---

OSX.Lamzev.A - An OS X malware

A new trojan for the OS X has been discovered. When the Trojan is executed, it creates the following file:
/Applications/ezmal
Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

VirusTrigger Analysis and Removal

VirusTrigger is a new entrant to the ever growing family of rogue security software products. A clone of the rouge Antivirus Lab, the software and their Website is very professional in design and uses a variety of aggressive scare messages about non-existent malware infections.

Definition of a Rogue Security software: A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.

• VirusTrigger - Domain Information and Installation
• VirusTrigger - Associated Files and Folders
• VirusTrigger - Associated Registry keys and values
• VirusTrigger - Associated Domains
• VirusTrigger - Removal (How to remove WinDefender 2009)
• VirusTrigger - Rogue Gallery
• VirusTrigger - Video

VirusTrigger - Domain Information and Installation

This rogue anti-spyware currently installs from multiple domains like virtrigger.com, virus-trigger.com, systemtrigger.com, virus-triggers.com and virustrigger2009.com all living in a server belonging to viruslabs2009.com at IP 74.50.110.184, currently not listed in any blacklists. All the virustrigger domains except virus-trigger.com use china and singapore based privacy protection services to hide their names and country of origin. virus-trigger.com is registered to Valters Buss of Latvia by the registrar DotArai Co., Ltd.

The installation file is named vrt_setup.exe, 1.40 MB in size. It is identified in various names by about 7 out of 36 (19.44%) engines at VirusTotal. This file must be manually executed for the installation of the rogue anti-spyware.

Once installed by the user, it produces various scare messages, an unwary user might have great difficulty in ignoring.

When the user is tricked into clicking on one of the confirmation buttons, the VirusTrigger rogue loads the default Internet browser and opens its subscription page, once a desired subscription is selected the browser is re-directed to their payment processor segpay.com. This rogue was observed making periodical GET requests to a file named sync.php at the following domains: virtrigger.com, virus-trigger.com, systemtrigger.com, virus-triggers.com and virustrigger2009.com using the process VirusTriggerBin.exe.

VirusTrigger - Associated Files and Folders

• C:\Program Files\VirusTriggerBin\uninst.exe
• C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe
• C:\Program Files\VirusTriggerBin
• C:\Documents and Settings\Shanmuga\Start Menu\Programs\VirusTrigger 2.1\VirusTrigger 2.1.lnk
• C:\Documents and Settings\Shanmuga\Start Menu\Programs\VirusTrigger 2.1
• C:\Documents and Settings\Shanmuga\Start Menu\VirusTrigger 2.1.lnk
• C:\Documents and Settings\Shanmuga\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusTrigger 2.1.lnk
• C:\WINDOWS\Prefetch\VIRUSTRIGGERBIN.EXE-0A907FE7.pf

VirusTrigger - Associated Registry keys and values

VirusTrigger - Associated Domains

• virtrigger.com
• virus-trigger.com
• systemtrigger.com
• virus-triggers.com
• virtriggersupport.com
• virustrigger2009.com
• segpay.com
• viruslabs2009.com

VirusTrigger - Removal (How to remove VirusTrigger)

The free versions of MalwareBytes’s Anti-Malware and SuperAntiSpyware appear to remove this rogue security software quite comfortably.

1. Dowonload and Install either MalwareBytes’s Anti-Malware or SuperAntiSpyware from the links above.
2. Boot in to Windows Safe mode.
3. Click to scan with your chosen software. Check mark all instances of the rogue antispyware and delete them.
4. Turn System Restore off and on.
5. If you haven’t done yet, download, install scan and clean the temporary files with CCleaner.

You should now be clean of this rogue.

If you still see symptoms associated with this rogue anti-spyware, please post your problem at one of the Recommended Online Forums for Malware Help.

VirusTrigger - Rogue Gallery

VirusTrigger - Video

Note: The above installation was tested on a fully patched Windows XP SP3 running updated versions of Internet Explorer 7 and Firefox 3. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Anti-malware Testing Guidelines Published

"The Anti-Malware Testing Standards Organization has published a set of best practices and guiding principles for testing security software. Call it a much-needed first step.
Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

WinDefender 2009 Analysis and Removal

WinDefender 2009 is one of the recent rogue security software. A variant of the rogue IE Defender and Total Secure it deceptively looks similar to Windows Defender, a legitimate Microsoft anti-malware program.

A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.

Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

25 years of the computer virus

"A stressed e-mail from a friend once read: "A worm has just eaten my kid!" Thankfully, the message was not referring to infanticidal earthworms, but rather to a type of computer virus, a "worm", that had just infected some files (known as KID files) on his computer.
Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Malware Detection Goes Hybrid

"What do we do about malware? The long term solution, at least for managed networks like enterprises, may be whitelisting. But in the meantime we’re still drowning in new variants every day. In the 2009 generation of their products Symantec is trying a new approach: file reputation.
Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

New Malware Family Took Off in October

"According to Sunbelt Software’s monthly listing of the most ubiquitous malware and spyware attacks, an entirely new family of threats emerged rapidly during October.
Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Spyware Guard 2008 Analysis and Removal

Spyware Guard 2008 is a new entrant to the family of rogue security software. It is not to be confused with SpywareGuard a fine freeware from Javacool software.

A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.
Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Spyware then and now

Google brought back its oldest available index from the year 2001 on the occasion of its 10th birthday. It brought back certain nostalgic memories…I was into my second PC, a Compaq. That was the year I first got the internet connection at home through a 56kbps dial-up connection and that was the year I truly found the meaning of googling…
Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

Antispyware Pro XP Analysis and Removal

Antispyware Pro XP or Anti spyware Pro XP is one of the many variants belonging to the family of rogue security software. The following is an account of my experience with this rogue.
Read more

For more articles like this one, please subscribe to my RSS feed! or receive updates via Email, IM, Twitter, Skype.

---

---