Spyware Guard 2008 Analysis and Removal

Spyware Guard 2008 is a new entrant to the family of rogue security software. It is not to be confused with SpywareGuard a fine freeware from Javacool software.

A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.
Read more

If you enjoyed this post, make sure you subscribe to my RSS feed!

XP/Vista Antivirus 2008 Analysis and Removal

This rogue anti-malware application mostly installs via encoded re-directs from hacked web pages. When you happen to visit a hacked web page on a otherwise legitimate website your browser is automatically redirected to a rogue ware hosting website which shows a popup with a the text “Your computer is running slower than normal, maybe it is infected with with Viruses, Adware or Spyware. XP/Vista Antivirus will perform a quick and completely FREE scan of your system for malicious software.”
Read more

If you enjoyed this post, make sure you subscribe to my RSS feed!

Antivirus 2009: Analysis and Removal

This post analyzes the installation method of a rogue antivirus application Antivirus 2009 and its effective removal as observed by me. Antivirus 2009 is a fake antivirus application, designed to scare the users with fake alert screens about non-existent and often misleadingly named threats found on your system. When the user tries to clean the reported infections, the fake application directs the user to a subscription page and prompts for payment.
Read more

If you enjoyed this post, make sure you subscribe to my RSS feed!

Malware: Antivir64 Manual Removal

Further to my earlier blog about Antivir64 Rogue Antispyware software, there were many enquiries about how I managed to get rid of it off my system. Let’s start with the files and registry keys created by this malware. The following were found in my fully patched Windows Vista system:
Read more

If you enjoyed this post, make sure you subscribe to my RSS feed!

Malware Alert: Antivir64 Rogue Antispyware

Antivir64, a new rogue antispyware is on the prowl, it seems to be installing from scanner.antivir64.com with an affiliate id 1050 (scanner.antivir64.com/?aff=xxxx). The victims are redirected -probably through .htaccess file hack- from certain pages of legitimate but hacked websites. A quick google search shows first reports of blog sites getting hacked to redirect visitors to entice them to install antivir64 a variant of antispyware2008. I came across this malware accidentally when I happened to visit a page in connectedinternet.co.uk earlier today. My Firefox 3 hung in Windows Vista and I was forced to terminate it in not so graceful manner.
Read more

If you enjoyed this post, make sure you subscribe to my RSS feed!

How to remove Internet Antivirus (Internet Antivirus removal self help guide)

"Internet Antivirus is a new rogue anti-virus program that uses false information and aggressive tactics in order to scare people into purchasing it. Most people see ads for Internet Antivirus as they browse the web…If you decide to download and install the program, Internet Antivirus will be set to automatically run when your computer starts. Once started, it will scan your computer and display a variety of legitimate programs and folders and state that they are infection. These infections, though, can’t be removed unless you first register the program. This act of displaying legitimate entries as malware is being done to scare you into purchasing the program. In fact, if you deleted all of the files and folders that it stated were infections, your computer would not run properly.
Read more

If you enjoyed this post, make sure you subscribe to my RSS feed!