XP Police Antivirus

XP Police Antivirus, XPPoliceAntivirus or XPPolice Antivirus, is a rogue anti-spyware program designed to trick users into believing it's a legitimate Microsoft product. Needless to say, XP Police Antivirus has no relation whatsoever with Microsoft Corp. XP Police Antivirus may be installed in the user's computer system by a Trojan, such as Zlob, through a rogue video codec download or the user may have downloaded it from a rogue website. Once Zlob is installed, the user will receive a large amount of fake notification messages stating that his/her computer is infested with spyware. In order to remove these threats, the user will be redirected to a fraudulent website to further purchase XP Police Antivirus's full version. XP Police Antivirus is also able to emulate a computer system scan. After XP Police Antivirus's scanner is...

Posted on February 1, 2009 in Rogue Anti-Spyware Program


Downadup, also known as W32.Downadup, Conficker and Kido, is a malevolent worm. Downadup may be installed and spread in the user's computer system through weaknesses found in Windows MS08-067 service vulnerability. The Downadup worm is particularly dangerous because of its ability to infect and spread to other computers by network shares and removable media. The Downadup worm has reached epidemic proportions with its widespread infection. According to experts, Downadup has already infected over 9 million PCs. The problem has not gone unnoticed as Microsoft has responded by releasing a patch to fix the Windows vulnerability which the Downadup worm is exploiting. Unfortunately, there are many computers that do not have this Microsoft patch installed and still remain hostage to this hideous Downadup worm. Downadup continues to spread its...

Posted on January 27, 2009 in Worms


Conficker, also known as W32/Conficker.worm, Win32/Conficker.A, W32.Downadup, Downadup and Kido, is a worm that exploits flaws found in Windows MS08-067 vulnerability. When Conficker infects your PC, it may prevent you from accessing security websites and disables Windows system services such as Windows Security Center, Windows Error Reporting and Windows Defender. The danger with Conficker is its ability to spread itself to other vulnerable computers through network shares. If one computer in a network is infected, then it can spread to other computers within that network. Microsoft has released a patch to fix the Windows vulnerability. It is imperative that you download the latest released patch from Microsoft Windows Update. Also, take advantage of our Conficker Removal Tool, which is specifically designed to automatically assist...

Posted on January 27, 2009 in Worms


W32.Waledac or Trojan.Waledac, is a computer Trojan infection that is designed to secretly download and install other malware onto an infected system. Waledac has been reported to install parasites such as Trojans, Keylogger infections, Adware and others. Waledac functions as a backdoor allowing remote access to the infected system. Waledac was commonly attached to fake holiday e-cards spreading other infections onto the recipient's computer once a malicious link is clicked upon. One example of the Waledac e-card distribution scam was a valentine's message, with the subject line "A Valentine Ecard Notificaiton," which was found to spread the MS AntiSpyware 2009 rogue anti-spyware application. Recent discoveries have confirmed that the Conficker Worm variant, Conficker.E, distributes Waledac.

Posted on January 24, 2009 in Worms

'A Question About Your iOffer Item' Phishing Email

'A Question About Your iOffer Item' email is a phishing scam. The 'A Question About Your iOffer Item' email informs you that you have posted a 'brand new Nikon D80 package' for sale on iOffer. The email links to a fraudulent webpage that attempts to trick you into revealing your iOffer login information. The 'A Question About Your iOffer Item' phishing email reads: "Dear member, You have a question from maildirect1 regarding the item Brand New Nikon D80 Package, 2 Lens,4GB and more....! Click below to see the question and respond: View the dispute thread to respond. **THIS IS AN AUTOMATED EMAIL - PLEASE DO NOT REPLY**" Always be wary of emails that you do not recognize or are unfamiliar with the sender. Do not click on links in an email. If you should login and reveal your iOffer login information, notify iOffer and credit card...

Posted on January 24, 2009 in Phishing

Spyware Guard 2009

Spyware Guard 2009 or SpywareGuard 2009, is a rogue anti-spyware application from the . Once installed, Spyware Guard 2009 will simulate malware detections on the user's computer system, generating fake notifications in an attempt to trick the user into buying the full Spyware Guard 2009 commercial version. If a notification is clicked, the user will be redirected to rogue websites that promote rogue softwares to clean the supposed threats. These scare tactics are only used by Spyware Guard 2009 to sell its product. Spyware Guard 2009 may seem a trustworthy program, however, it's just a scam to download and install additional adware and spyware and steal the user's money. The Spyware Guard 2009's family has various members, all ot them clones of Spyware Guard 2009. Its clones include

Posted on January 16, 2009 in Malware, Rogue Anti-Spyware Program

Spyware Protect 2009

Spyware Protect 2009 or SpywareProtect 2009, is a rogue anti-spyware program usually installed in the user's computer system by a Trojan, such as Vundo. Once Spyware Protect 2009 is installed, it will emulate a computer system scan and generate bogus scan results. In addition, the user will receive rogue system alert notifications stating that Spyware Protect 2009 has detected spyware on the user's computer. These tactics are an attempt to trick the user into purchasing the full Spyware Protect 2009 program. Spyware Protect 2009 may be configured to launch on every Windows startup. Spyware Protect 2009 may cause computer slowdowns. Spyware Protect 2009 is a member of the and has, among its clones

Posted on January 15, 2009 in Rogue Anti-Spyware Program


DMSetUp is a worm that spreads through Internet Relay Chat (mIRC) channel. DMSetUp replicates itself into several directories on the user's hard drive. DMSetUp clandestinely finds a home in several files as it modifies the user's original files. The users screen may display popups as well as scripts changing. DMSetUp also has the ability to dcc'ing files to people on its own and changing the username to "s."

Posted on December 28, 2008 in Worms

System Security

System Security is a rogue anti-spyware program that belongs to the . System Security is known to come from rogue websites that advertises rogue applications or a Trojan, which is able to automatically install System Security without asking for permission. Once System Security is installed, the computer users may notice system scans conducted by System Security that return bogus results. Purchase of System Security is promoted by these tactics in addition to fake pop-up notifications that attempt to warn computer users of imaginary infections. System Security has many clones that include

Posted on December 24, 2008 in Rogue Anti-Spyware Program

MS Antispyware 2009

MS AntiSpyware 2009, from the same family as Pro AntiSpyware 2009, is another phony anti-spyware program. MS AntiSpyware 2009 is advertised through Trojans and shows fake security warnings and pop ups telling you that your PC is infected so that they can trick you into buying their phony software. Once the user is infected, he/she may receive numerous and deceiving popup messages stating that the user's computer is infected with spyware. This is a very common tactic used by other rogues to trick users and urge them to purchase the "full" version of the program from a malicious website. In addition, MS AntiSpyware 2009 may create "malware" files to later detect them with its fake computer scan. All links provided by MS AntiSpyware 2009 will most likely redirect users to MS AntiSpyware 2009's homepage (MSAntiSpyware2009.com) to further...

Posted on December 15, 2008 in Rogue Anti-Spyware Program

Antivirus 360

Antivirus 360 screenshot

Antivirus 360 or Antivirus360, is a rogue anti-spyware program known to use the same plugin exploit techniques as Antivirus 2009 (AV 2009). Antivirus 360 may be installed in the user's computer system through Trojans popularly transmitted in email attachments, shareware/crack websites, video codecs. Once the Trojan is installed, the user may receive an alert prompting to install Antivirus 360. Antivirus 360 may urge users to run a free system scan from Antivirus-Pro-Scanner.com and then offer them to purchase Antivirus 360's full version to remove spyware infections. Once the user is redirected to Antivirus-Pro-Scanner.com he/she may be in danger of being infected by other threats....

Posted on December 12, 2008 in Rogue Anti-Spyware Program

Actual Spy

Actual Spy is a keylogger that monitors and tracks the user's online activity. Actual Spy seizes all key strokes, screenshots, websites visited, passwords, credit card numbers and bank account information. Actual Spy conceals itself from detection while collecting the user's sensitive personal information. Actual Spy can also take snapshops of the user's desktop.

Posted on December 11, 2008 in Keyloggers


Wintoo, which is also known as Sexer, is a malicious worm that spreads via e-mail contained in messages that are infected with executable attachments. The email message and subject are in Russian. The Wintoo worm installs onto the users PC after it is executed and makes changes to the user's desktop background image. Wintoo will run on every Windows startup.

Posted on December 11, 2008 in Worms

Koobface Worm Attacks Facebook and MySpace Users

The Koobface worm has been circulating since August but in recent weeks variants, known as Worm.KoobFace.A and Worm.KoobFace.B, have increasingly spread via spam messages on social networking websites MySpace and Facebook. Koobface worm creates deceptive spam messages and sends them to an infected users' list of friends through Facebook's messaging system. Koobface is able to send spam messages to a user's Facebook friends by downloading a file called tinyproxy.exe which installs a program called "Security Accounts Manager." The program tracks the cookies on a user's computer, detects the user's friends list, and sends them spam messages. Messages from the Koobface worm include the following subject headers: "You must see it!!! LOL," "Look you were filmed all naked!," "You look just awesome in this movie," or "Paris Hilton Tosses Dwarf...

Posted on December 5, 2008 in Computer Security


Trojan.Downloader.Bredolab is a dangerous trojan infection that may have the ability to download and install parasites and malicious applications onto a compromised computer. Typically, Trojan.Downloader.Bredolab may be downloaded via malicious web sites.

Posted on December 2, 2008 in Trojans