Category: security scans

Yet Another Android Scarevertising!

Paul

 

Androidsecurityfree.org

These are on the Rise!

I’ve seen more and more of this in the last few week.   One blogger, on barfooin.net talked about TunIn their advertising practices.  This one however came up with from Defrag+ and the advertising was simple yet to some very scary “Virust Detected! Remove Now!” and you saw a little animated bar like it was actually doing something.   This form of advertising should not be allowed and you should not install it!

The story behind installing this app, was a very simple one.   My Acer tablet was starting to get unresponsive and I wanted to see if the internal memory needed to be cleared and re-arranged.  I guess I could of bought the 10$ version but if they are going to allow this type of advertising on their app then I guess it doesn’t really do anything else. 

Third Party Advertising!

I should say this isn’t a big problem right now but I can see that if you got did your research to find me and you probably did.   You will see that there isn’t any real information out their about this and others like androidantivirusfree(dot)org which is one of the few that I’ve actually documented and talked about in the past! 

I don’t know which advertiser networks are allowing this sort of thing but I am sure sooner or later someone will start giving this people a mess of problems and they will see that they need to fix the problem.  

Push Notifications problems!

It definitely seems that this little app wants to advertise every chance it gets and it kind of seems the publisher is money hungry.   So I am unsure how trust worthy this app is and how much I want to keep it on my android device.   No wonder he is charging 10$ for the pro version of this app.   Oh well, I am going to delete this app and figure out how to fix the problem with out paying for apps like this one and others.   I am sure there is a simple solution to the problem but first I will go through and remove some of the apps that I don’t use anymore for starters and see where that leads me!

 

 

Removing Win32/Bagle.HE worm

Paul15 Replies

Here is another virus that seems to be spreading lately.   From the looks of it, it sees to be another email worm.  Here is what eset says:

Aliases

Email-Worm.Win32.Bagle.gt (Kaspersky), W32/Bagle.gen (McAfee), Trojan.Tooso!gen (Symantec)

[ad#ad2-right]Win32/Bagle.HE is a worm that spreads via e-mail. The size of its executable is 40565 B .

When executed the worm copies itself in the following locations:

  • Documents and Settings\All Users\Application Data\hidn\
    hldrrr.exe

  • Documents and Settings\All Users\Application Data\hidn\
    hidn2.exe

In order to be executed on every system start, the worm sets the following Registry entry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drv_st_key

[ad#ad2-left]It seems to have a manual removal process, Unless you pay for the other software but according to the 411 on PC Security:

Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.

The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.

Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.

I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.

[via 411 on PC Security]

According to this site you can remove it by doing some steps.  I think Kaspersky has an easier way to remove it and it looks like most anti-virus software will remove this.   You need to remember that only you can prevent this from the future.   You should also update your windows update and make sure your system is up to date.