Best-protect.info

Best-protect.info is a browser hijacker promoting the rogue anti-spyware application known as AntivirusBEST. Due to affiliated trojans infiltrating the computer via security exploits and modifying the browser settings, web-surfing activities are redirected to the Best-protect.info domain. Once here, the computer is subject to a fake online scan that displays fictitious and sometimes grossly exaggerated infection results in order to intimidate the user into purchasing and installing the fake spyware remover AntivirusBEST.

Posted on June 29, 2009 in Rogue Websites

Antivirusfolderscanner.com

Antivirusfolderscanner.com is a browser hijacker promoting the rogue anti-spyware application known as Personal Antivirus. Due to affiliated trojans infiltrating the computer via security exploits and modifying the browser settings, web-surfing activities are redirected to the Antivirusfolderscanner.com domain. Once here, the computer is subject to a fake online scan that displays fictitious and sometimes grossly exaggerated infection results, all in order to intimidate the user into purchasing and downloading the fake spyware remover Personal Antivirus.

Posted on June 29, 2009 in Rogue Websites

Sus.ComPack

Sus.ComPack (also known as Sus.ComPack.C and Sus.ComPack.J) is malicious software categorized as a file that displays suspicious behavior. Sus.ComPack can be downloaded by inexperienced users when visiting malicious web sites or through peer-to-peer networks. Once active, Sus.ComPack may cause obsessive pop-up advertisements to appear, registry files to go missing, changes in Internet settings, corrupt files to re-open that had previously been deleted and decreased system speed.

Posted on June 26, 2009 in Malware

Antivirus Security

Antivirus Security is a rogue anti-spyware program similar to Internet Antivirus Pro and Antivirus 2009. Antivirus Security may be downloaded from a malicious website that advertises rogue anti-spyware programs or a Trojan infection. As soon as Antivirus Security is installed, it will perform a fake spyware scan that will result in exaggerated threat reports and then a warning message will pop up that will prompt you to purchase Antivirus Security's full version. It is advised to delete any popups or system messages related to Antivirus Security. It is advised that you do not download or purchase the Antivirus Security program. Antivirus Security is meant to confuse you with it's scare tactics and, in turn, convince you to purchase Antivirus Security' full version. Antivirus Security is a member of the infamous family and has, among...

Posted on June 26, 2009 in Rogue Anti-Spyware Program

Trojan.FakeXPA

Trojan.FakeXPA is a malicious infection that infiltrates a computer system covertly, without user knowledge or permission. Over time, Trojan.FakeXPA will update itself regularly, and create security exploits through which remote access can be attained by unauthorized outside parties.

Posted on June 26, 2009 in Trojans

Sus.Behav

Sus.Behav is a malware that installs itself onto a computer under deceptive pretences, infiltrating a system without user knowledge or permission. Officially categorized as a file, displaying suspicious behavior, Sus.Behav should not be trusted. Sus.Behav may typically be downloaded unknowingly from malicious websites, freeware and shareware, and peer-to-peer networks. Sus.Behav can cause registry files to go missing, corrupt files to re-open after being erased, unwanted web browser components, changes in Internet settings and decreased system speeds.

Posted on June 26, 2009 in Malware

Trojan.Busky

Trojan.Busky is a Trojan Downloader that is further identified as a Browser Helper Object. Trojan.Busky typically enters the computer system via dubious scripts, embedded in JavaScript or VBS. Trojan.Busky (also referred to as Trojan.Busky.B, Trojan.Busky.EI, Trojan.Busky.O, and Trojan.Busky.EC) usually causes problems like slow computer performance, obessive pop-up windows appearing on the computer continuously, and new desktop shortcuts or a change in homepage.

Posted on June 26, 2009 in Trojans

WORM_RANSOM.FD

WORM_RANSOM.FD is typically downloaded from specific remote web pages by other malware, or it may be downloaded by an inexperienced user when visiting an untrusted domain. Once installed onto a computer, WORM_RANSOM.FD may modify the registry entries and system operating files in order to begin running as soon as Windows starts up. The main purpose of WORM_RANSOM.FD is to send out an email to every email address discovered on the infected machine, with itself as an attachment. The email reads as follows: "SUBJECT: You are a very lucky man, read this mail! BODY: Hi, you won a big amount of money!!! If you want to know more look at the attachment! ATTACHMENT: BigCashForYou.exe" This is how WORM_RANSOM.FD spreads from system to system. Opening this email or its attachment could lead to a computer becoming infected.

Posted on June 26, 2009 in Worms

Ertfor

Ertfor is a Trojan virus that is sometimes alternatively referred to as Trojan.Ertfor, and is typically downloaded onto a system from unsecure websites or by a user opening an infected email attachment. Ertfor usually relies on randomized process and resource names, making it difficult to detect and remove this parasite. Ertfor may then begin downloading additional malware onto the compromised machine.

Posted on June 26, 2009 in Trojans

Malware Doctor System Alert

Malware Doctor System Alert is a fake security alert launched by the rogue anti-spyware application known as Malware Doctor. The Malware Doctor System Alert pop-up reads as follows: "Malware Doctor. You are using unregistered version of Malware Doctor. The unregistered version DOES NOT heal infected files if they are discovered. Register Malware Doctor in order to protect your computer." The purpose of this fake security notification, and the dozen of other pop-ups that Malware Doctor may bombard the user with, is to intimidate the user into purchasing the fake spyware remover Malware Doctor by making the user believe that their computer is infected.

Posted on June 26, 2009 in Fake Error Messages

W32.Mabezat.B

W32.Mabezat.B is a computer worm that circulates via removable drives and unsecured network shares. W32.Mabezat.B typically infects executable files and may also encrypt data files. In addition to this, W32.Mabezat.B modifies Windows registry settings in order to disable specific functions.

Posted on June 24, 2009 in Worms

GamesBar

GamesBar is presented as a free toolbar for Internet Explorer that provides many free online games. Unfortunately, GamesBar is typically classified as an adware application as it consistently displays advertisement banners and obsessive pop-up ads. In addition to this, GamesBar may track personal and financial information and transfer this data to an outside party, which may lead to identity theft.

Posted on June 24, 2009 in Adware

'System Security Warning: Intercepting programs'

System Security Warning is a fake security alert launched by the rogue anti-spyware application known as System Security 2009. This System Security Warning alert reads as follows: "System Security Warning: Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. Click here to remove them immediately with System Security." The main purpose of the System Security Warning fake security alert is to intimidate users into following the prompts provided and purchasing the fake spyware remover System Security 2009.

Posted on June 24, 2009 in Fake Error Messages

Packed.Generic.200

Packed.Generic.200 is a virus that typically detects malicious files that were either packed or encrypted to conceal them from antivirus or security programs. Once executed, Packed.Generic.200 may further harm the computer by downloading additional malicious software from a remote server.

Posted on June 24, 2009 in Viruses

Backdoor.Tidserv

Backdoor.Tidserv is a malicious backdoor Trojan that allows criminals to gain access to the infected machine from a remote location. A backdoor is simply an opening in the infected computer's security that allows criminals to gain unfettered access to it while bypassing the infected computer's security measures, much like a robber can gain access to an unguarded building by using an open back door. Backdoor.Tidserv uses advanced rootkit techniques in order to avoid detection or removal. ESG security researchers have observed that Backdoor.Tidserv can cause browser redirects and erratic behavior. This browser hijacking component is commonly referred to as the 'Google Redirect Virus' due to its propensity for derailing Google search result. ESG security researchers strongly recommend removing Backdoor.Tidserv with an advanced...

Posted on June 23, 2009 in Backdoors