TechJaws.com » Rogue Software

Facebook Trojan Spreads Rapidly

Frank Jovine — Wed, 09 Mar 2011 17:45:06 +0000

This is becoming a big problem and it’s time that Facebook step up and moderate what Apps are shared on their network. Facebook and its 600 million plus users is the perfect playground for cyber criminals to spread their malicious viruses, Trojans and Malware. The problem is users are receiving shares from friends who are unaware that the app (application) there sharing contains malicious data.

The latest app comes in the form of a “Free Gift” or “Surprise” and this app drops a Trojan on the user’s machine that launches a very nasty virus called “System Tool 2011.” If you are one of the unlucky people that got this bad boy, you are in for a lot of grief trying to remove it from your computer, but no worries, I have you covered.

It’s important that even when your friends share apps with you, don’t assume they know it’s safe. Don’t be the guinea pig, let other users allow the app and if enough time passes with no negative feedback, than I would try it out, but be careful!

How to Remove System Tool 2011

SystemTool is a rogue anti-spyware program that’s distributed via a Trojan and/or web pop-ups. The program is installed without the user’s knowledge. To remove this parasite, please follow the link below.

http://www.techjaws.com/how-to-remove-systemtool-2011/

10 Ways to Prevent being Scammed

Frank Jovine — Mon, 25 Oct 2010 18:13:52 +0000

Holidays are the most popular time of the year for cyber criminals to deploy their scams. Halloween is no different, as many people love to share Halloween related stuff with their friends and family. The most popular scam is the distribution of scareware. According to McAfee, cybercriminals make upwards of $300 million from conning web users worldwide into downloading scareware. Cyber criminals try to fool users into believing their computers are infected and in turn try to peddle the user into purchasing fake antivirus programs and other rogue software to remove the infections. Cyber criminals also set up websites that look like legitimate online businesses to steal your personal information.

10 Ways to Prevent being Scammed

Web sites looking like legitimate businesses to solicit personal or account information. Businesses such as banks will never ask for personal information by way of email. To be sure you don’t fall victim, download the WOT add-on which shows you which websites you can trust for safe surfing, shopping and searching on the web.
Never click on any links in an e-mail from businesses or people that you do not know. Links can be spoofed – the displayed text isn’t necessarily the true web address and/or destination.
Never “unsubscribe” to an email in which you’re not familiar with. When you respond or click the “unsubscribe” link, the sender takes your email address and adds it to a database. It’s best to mark the email as spam and delete the email.
Cyber Criminals will use major news events to trick their victims by sending email with a subject line related to the event and including an attachment that could contain a virus.
Beware of e-Bay and PayPal phishing e-mails. Cyber criminals know that email is not as effective as it use to be and now they’re setting up fake call centers so that you phone-in and give your personal information after you receive the e-mail.
Cyber criminals do make mistakes and if you take the time to read an email you can probably find spelling or grammatical errors.
Keep your computer software and security programs updated!
Avoid work-at home scams! During the holiday season you may receive an email that claims such as; “make more money by Christmas.” Scammers often make money by collecting other people’s personal information and then reselling it or using it illicitly themselves. They will require people to pay money upfront for materials and other expenses.
Only purchase from trusted sources that you have bookmarked. These sites always have SSL Server Certificates when you check out to make a purchase. You should see a lock in the bottom left of your browser, click on the lock to view the certificated information.
When joining a social network like Facebook, it’s better not to reveal too much personal information since this can be used for phishing scams.

What to do if you’ve been scammed?

If you think there’s a fraudulent change on your credit card, no matter how small, call your bank and immediately dispute it.
Report it! http://www.fraud.org/ is perhaps the best site for reporting fraud in the US. The NFIC accepts reports about attempts to defraud consumers on the telephone or the Internet.
Fraud Avoidance and Reporting – provides excellent fraud prevention and reporting resources to help you.
File your complaint with the FTC. Federal Trade Commission (FTC). Click on the link or call the FTC’s identity theft hotline toll-free at 1 (877) IDTHEFT or (877)-438-4338. The hotline is staffed by counselors trained to help victims and take their complaints.

Be smart this holiday season!

Security Tool Downloads Via Fake Firefox Block Page

Frank Jovine — Wed, 20 Oct 2010 14:20:21 +0000

Security Tool Virus a rogue anti-virus spreads via a fake warning page that looks just like the Firefox block page. The fake site prompts users with updates for Mozilla Firefox, but the update is actually an installer for Security Tool Virus. The story was originally reported by F-Secure.

If a user downloads the Mozilla fake update, they will be warned about an infection on the computer. The user, if convinced, will only be purchasing scareware authored by cyber-criminals in attempt to steal your money.

Image provided by F-Secure

The rogue application will automatically attempt to install itself on the machines of prospective marks in cases where scripts are enabled, net security firm F-Secure warns.

Firefox’s genuine attack warning technology is all server-side and never requests that users download updates. The attack relies, in part, on the ignorance of the majority of potential victims on this point.

If you were a victim of this scam and your computer is infected, please follow the removal instructions listed below and also visit the related articles to learn more on how to remove Security Tool Virus.

How to Remove Security Tool Virus

Manually

Stop Security Tool Processes: [random numbers].exe
Remove Security Tool Files
C:\Documents and Settings\All Users\Application Data\[random numbers]\
C:\Documents and Settings\All Users\Application Data\[random numbers]\[random numbers].exe
Remove Security Tool

Registry Keys

*HKEY_CURRENT_USER\Software\Security Tool
*HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Tool

Remove Security Tool Startup Entry: [random numbers].exe

Automatically

You can also download MalwareBytes Anti-Malware to remove Security Tool Virus.
F-Secure has already updated their AV product to block and remove Security Tool Virus. They offer a 30 day free trial of Anti-Virus 2010.

How to Remove AntiVirus Agent

Frank Jovine — Fri, 15 Oct 2010 16:51:59 +0000

AntiVirus Agent gives false alerts in the Windows task bar as pictured below. The fake alert advises users to update their installed antivirus program. If the user takes action by clicking on the message, it will try to trick the user into purchasing a separate program which is a rogue antivirus application. The rogue application is called Antivirus Studio 2010.

Type: Misleading Application
Name: Antivirus Agent
Website: Unknown
Risk Impact: Medium
Systems Affected: Windows 2000, Windows Server 2003, Windows Vista, Windows XP and Windows 7
Behavior: AntiVirus Agent is a misleading application that may give exaggerated reports of threats on the computer.

The fake warning messages will contain the following:

This rogue was detected by MalwareBytes when performing a scan.

Automatic Removal

Download and install Malwarebytes Anti-Malware. Make sure you update MalwareBytes after installation.

Reboot your computer in SafeMode
Right before Windows starts press F8 to enter into SafeMode.
When your computer boots into SafeMode, launch MalwareBytes and perform a full system scan.
Check and remove all threats found after the scan completes.

I recommend that you run multiple passes of Malwarebytes Anti-Malware.

It’s important that you keep your security programs up to date. I highly recommend downloading the WOT (Web of Trust) add-on for IE and/or Firefox. The WOT add-on warns you about risky sites before you click.

How to Remove AntivirusIS

Frank Jovine — Wed, 22 Sep 2010 14:22:40 +0000

AntivirusIS is a Rogue Antivirus program. Once Antivirus IS is installed, it runs a scan, the program reports false scan alerts. The user is then prompted to pay for a full license of the software in order to remove the threats. The program is also a browser hijacker that changes browser settings. The program will prevent a user from accessing other programs on the computer such as; task manager, registry editor and even system restore.

If you are unable to launch Malwarebytes Anti-Malware, simply rename the installer to iexplore.exe.

Type: Misleading Application
Name: Antivirus IS
Website: Theprotectall.com (Site rated poor on mywot.com)
Risk Impact: Medium
Systems Affected: Windows 2000, Windows Server 2003, Windows Vista, Windows XP and Windows 7
Behavior: AntivirusIS is a misleading application that may give exaggerated reports of threats on the computer.

AntivirusIS Manual Removal Instructions

AntivirusIS registry values:

Delete registry values:
HKEY_CURRENT_USER\Software\wnxmal
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:6522″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” =”1″

Other malicious files:
C:\Documents and Settings\[User Name]\Local Settings\Application Data\SET OF RANDOM CHARACTERS]\
C:\Documents and Settings\[User Name]\Local Settings\Application Data\SET OF RANDOM CHARACTERS]\SET OF RANDOM CHARACTERS].exe
C:\Users\User\AppData\Local\[SET OF RANDOM CHARACTERS]

Automatic Removal

Download and install SUPERAntiSpyware and Malwarebytes Anti-Malware. Both security programs come with free versions.

I recommend that you run multiple passes of SUPERAntiSpyware and Malwarebytes Anti-Malware.

This rogue software is from the same family as Security Suite and Antivirus Soft.

Google needs to clean up Paid Advertisers

Frank Jovine — Fri, 17 Sep 2010 14:06:12 +0000

Google needs to do some house cleaning and stop paid advertisers that have low reliability from advertising in their sponsored ads section. This has been an ongoing issue for years that should have been addressed a long time ago. You would think the most popular search company would filter and monitor its paid advertisers.

The reason why I am writing this article is because a commenter made some valid points from a previous article titled – “Why Google Instant Needs to Address BlackHat SEO.” I would like to thank Clarkson at pacificvacuum.com.

Google needs to protect users by eliminating these paid advertisers who pawn their rogue software for profit.

There’s one paid ad (pictured below) in the sponsored section to the right that goes to spynomore.com which is a site that peddles Rogue Antispyware. Rogue software is a scam and its only intent is to steal your money.

In addition to low reliable paid advertisers, Google needs to de-index and remove suggestive sites that are dangerous from its search as well. When a user is searching for antivirus and they enter the first 5 characters – “ANTIV”, Google suggests sites that sell rogue anti-virus such as Antivir Solution Pro. See image below.

I highly recommend downloading the WOT (Web of Trust) add-on for IE and/or Firefox. The WOT add-on warns you about risky sites before you click.

Justin Bieber Free Concert Ticket Scam

Frank Jovine — Thu, 19 Aug 2010 14:53:11 +0000

There’s a Facebook scam that’s getting very viral which claims to offer free tickets to a Justin Bieber concert. The scam is targeting teenagers to sign up to expensive premium rate mobile phone service.

The message appearing on Facebook reads: “WOW! Justin Bieber Is Giving Away Free Concert Tickets Now!”

This scam targets teens who adore the popular Justin Bieber and in most cases these teens will be willing to hand over any information to get their mitts on a pair of Justin Bieber tickets.

Parents and teens should ignore any message in the form of free tickets for Justin Bieber.

Scammers use these tactics often, but if a user falls for this so-called free Justin Bieber concert tickets, they are actually giving permission for a rogue application to post updates to their Facebook wall and status. The messages claim that the Facebook user “has just snagged 4 free tickets to see Justin Bieber!”

This rogue application has the potential in making these messages go viral in a big way. The scammers can also reuse this rogue application for other offers which could send users to malicious websites.

It’s a real shame when these scammers target young people. These crooks need to be stopped and prosecuted.

Facebook will probably remove this scam, but scammers will come up with another way to lure in victims for profit.

The current bit.ly link is no longer available.

This story was first reported by Graham Cluley at Sophos.

How to Remove Internet Security 2010 Rogue Software

Frank Jovine — Fri, 04 Jun 2010 16:19:19 +0000

Internet Security 2010 is a rogue (fake) internet security suit that gives false reports of threats on the computer. Once a user downloads this application, they’re prompted to purchase the full license in order to remove the false infection.

Name: Internet Security 2010
Publisher: Internet Security 2010
Website: defendvirus.com
Risk Impact: Medium
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP

How to Remove Internet Security 2010

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan.
Delete any values added to the registry.

You can download a free copy of Malwarebytes’ Anti-Malware to remove this software.

See more fake antivirus removal instructions here.

How to Remove Virus Protector

Frank Jovine — Tue, 09 Mar 2010 17:42:24 +0000

VirusProtector is rogue software that reports false threats on the computer. The software must be downloaded manually by the user. When a user downloads Virus Protector and runs a scan, the program reports false scan alerts. This rogue software tries to fool the user in purchasing the full license in order to remove the false threats.

Name: VirusProtector
Version: 1.0.0.1
Risk Impact: Medium
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior: The program must be manually installed.

It can be downloaded from the following location: [http://]antivpc.com (The site needs to be rating red by the WOT community).

The program reports false or exaggerated system security threats on the computer.

The program may also display the following fake error messages:

How to Remove VirusProtector
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan.
Delete any values added to the registry.

For specific details on each of these steps, read the following instructions.

If you do not have Norton Antivirus, you can download a free copy of Malwarebytes’ Anti-Malware to remove this software.

See more fake antivirus removal instructions here.

Security Tool Virus Update and Removal

Frank Jovine — Fri, 19 Feb 2010 17:14:10 +0000

This nuisance rogue malware program has resurfaced once again. Security Tool Virus was first discovered in October 2009. It’s in the same family as Winweb and it’s by far the toughest and most complex rogue software to remove, but we solved that issue last year.

Security Tool Virus is classified as a rogue software by many security firms because it falsely reports infections and scares users into purchasing the full license of the program in order to remove these false infections. Security Tool Virus will start automatically when you log in to your computer.

Be careful, and DO NOT delete the infected files found by Security Tool Virus as these are legitimate system files.

Symptoms that may be in a HijackThis Log:

Please note that the files and folders for Security Tool and SecurityTool have random names.

O4 – HKLM\..\Run: [4946550101] %UserProfile%\Application Data\4946550101\4946550101.exe
O4 – HKCU\..\Run: [Install] %UserProfile%\Application Data\4946550101\4946550101.bat

Download HiJackThis

Security Tool Virus Activities:

Changes browser settings
Shows commercial adverts
Stays resident in background

Automatic Security Tool Virus Removal: http://www.pctools.com/downloads/afl_2-spyware/sdsetup.exe

Security Tool Virus is from the same family as Total Security 2009 and System Security.

Other Removal Instructions can be found here.