Rado is a backdoor trojan that allows an attacker unauthorized remote access to a compromised computer. Once executed, the threat displays a fake error message containing the text "Incompatible Windows version". Then it registers itself in the system and notifies the intruder by sending him an ICQ message. Rado can terminate running antivirus programs and firewalls. The backdoor runs on every Windows startup.

Posted on November 2, 2008 in Backdoors

Antivirus Pro 2009

Antivirus Pro 2009, a clone of AntiSpywareXP 2009 and XP AntiSpyware 2009, is a rogue anti-spyware application and part of the Antivirus XP family. Antivirus Pro 2009 is often installed by the Braviax or Zlob Trojan that generates pop up ads displaying false security warnings in order to trick computer users into purchasing their bogus software. Antivirus Pro 2009's pop up ads may read: "Trojan detected! A piece of malicious code was found on your system which can replicate itself if no action is taken. Click here to have your system cleaned by Antivirus Pro 2009." Once the user is infected, Antivirus Pro 2009 may also upload additional rogue registry cleaners or system optimizers and privacy guards. In addition, Antivirus Pro 2009 is known to create fake malware files to later detect them as malicious. These supposed infections will...

Posted on November 1, 2008 in Rogue Anti-Spyware Program

1 of Friends Awaiting Your Response Email

"1 of Friends Awaiting Your Response" email is a classic phishing email. Phishing is the fraudulent process of obtaining sensitive personal information via the internet by pretending to be a legitimate trustworthy company or organization (which is a criminal act). The "1 of Friends Awaiting Your Response" email instructs the user to login to their Facebook account and confirm a friend request. The "1 of Friends Awaiting Your Response" email will link to a scam webpage that will attempt to trick you into revealing your Facebook login information which can lead to identity theft. If you receive the "1 of Friends Awaiting Your Response" email, do not click on any links. Delete the email. If you happen to login to one of the scam websites, notify your bank and credit card companies immediately. You may need to close your accounts.

Posted on October 26, 2008 in Phishing


WiniGuard is a fake anti-spyware program that is related to the family, the same family of rogues such as WiniGuard uses many misleading methods to cohort computer users into purchasing a full version of the WiniGuard application. WiniGuard is unable to detect or remove spyware. WiniGuard can be difficult to manually detect and remove in some cases.

Posted on October 21, 2008 in Rogue Anti-Spyware Program

Dcads Toolbar

Dcads Toolbar is a fake toolbar that demonstrates spyware tendencies. It generates pop-up advertisements and may distribute additional malware to your system. Dcads Toolbar will greatly undermine your system performance and its existence may lead to constant system crashes. Dcads Toolbar is known to promote malware programs, including rogue anti-spyware applications. None of the programs promoted by Dcads are trustworthy.

Posted on October 21, 2008 in Browser Helper Object

Alien Spy

Alien Spy is a potent tool used by hackers to gain control of the user's computer. The RAT (Remote Administration Tool)application enables the hacker to infect the user’s PC with a "server" application through an e-mail or File and Print Sharing PC which they can control, then using a "client" on the hacker's PC. Some RAT programs can cause serious harm and damage to the user's computer and also cause loss of valuable personal, financial or business related information. The author of Alien Spy is believed to be Black Flash and was created in February 2005.

Posted on October 20, 2008 in Remote Administration Tools


Worm.Feebs is a worm that spreads itself through email and file sharing networks. Once Worm.Feebs is installed onto the user's computer it will scan for any emails it can locate, and then proceed to send a copy of itself to them by employing its own SMTP engine. The infected email message may contain a fake username and password for some predefined website. Worm.Feebs may block firewalls and other security programs. Worm.Feebs also deploys rootkit functions in order to conceal detection on the users system.

Posted on October 19, 2008 in Worms


PC security researchers have received reports involving the Cutwail infection, a threatening Trojan that may have numerous adverse effects on a computer. Computer users have reported that Cutwail may cause the infected computers to freeze, crash and perform poorly. Malware analysts have also received reports that computers infected by Cutwail may present poor network performance, often having significant problems when attempting to connect to the Internet. Various security programs may detect a Cutwail infection, seeing that they are up to date. However, removal may be somewhat more difficult due to Cutwail's capabilities to interfere with security software installed on infected computers. The Sneaky Actions of the Cutwail Trojan PC security analysts have classified Cutwail as a threatening Trojan infection. Unlike worms, viruses or...

Posted on October 17, 2008 in Trojans


SurfControl is a web filter that was created to monitor, manage and filter Internet content, prevent users from visiting suspected harmful web sites, prohibit unauthorized usage of e-mail, file sharing software and instant messengers. SurfControl was designed to protect networks from rogue spyware. SurfControl is an effective and legitimate product. Unfortunately, SurfControl may sometimes cause more harm than good. If SurfControl is configured improperly, the application may restrict the user's access to secure trustworthy web sites, PC games, e-mail services, information portals and other frequently used Internet resources. It is quite difficult to bypass SurfControl, which creates a problem. The program operates on a remote server that oversees many clients with PC's. The user does not have the capability to disable SurfControl. The...

Posted on October 15, 2008 in Network Management Tools

HSBC Security Improvements

HSBC Security Improvements is a spam email that pretends to be from HSBC Bank informing you that your HSBC account is about to be suspended. The email will link to a malicious website that will attempt to try to trick you into revealing your login information. One hint that this email is a fraud is the fact that it will address you as "Dear Customer" and not by your name. There are also grammatical and spelling errors in the message. In addition neither HSBC Bank nor any other legitimate financial institution would request sensitive personal information in an email correspondence. The "HSBC Security Improvements" email will frighten you further by warning you that you must respond within 48 hours or your account will be suspended. If you receive the "HSBC Security Improvements" email do not respond or click on any links. Delete the...

Posted on October 14, 2008 in Spam


WebSecurityVoice.com is a browser hijacker promoting the distribution of the rogue anti-spyware application known as System Security 2009. Due to affiliated trojans infiltrating the computer via security exploits and modifying the browser settings, web-surfing activities are redirected to the WebSecurityVoice.com domain. Once here, the computer is subject to a fake online scan that displays fictitious and sometimes grossly exaggerated infection results, all in order to intimidate the user into purchasing the fake spyware remover System Security 2009.

Posted on October 13, 2008 in Rogue Websites

Internet Antivirus Pro

Internet Antivirus Pro is a malicious defrauding anti-spyware program that displays pop up ads alerting you to install and purchase their full version of Internet Antivirus Pro software. Internet Antivirus Pro usually appears on your PC when you install a video codec which is infected with a Trojan, malware and virus. It is vital that all of the components of Internet Antivirus Pro and all of the Trojans and malware attached with the Internet Antivirus Pro program (for ex. zlob.trojan, trojan.vundo and Trojan.Downloader) be removed. Internet Antivirus Pro may slow down your computer and internet connection as well as change the settings in your browser. Beware of video downloads and installations. Delete and remove Internet Antivirus Pro from your computer IMMEDIATELY.

Posted on October 10, 2008 in Rogue Anti-Virus Program

Antivirus 2010

Antivirus 2010 is a rogue anti-spyware program. Antivirus 2010 uses tactics to extort money from gullible computer users. Antivirus 2010 is an application that can be automatically installed through a Trojan horse infection all without the computer user's interaction or permission. Antivirus 2010 is able to perused computer users into purchasing a full version of Antivirus 2010 through fake pop-up messages and system scans populated with erroneous results. Removal and detection of Antivirus 2010 is usually difficult to perform manually. Antivirus 2010 is similar to other fake security applications from the family, such as

Posted on October 7, 2008 in Rogue Anti-Spyware Program


PersonalAntispy or Personal Anti Spy, is a rogue anti-spyware program often installed by a Trojan through browser security holes. The user may have also downloaded PersonalAntispy's trial version from a rogue website thinking it would remove his/her spyware infections. Once installed, the user may receive numerous popups from known websites stating that the user's computer is infested with a large amount of spyware. If the user is tricked into clicking on this popup, he/she will be immediately redirected to PersonalAntispy's website or other malicious websites (such as antispy.biz and personalantispy.com) for an "online scan". Once PersonalAntispy emulates its computer system scan, it will generate a list of supposed spyware infections found in the user's computer system. These results are totally bogus, they are only meant to urge you...

Posted on October 7, 2008 in Rogue Anti-Spyware Program

Trojan Redirects Firefox Browser to "Insecure Internet Activity" Hijacker Page

Trojan infection causing Firefox web browser search function to redirect users to "Insecure Internet activity. Threat of virus attack" web page. New malicious activity was brought to our attention by a SpyHunter customer who experienced an infection that redirected his Firefox browser to a web page that recommends the download of a rogue anti-spyware program. This infection occurred every time the SpyHunter customer tried to do a search on Firefox. The SpyHunter customer had a malicious folder named xxx@xxx.com within his Firefox extensions folder, c:program filesmozilla firefoxextensions, which caused his Firefox browser to automatically redirect any web page to the "Insecure Internet activity Threat of virus attack" hijacker page that displays the following message: Insecure Internet activity. Threat of virus attack Due to insecure...

Posted on October 1, 2008 in Computer Security