro System (scareware)

Some of you would want to ask me why I am calling this title an usual title. In fact it is quite simple, I have been at the hospital since early this morning. While I was there I had some intriguing things happen. I was watching a person cruise the internet while they were at work. This is someone who is supposed to answer the phones and such. Then I see this POP UP, this draws my attention. “You SYSTEM Has Spyware”. This was my first thought, Scareware. The Popup said it was for “Antivirus Pro System”.
antivirus-system-pro

Since this was a Hospital computer, I couldn’t get a real screen shot of this but there are plenty examples out there, just like that one above.  Anyways what worries me is how System Admins are allowing employees to surf the web while at work on company time.   It also makes for a bad experience with their family.  It also concerns me about the fact that while that computer is infected some of the patients records could be leaked online.

[ad]If you have this Scareware program, Here is a good explanation on how to remove it.   Hospitals have a duty to protect peoples privacy.   Although I seriously this system had patient records it was being used to keep track of who was in surgery and where they were.

Hospitals should prevent their employees from using the internet and preventing patients or their family’s from using the internet.   While I was there I couldn’t do much but check my email and Maybe watch Twitter using Tweetdeck.   That was how bad the bandwidth was there.  According to some nurses they have a T1 Line.   So you know people are watching movies or other things through the internet.   I also heard from a doctor that people were streaming who were supposed to be at work.

That has been my day,  and am I tired.

I would also suggest people have a f[intlink id=”2205″ type=”page”]ree anti-virus software and a Good free Firewall[/intlink] to help prevent this type of scareware in the future.  Remember your the End User and that means only you can prevent this from happening in the first place.  Never go to suspicious sites or URLS that you don’t know where they go.   If you can prevent these types of attacks then you are much better off.

Inside Generic Pup.Z

[ad#ad2-left]

Infection Methods:

Potentially unwanted programs do not self-replicate. They spread manually, often under the premise that they are beneficial or wanted. They can either be stand alone applications, or come bundled along with other PUPs, Trojans or Rootkits.

Installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs.

Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Ways to prevent Infection:

In order to prevent these types of infections you need to understand that most of the time it is something you thought was useful but yet has a virus hidden inside of it.   Some of the things you can do to remove the virus is:

You need to remember about security and how to counter any virus installation by having a firewall and Anti-virus.  I have also put an e-store to better make use of anything I see on Amazon that might help you out.  If you want to visit it, click here.

Tools for Virus Removal : The ones I like to use!

In this post I want to talk about virus removal tools that I like to use when I need to remove a virus.   Some thing to consider when using these tools are:

Each of these have to be dealt with differently because each requires something different.  Like rootkits if you have one installed and know that it is a rootkit you only options are to download some rootkit removers like:

  • Sopho’s Anti-rootkit remover —  This is good for those more known viruses and can remove several types of rootkits.   This isn’t the only one I use, but it is a part of group that does the rootkit removing for me.
  • Microsoft Rootkit Revealer —  This is good for proving there is a rootkit.  I’ve not seen it not detect a rootkit.  Most of the time when I find a rootkit from the other rootkit revealers this one actually dos better with information.
  • Panda Anti-Rootkit Remover — This one is another one I use when the other ones can’t remove it.  Each one does remove certain rootkit differently and works better than the other.
  • Aries Rootkit Remover from Lavasoft — This is good for those really tough rootkits but have some great benefits for removing some of the really tough rootkits.

These are the ones that work well with me when it comes to removing the rootkits.  I’ve not had one of these to remove a rootkit but that depends on how you deal with the virus in the first place.  Now for Anti-spyware and Anti-Virus software here are some of the tools that I suggest:

  • HijackthisRun it, and when you get the LOG file you will want to go to HijackThis Log Analysis Site 1 and HijackThis Log Analysis Site 2, and see what it says.  This is the best software because it will scan all of the registry and tells you like a wiki what might it be.
  • MSCONFIG — Sometimes it is hidden but if you check through the MSCONFIG for any files that might not need to load. Also check the services tab and see if there is any services that may not be needed.
  • Pctools Antivirus Free Software — This is a free software so what can I say.
  • AVG Anti-Virus Free Edition 7.5.503 — This is another free one that can remove viruses really easily. Download this and you don’t have to worry to much.
  • Avast Home Edition — AVG does better than this one but people seem to like this so I have to add this for people who like this better than the others.
  • Clamwin Free Anti-virus — This is a good one because this is open sourced and easily can help detect so many viruses. This is good for those people who like open sourced.

These are just  the ones that I like to recommend that does pretty good on removing the viruses but there are others that I recommend on my Malware Resources that people have recommend to me but I haven’t tried them out yet.    Some of the Spyware and Adware removal and here are some of my favorites:

  • SuperAntispyware — Easily remove pests such as WinFixer, SpyAxe, SpyFalcon, and thousands more! Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System.
  • Malwarebytes can provide the needed assistance to remove the infection and restore the machine back to optimum performance.
  • Ad-Aware — This is a very good tool to get rid of some of the most annoying little viruses that try to fool you that you have a virus.
  • Windows Security Trojan Scanner — a Free online scanner to let you see if you might have a Trojan.
  • SmitFraudFix — A great little program to get rid of those Desktop hijacks, those programs that take over your browser or other file system.

If your current antimalware software let an infection through, you may want to consider purchasing the PRO version of SUPERAntiSpyware or Malwarebytes License to protect your computer in the future. SUPERAntiSpyware Professional or Malwarebytes License features highly advanced Real-Time Protection to ensure protection from installation or re-installation of potential threats as you surf the Internet (Both are trusted Vendors by CCSS Forums).

These are just a few that I like to use when it comes to fighting those virus programs and the people behind the virus programs.   If you consider how hard it is sometimes to recognize a virus, you can see the problem with some of the programs they can sometimes  say a file is a virus and delete it and the next thing you know it won’t boot into Windows.  This is what needs to be considered whenever you see a warning on your system so you must be careful when you remove files.  You should always have backups that is what I always recommend because the likely hood of something terrible happening to your data.  You should come up with a way to back up your system every week like a sunday back or even a Monday while your at work backup.

Figuring out the Email-Worm Win32.Zafi.b

This is another just I just saw on the web and wanted to talk about what this little Worm does and what it’s known Aliases:

Email-Worm.Win32.Zafi.b (Kaspersky Lab) is also known as: I-Worm.Zafi.b (Kaspersky Lab), W32/Zafi.b@MM (McAfee), W32.Erkez.B@mm (Symantec), Win32.Hazafi.30720 (Doctor Web), W32/Zafi-B (Sophos), Win32/Zafi.B@mm (RAV), PE_ZAFI.B (Trend Micro), Worm/Zafi.B (H+BEDV), W32/Zafi.B@mm (FRISK), Win32:Zafi-B (ALWIL), I-Worm/Zafi.B (Grisoft), Win32.Zafi.B@mm (SOFTWIN), Worm.Zafi.B (ClamAV), W32/Zafi.B.worm (Panda), Win32/Zafi.B (Eset)

[ad#ad2-left]This worm spreads via the Internet as an attachment to infected messages, and also via local and file-sharing networks.
It is written in Assembler, and packed using FSG. It is 12800 bytes in packed form, and 33292 in unpacked form.

This Worm seems to be running through email and file sharing sites, One thing it tries to do is stop the process and deletes:
fvprotect.exe
winlogon.exe
jammer2nd.exe
services.exe

It attempts to detect antivirus program files on the computer and overwrite them with a copy of itself.

[ad#ad2-right]It also attempts to conduct DoS attacks on the following sites:

www.2f.hu
www.parlament.hu
www.virusbuster.hu
www.virushirado.hu

This seems to be a very big virus and can be removed with the use of Kapersky Virus removal tool for free for this type of virus. In order to prevent this virus in the future the user has to remember about not getting opening unknown documents or emails and not running any unkown program from an unknown file sharing.   Also remember you need to have an anti-virus  and also a firewall to protect yourself in the future.