Malware sites for July 30, 2009

I just got some news about a few sites:

personalantivirus3

  • husger.info (Scareware, Rogue Antivirus)
  • antivirus-quickscanv5.com ([intlink id=”3607″ type=”post”]Personal Antivirus[/intlink])
  • safe-online-scanner.com ([intlink id=”3607″ type=”post”]Personal Antivirus[/intlink])

These sites are either claiming you have a virus and are considered either URL Redirects or URL Hijackers.   If these sites keep appearing on your web browsing maybe it is time to do a complete system scan and get that spyware off your system.   Some of these Rogue Antiviruses  may even have a security adviser claiming random sites are infected with viruses or Trojans and claiming they are unsafe.  These sites are either wanting you to isntall the software or trying to sell you the fake product, which will do nothing but harm your system.

Threat to System : Moderate

[rating:4/5]

Advice : Do a Complete system scan and make sure you don’t have any more hidden malware.

I recommend :

[ad#SUPERAntiSpyware]

New spam Campaign — Casino Anyone?

Looks like there is a new Campaign going on with regards to having VIP access.

geocitiesspam

So I go to the site:

geocitiesspam1

[ad#cricket-right-ez]

I decide to have a little fun and download the file.  The Filename is “Smartdownload.exe“.  Now you shouldn’t install any software or programs from sites you don’t know about or have any idea of what changes are going to be made.  I use CWSandbox to better understand this file.  Here are a few thinks I’ve found:

  • This program connects to three different IP’s [Your broadband Modem,200.122.168.237, and 212.201.100.136]
  • It also Changes your Autoexec.bat file.  (Not good)
  • Changes access flags on several different program (not good either)
  • It also tries to be Anonymous.  If you checks the logs out your self you will find it very interesting.
  • It looks like it connects to the servers every time you boot up!! (Not good either)

I don’t know what it is trying to do but everything I see about this file makes me think this is trying to avoid virus detection.  I ran Kasperky and Avast file check, it came up clean.   I think what happens is you download the virus after you install this software.  I wouldn’t download this or install it, even though it advertise you 800% free that has to be scam or just a flat lie to get you to install software.  Everything about this program doesn’t make me want to to install this software, although it doesn’t seem to be a virus.  It however does make me want to delete the file.  Remember to use[intlink id=”2205″ type=”page”] Anti-virus and Firewalls[/intlink], that is your first line of defense.

AVG Detected a False Positive

[ad#ad2-left]According to Security and The Net:

An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.

[Via Security and The Net]


[ad#ad2-right]I bring this up because this is a false positive according to AVG. AVG since sent out another update to there Database and you can go and update the database to get rid of this problem. If you need to restore that DLL check out the article Security and The Net, they got some excellent suggestions on fixing the problem.

If you’ve not been affected by this yet, you probably won’t be. It is yet unknown how many people have been affected. I’m blogging about this to tell people about this and to warn people that not all of warnings from AVG are true and that is why you should always ask before you delete or do anything to your system. I always USE google when it comes to these types of questions

Sites that you need not Visit:

[ad#ad2-right]I’ve had some Anti-virus problems in the past few weeks and have been trying to see if it is my system or if it was just luck of the draw.  So I did some research and found some sites that you should not go to, or download from.   These sites have been know to spread the fake anti-virus malware software.   So I wanted to warn people of some common websites that have been known to have viruses on them:



  • hxxp://movieportal2008q.com/freemovie/Movie/xxxx/x/ — this site usually tries to send you the “Trojan.HTML.Zlob.AG” Virus.
  • hxxp://porntubedot.com/xxxxxxxx/WatchFreeMovie.php –This site usually tries to send you the “Trojan.Dropper.SMN” Virus.
  • hxxp://handballfondi.it/xxxxxx1.php — This site is one of the new Malware sites that looks like Youtube,   When you go to this site they say you need a special to play a video clip.  Most of the time when you get something like this, it is going to try to install Malware. A good broad set of Codecs that you may want to download is called Klite Mega Codec, which if you us that you should never need to download any other codec to play a movie clip from any site online.
  • hxxp://0scanner.com/—censored—/ —  This site usually tries to send you the “Adware.FakeAntiVirus.L” virus.  Another site trying to install malware. [ad#ad2-left]

If you want to check your system, here are some places to go to get a free Anti-virus check:

If you have any other ways sites that we should avoid by all means comment about it. I would love to hear sites that you know are bad!!