Worm.NetSky is a malicious worm that distributes itself as an email attachment. Once executed, Worm.NetSky will add itself to the Windows registry ensuring that it loads each time you turn on your computer. Worm.NetSky will scan your computer for email addresses and will email itself as an attachment to any email addresses found on your PC. Worm.NetSky will also create a backdoor on your PC, which will provide access of your system to remote attackers. Worm.NetSky shouldn’t remain on your system any longer.

Posted on January 4, 2008 in Worms


BackdoorNetbus is malware and allows hacker's to access and control infected PC's from a remote location. This enables the hacker to steal your files, private information and data, damage installed programs and other malicious acts. This type of "application" is sometimes referred to as a Remote Administration Tool. BackdoorNetbus is also known as NetBus.reg (McAfee), Troj/NetBus-REG (Sophos) and REG_NETBUP.A (Trend Micro). BackdoorNetbus also changes the registry so that it automatically runs every time Windows is startup.

Posted on January 4, 2008 in Remote Administration Tools


The Trojan.Spy.Banker.Gen Trojan was first detected in early 2009. This dangerous malware threat is used to steal online banking data and has been responsible for the loss of millions of dollars since its discovery. It is designed to affect computer systems with the Windows operating system and, even though Microsoft has released various security updates to help protect its customers from Trojan.Spy.Banker.Gen, the criminals behind Trojan.Spy.Banker.Gen have also continually updated their malware infection since its first release. The term Trojan.Spy.Banker.Gen is a generic term that is used to refer to most members of the Win32/Bancos family of Trojans, a family of dangerous malware designed to steal banking information, such as the login names and passwords for online accounts among the main banks of the world. Although...

Posted on January 3, 2008 in Trojans


SearchWords is a toolbar for Internet Explorer that changes web search settings and displays numerous unwanted commercial ads. SearchWords must be manually installed. In actuality SearchWords is a browser plugin which is a computer application that enhances web browser's abilities by adding extra features in it. Some functions, however, can be malicious. Some browser plugins can be very similar to spyware, adware and browser hijackers. Browser plugins can monitor the user's web browsing habits, display pop-up ads, modify the user's web browser's default home and search page without permission, redirect a web browser to another site and change important web browser settings.

Posted on January 3, 2008 in Browser Plugins


HubSafe is a spyware that states to be a parental application. HubSafe urges the affected PC user to reveal some personal information and then sends it to remote attackers. HubSafe is also able to install a web browser plugin and creates a desktop shortcut with Korean characters. HubSafe doesn't contain any harmful payload. HubSafe is can secretly update itself via the Internet and run automatically every time you boot up Windows.

Posted on December 30, 2007 in Malware

Files Secure

Files Secure screenshot

Files Secure v.2.1 is a rogue anti-spyware program that is primarily designed to trick Internet users into purchasing its commercial version. Files Secure is promoted by the Trojan program called Trojan.Downloader.Adload.pd, which often is downloaded and installed on the computer together with fake video codecs that users usually get from questionable web pages. Once executed, Trojan-Downloader.Adload.pd will hijack web search engines like Google and generate false error alerts in your search results. Trojan-Downloader.Adload.pd will also popup irritating fake warning messages stating that your computer has been infected with various Trojan programs, such as Trojan.Win32.Agent.akk,...

Posted on December 27, 2007 in Rogue Anti-Spyware Program


VirusProtect screenshot

VirusProtect is a rogue anti-spyware program that is often downloaded and installed by a Trojan or through browser security holes. VirusProtect launches on Windows startup and may generate excessive popup adverts. It will also display notifications of imaginary security risks in its attempts to get the user to purchase the full version. This program can be extremely difficult to remove manually, and will continue to try to recreate itself. VirusProtect is affiliated with the Zlob family of malicious Trojans. The latest version of this rogue software program is VirusProtect 3.8.

Posted on December 25, 2007 in Rogue Anti-Spyware Program

IE Defender

IE Defender screenshot

IE Defender is classified as a rogue anti-spyware application because of its misleading and aggressive advertising practices. IE Defender creators and their marketing affiliates propagate and install IE Defender's rogue anti-spyware application through a download that is bundled with a Trojan generated by a Browser Helper object (BHO). Most of these Trojan bundled downloads circulate in web sites that offer a "video codec" to view free adult entertainment videos. Once your computer gets infected with the Trojan, it will start showing up an annoying pop-up message: "NOTICE: Your system is infected and your computer performance is not at the highest level. Full system optimization will...

Posted on December 25, 2007 in Rogue Anti-Spyware Program

ProcessGuard How to Use

SpyHunter 3.0 contains an advanced ProcessGuard feature, designed to give you complete control over which processes are authorized to run on your system, and allowing you to identify and stop malicious processes before they are even executed. To activate the ProcessGuard, click on the ProcessGuard Tab on the left side of the SpyHunter3 window and then check the Activate ProcessGuard checkbox. If you ever desire to turn Process Guard off, just uncheck this checkbox. The ProcessGuard tab displays a list of: Allowed items (that you have granted permission to run on your system) on the left side of the window. Blocked items (that you have specifically blocked from running) that are on the right side of the window. You can edit these lists at any time through the ProcessGuard interface. To bring up additional properties of a process that is...

Posted on December 24, 2007 in Documentation

RegistryGuard How To Use

SpyHunter 3.0 contains a RegistryGuard feature, designed to give you complete control over which processes are authorized to add auto-start entries to your Windows registry. This feature will identify and stop any processes that attempt to secretly auto-start malware by exploiting the Windows registry. Please note that RegistryGuard will not block a program from all registry access. It will only block a process from being able to write to auto-start points of execution in the registry. Therefore, even blocked programs will generally be able to function on your computer (although they cannot write registry entries to automatically start themselves or other processes). To activate the RegistryGuard, click on the RegistryGuardTab on the left side of the SpyHunter3 window and then check the Activate RegistryGuard checkbox. The...

Posted on December 24, 2007 in Documentation


Trojan-Downloader.Adload.pd is a hazardous Trojan horse virus that generates fake security alerts in its attempts to fool users into purchasing the rogue anti-spyware application known as Files Secure. Typically, Trojan-Downloader.Adload.pd infiltrates a computer when the user downloads and installs a fraudulent video codec that is often found in adult-related web sites. Once installed, Trojan-Downloader.Adload.pd launches numerous pop-up windows stating that the computer has been compromised. This is all in an attempt to intimidate the user into purchasing the fake spyware remover Files Secure.

Posted on December 21, 2007 in Trojans


AOLPass is an AOL spyware typically installed onto a computer due to spam emails, or corrupt messages received on an AOL instant messenger (AIM). Once active on your system, AOLPAss will automatically run whenever Windows starts up. Besides sending unsolicited messages to other AOL users, AOLPAss may also monitor your internet browsing activity and attempt to steal your AOL login names and passwords.

Posted on December 21, 2007 in AOL Parasites

AdwareRemover2007, RegSort, Trackware.BarBrowser, more – SpyHunter Update v.7.36

SpyHunter Spyware Definitions Update: v.7.36 (12/20/2007) SpyHunter Latest Program Update: v.3.2.0 Keep Your SpyHunter Up to Date New spyware appear almost every day. Updating your SpyHunter regularly can protect you against newly released spyware, adware, worms, trojans and other malicious threats. To use SpyHunter's Instant Definition Update, which provides the latest spyware definition updates and other program updates, go to SpyHunter > Update > Definitions Update. Our Advice: If you currently do not have SpyHunter, it is highly recommended you try SpyHunter's Spyware Scanner. Newly Added Threat List The following new parasites have been added to SpyHunter: Updated Threat List The following parasite threats were updated: VirusProtect AntiSpyGolden Zlob.Trojan MalwareBurn VirusHeal IE Defender Trojan.Obfus.Gen Lop.com...

Posted on December 20, 2007 in Database Updates


AdwareRemover2007 screenshot

AdwareRemover2007 is a corrupt and misleading spyware removal utility that is mostly delivered by the Zlob Trojan, through browser security holes, or via other unconventional delivery methods. Once executed, AdwareRemover2007 will display false notifications, claiming that your machine is infected with various Trojans, Viruses and other parasites. AdwareRemover2007 displays these fake messages for the reason to goad you into purchasing the full version of AdwareRemover2007.

Posted on December 20, 2007 in Rogue Anti-Spyware Program


RegSort screenshot

RegSort is a rogue computer cleanup tool. RegSort is purposively created to repair falsely detected registry problems and is usually downloaded and installed with the help of nasty Trojans or through browser vulnerabilities. Once installed, RegSort loads on every Windows boot. RegSort will display fake messages in order to lure you into buying the full version of this program.

Posted on December 20, 2007 in Rogue Anti-Spyware Program