Showing posts with label Fake \ Rogue. Show all posts
Showing posts with label Fake \ Rogue. Show all posts

Fake : Awola

 
Found: 
2007-09-24

Created Files
  • %ApplicationData%Awola\settings.ini
Created Folders
  • %CommonPrograms%Awola
  • %ApplicationData%Awola
  • %StartMenu%Programs\Awola
  • %StartMenu%Programs\Awola6
  • %StartMenu%Program\Awola6
  • %ApplicationData%Awola
  • %ApplicationData%Awola6
Registry Entries
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  • Value: awola
  • Data:
  • Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  • Value: awola6
============================================================

Labels:

Fake : Windows Armour Master


Found: 
2011-07-11 
 
Files
%application data%\microsoft\<random>.exe
============================================================

Labels:

Fake : Security Shield


Found: 
2011-07-14
 
Files
%application data%\<random>.exe
 
============================================================
Download Here :

Labels:

Fake : Zentom System Guard

Files

%local user%\random\<random>.exe

RegistryEntries
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zentom System Guard
Key: HKEY_CURRENT_USER\Software\ZentomSystemGuard
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: libstaf5cd0.exe
Data: "C:\Documents and Settings\VPCTest\Application Data\2E23C32608288CFD80A95B5DA1D2184C\libstaf5cd0.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value: *KB5800200.exe
Data: "C:\Documents and Settings\VPCTest\Application Data\Adobe\plugs\KB5800200.exe"
============================================================
Download Here :

Labels:

Fake : Security Solution 2011


Found: 
2011-07-21
Folders
%application data%\security solution 2011

 ============================================================

Labels:

Remove Fake Antivirus

Remove Fake Antivirus | (84.38 KB)

Remove Fake Antivirus is used to remove the most popular fake antiviruses. What is fake antivirus? This is a type of virus/malwares which disguises itself to be an antivirus. It infects your computer when you accidentally click a link in a website which will download the malware into your computer and run automatically when your windows boot. It scan the infected computer and produces fake alert warnings. It convinces you that your computer is in danger and urge you to purchase a useless copy of the fake antivirus. These fake antiviruses must be removed immediately.

Remove Fake Antivirus is used to remove:

   1. Antivirus 8
   2. Security Tool
   3. My Security Shield
   4. Antivirus 7
   5. Antivirus GT
   6. Defense Center
   7. Protection Center
   8. Sysinternals Antivirus
   9. Security Master AV
  10. CleanUp Antivirus
  11. Security Toolbar
  12. Digital Protection
  13. XP Smart Security 2010
  14. Antivirus Suite
  15. Vista Security Tool 2010
  16. Total XP Security
  17. Security Central
  18. Security Antivirus
  19. Total PC Defender 2010
  20. Vista Antivirus Pro 2010
  21. Your PC Protector
  22. Vista Internet Security 2010
  23. XP Guardian
  24. Vista Guardian 2010
  25. Antivirus Soft
  26. XP Internet Security 2010
  27. Antivir 2010
  28. Live PC Care
  29. Malware Defense
  30. Internet Security 2010
  31. Desktop Defender 2010
  32. Antivirus Live
  33. Personal Security
  34. Cyber Security
  35. Alpha Antivirus
  36. Windows Enterprise Suite
  37. Security Center
  38. Control Center
  39. Braviax
  40. Windows Police Pro
  41. Antivirus Pro 2010
  42. PC Antispyware 2010
  43. FraudTool.MalwareProtector.d
  44. Winshield2009.com
  45. Green AV
  46. Windows Protection Suite
  47. Total Security 2009
  48. Windows System Suite
  49. Antivirus BEST
  50. System Security
  51. Personal Antivirus
  52. System Security 2009
  53. Malware Doctor
  54. Antivirus System Pro
  55. WinPC Defender
  56. Anti-Virus-1
  57. Spyware Guard 2008
  58. System Guard 2009
  59. Antivirus 2009
  60. Antivirus 2010
  61. Antivirus Pro 2009
  62. Antivirus 360
  63. MS Antispyware 2009
  64. IGuardPC or I Guard PC
  65. Additional Guard
============================================================
Download Here :

Labels:

Fake: Antivirus Live

============================================================ 
Locate and delete Antivirus Live registry entries:
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ""

Search and unregister Antivirus Live DLL libraries:
iehelper.dll

Detect and delete other Antivirus Live files:
%WINDOWS%\sysguard.exe
%WINDOWS%\system32\iehelper.dll

Labels:

Total PC Defender : Fake

1.20 MB (1,265,664 bytes)
MD5: CE9D6A5C1883AD458D402728485529D3
SHA-1: 36D075D3AF35FE6A1388724DA24974857219FA3F ============================================================ 
File Created
%ProgramsDir%\Total PC Defender\Total PC Defender.exe
%AppDataDir%\Microsoft\Internet Explorer\Quick Launch\Total PC Defender.lnk
%DesktopDir%\Total PC Defender.lnk
%StartMenuDir%\Total PC Defender\Total PC Defender.lnk


%ProgramsDir% = C:\Program Files
%AppDataDir% = C:\Documents and Settings\[UserName]\Application Data
%DesktopDir% = C:\Documents and Settings\[UserName]\Desktop
%StartMenuDir% = C:\Documents and Settings\Administrator\Start Menu

Labels:

Fake : GreatDefender

============================================================Files Created
CommonDesktopDir%\GreatDefender.lnk
%CommonPrograms%\GreatDefender\1 GreatDefender.lnk
%CommonPrograms%\GreatDefender\2 Homepage.lnk
%CommonPrograms%\GreatDefender\3 Uninstall.lnk
%Temp%\nsa3.tmp\nsProcess.dll
%ProgramFiles%\GreatDefender Software\GreatDefender\GreatDefender.exe
%ProgramFiles%\GreatDefender Software\GreatDefender\uninstall.exe
%Windir%\10501sp5mbot2z19.dll
%Windir%\10550zor53ad9.exe
%Windir%\110z0s9y3d5.ocx
%Windir%\11153troj5z89.ocx
%Windir%\114859orm5e4z.exe
%Windir%\115fspzwar92928.ocx
%Windir%\115tzief9853.ocx
%Windir%\1165stealz629.exe
%Windir%\11sza95ot111.bin
%Windir%\122689r5j5zb.ocx
%Windir%\12558ha9ktool4z05.bin
%Windir%\126z1wo5m98f.ocx
%Windir%\130595zef3243.exe
%Windir%\13827tr9jza5.exe
%Windir%\13936sp5zbo9755.ocx
%Windir%\1494not-a-59rzs3c.exe
%Windir%\1503a5dwa9e195z.ocx
%Windir%\15080not5a-vzru969f.dll
%Windir%\15429ir10z.exe
%Windir%\15459z5rus18f.exe
%Windir%\15615vi9uz6aa5.dll
%Windir%\15728z9oj559.bin
%Windir%\15739ir83z.cpl
%Windir%\1594zhackt9ol6655.bin
%Windir%\159z9worm49.exe
%Windir%\15ddsparse2z97.bin
%Windir%\15z065ro95e9.bin
%Windir%\15z48sp9601.exe
%Windir%\15z49virus399.cpl
%Windir%\16982zor595c.ocx
%Windir%\16z64sp95245.bin
%Windir%\174515py917z.dll
%Windir%\17614trojzc95.ocx
%Windir%\17752troj99z.exe
%Windir%\1795vizu5628.ocx
%Windir%\17fzspyware29375.exe
%Windir%\18964spam5ot5az.bin
%Windir%\18ea95zrse2651.ocx
%Windir%\1950not5z-vi9us670.exe
%Windir%\196z1t9oj559.cpl
%Windir%\19865sp5mbot5az.exe
%Windir%\1991059rzs50b.dll
%Windir%\19950tz9j18d.dll
%Windir%\19z53s5am9ot335.bin
%Windir%\19z95h9ck5ool73.bin
%Windir%\1b9thiez1533.cpl
%Windir%\1cb3sparsez295.bin
%Windir%\1d25tzreat29018.bin
%Windir%\1d93addwzr52565.exe
%Windir%\1ez9do5nl9ader2545.exe
%Windir%\20959oz-a-virus1535.exe
%Windir%\20b3baczdo5r14649.dll
%Windir%\21139zp5mbot648.cpl
%Windir%\21815not-9-virus57z.bin
%Windir%\21f5th9eat29945z.dll
%Windir%\21z905ir9s163.cpl
%Windir%\222not-a-z5rus794.ocx
%Windir%\22714hackt9ol5z5.exe
%Windir%\2295ad9war538z.exe
%Windir%\230159py79z.cpl
%Windir%\23199sp5mzot2a2.exe
%Windir%\239105izu93a4.exe
%Windir%\23952spy585z.dll
%Windir%\24291not-a-v5zus2c5.cpl
%Windir%\249765orm5z4.dll
%Windir%\253625pzmbo929e.ocx
%Windir%\25514h5cktool49bz.exe
%Windir%\25531szambot199.ocx
%Windir%\25532spy96z.dll
%Windir%\255faddwz9e31715.ocx
%Windir%\255z0wor931b.dll
%Windir%\25713wo9z5c6.ocx
%Windir%\2594steaz5279.exe
%Windir%\25999no9-a-virusz35.dll
%Windir%\259bdowz9oader1051.cpl
%Windir%\25b9th9eatz9391.exe
%Windir%\25c2do9nloaderz054.bin
%Windir%\25d69hizf1155.exe
%Windir%\25s9yzfa5.cpl
%Windir%\2604addz9re5193.bin
%Windir%\26566h9ck5ool199z.bin
%Windir%\265zpambot109.ocx
%Windir%\269095zrus573.cpl
%Windir%\275679pambotz15.exe
%Windir%\277359pz540.ocx
%Windir%\28235zpy5b9.exe
%Windir%\28522tro975z.cpl
%Windir%\286dzt9al1615.ocx
%Windir%\288865ot-a-vizus2c9.ocx
%Windir%\29154haczt5ol2bd.exe

%CommonDesktopDir% = C:\Documents and Settings\All Users\Desktop
%CommonPrograms% = C:\Documents and Settings\All Users\Start Menu\Programs
%Windir% = C:\Wondows

Labels:

Fake : AntiVirus AntiSpyware

============================================================
%AppData%\AntiVirus AntiSpyware 2011
%AppData%\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe
%AppData%\AntiVirus AntiSpyware 2011\IcoActivate.ico
%AppData%\AntiVirus AntiSpyware 2011\IcoHelp.ico
%AppData%\AntiVirus AntiSpyware 2011\IcoUninstall.ico
%AppData%\AntiVirus AntiSpyware 2011\securityhelper.exe
%AppData%\AntiVirus AntiSpyware 2011\securitymanager.exe
%AppData%\Microsoft\Internet Explorer\Quick Launch\AntiVirus AntiSpyware 2011.lnk
%Temp%\_1.tmp
%Temp%\02c9c3c35bdx5.exe
%Temp%\17dkf.exe
%Temp%\1iowieoo.exe
%Temp%\2010yo.exe
%Temp%\472a10e2ebxd9.exe
%Temp%\56493.exe
%Temp%\8gmsed-bd.exe
%Temp%\a75wef8e0e7.exe
%Temp%\ae0965a7157cd.exe
%Temp%\al3erfa3.exe
%Temp%\alerfa.exe
%Temp%\backd-efq.exe
%Temp%\dgxdro.exe
%Temp%\dkfjd93.exe
%Temp%\ds7hw.exe
%Temp%\format.exe
%Temp%\hiphop.exe
%Temp%\kn.a.exe
%Temp%\lols.exe
%Temp%\tryh-blv.exe
%Temp%\winifi.exe
%Temp%\wwautrsd.exe
%UserProfile%\Desktop\AntiVirus AntiSpyware 2011.lnk
%UserProfile%\Start Menu\Programs\AntiVirus AntiSpyware 2011
%UserProfile%\Start Menu\Programs\AntiVirus AntiSpyware 2011.lnk
%UserProfile%\Start Menu\Programs\AntiVirus AntiSpyware 2011\Activate AntiVirus AntiSpyware 2011.lnk
%UserProfile%\Start Menu\Programs\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware 2011.lnk
%UserProfile%\Start Menu\Programs\AntiVirus AntiSpyware 2011\Help AntiVirus AntiSpyware 2011.lnk
%UserProfile%\Start Menu\Programs\AntiVirus AntiSpyware 2011\How to Activate AntiVirus AntiSpyware 2011.lnk File Location Notes:
%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.
%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\ProfileName\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\ProfileName\AppData\Local\Temp for Windows Vista and Windows 7.
%AppData% refers to the current users Application Data folder. By default, this is C:\Documents and Settings\\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\\AppData\Roaming or C:\Users\\AppData\Local.

Labels:

How to remove Advanced Virus Remover

============================================================
Files Created
C:\Program Files\AdvancedVirusRemover\PAVRM.exe
C:\Program Files\AdvancedVirusRemover\AVR.exe
C:\Program Files\AdvancedVirusRemover\Viruses.bdt
C:\Program Files\AdvancedVirusRemover\AdvancedVirusRemover.exe

C:\Windows\system32\AVR10.exe
C:\Windows\system32\41.exe
C:\Windows\system32\winupdate86.exe
C:\Windows\system32\winhelper86.dll
C:\Windows\system32\critical_warning.html
C:\s


%UserProfile%\Desktop\Viruses.bdt
%UserProfile%\Desktop\Advanced Virus Remover.lnk
%UserProfile%\Start Menu\Advanced Virus Remover.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\
Quick Launch\AdvancedVirusRemover.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\
Advanced Virus Remover.lnk
%UserProfile%\Application Data\Mozilla\Firefox\Profiles\s1jqw0bz.default\cookies.sqlite

Labels:

How to remove ProDefence

============================================================

%System%\uninst_prodefence.exe

Folders
%ProgramFiles%\prodefence
%StartMenu%\prodefence

RegistryEntries
Key: HKEY_LOCAL_MACHINE\SOFTWARE\prodefence

Labels:

How to remove MemoryOptimizer

============================================================


RegistryEntries
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: JcomDTe3ssbZxT
Data: C:\DOCUME~1\ALLUSE~1\APPLIC~1\JcomDTe3ssbZxT.exe

Labels:

How to remove PC-Care

============================================================
Folders
%ProgramFiles%\pc-care3
%StartMenu%\pc-care3

RegistryEntries
Key: HKEY_CURRENT_USER\Software\pc-care3
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc-care3
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: pc-care3
Data: "C:\Program Files\pc-care3\launcher.exe" "C:\Program Files\pc-care3\pccare3up.exe"

Labels:

Fake : How to remove Smart Protector

============================================================
Files created
c:\Program Files\Smart Protector
c:\Program Files\Smart Protector\q
c:\Program Files\Smart Protector\config.scf
c:\Program Files\Smart Protector\mmbase.sdb
c:\Program Files\Smart Protector\q.sdb
c:\Program Files\Smart Protector\queue.sdb
c:\Program Files\Smart Protector\smrtprt.exe
c:\Program Files\Smart Protector\uninstalls.exe
c:\Program Files\Smart Protector\vvbase.sdb
c:\WINDOWS\certsystem.exe
c:\WINDOWS\microsoftdef.dll
c:\WINDOWS\regred.exe
c:\WINDOWS\securits.com
c:\WINDOWS\spoov.exe
c:\WINDOWS\usexplorer.exe
c:\WINDOWS\system32\winsc.exe
c:\Documents and Settings\All Users\Microsoft AData
c:\Documents and Settings\All Users\Microsoft AData\catmon.exe
c:\Documents and Settings\All Users\Microsoft AData\setup.exe
c:\Documents and Settings\All Users\Microsoft AData\sysinet.dll
c:\Documents and Settings\All Users\Microsoft AData\t.sid
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers
c:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\internet.dll
%UserProfile%\Desktop\Smart Protector.lnk
%UserProfile%\Start Menu\Programs\Smart Protector
%UserProfile%\Start Menu\Programs\Smart Protector\Smart Protector.lnk
%UserProfile%\Start Menu\Programs\Smart Protector\Uninstall.lnk
%Temp%\certsystem.exe
%Temp%\microsoftdef.dll
%Temp%\regred.exe
%Temp%\spoov.exe
%Temp%\sysinet.dll
%Temp%\usexplorer.exe

Labels:

Fake: ThinkPoint

Found: 
2010-10-25
 
Files
%ApplicationData%\hotfix.exe
%ApplicationData%\install
%ApplicationData%\start
%ApplicationData%\40155.bat


RegistryEntries
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: Shell
Data: C:\Documents and Settings\<User Profile>\Application Data\hotfix.exe

Labels:

Disclaimer
All the contents posted here are found from various Search Engines blogs and forums. The Webmaster of this blog takes no responsibility what so ever for any of the content (image/audio/video). If you find some content inappropriate or if there is any violation of copyright, kindly contact the host of the content (image/audio/video) to remove it from their server.
 
✖ SedutMediaLink ✖ - Templates Novo Blogger 2008
This template is brought to you by : allblogtools.com Blogger Templates