Rogue Anti-Spyware List Update [July 2]

Discussions of all Adware-Spyware-Malware related topics to include all security products users may have concerns with.

Moderators: Admin Team, Moderators

User avatar
wawadave
Countermeasures Agent
Countermeasures Agent
Posts: 15
Joined: Tue Feb 22, 2005 7:53 pm
Location: 127.00.00.1
Contact:

Re: Rogue\Suspect & Rogue Remover Anti-Spyware List Update

Postby wawadave » Sat Feb 09, 2008 2:17 pm

boy have i been out of the loop!!
i d/led that will give it a run through!!
Image
http://www.spywarewarrior.com/
Donate Please to help the victims of tsunami http://www.redcross.ca/

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue\Suspect & Rogue Remover Anti-Spyware List Update

Postby TeMerc » Sat Feb 09, 2008 7:45 pm

wawadave wrote:boy have i been out of the loop!!
i d/led that will give it a run through!!
Dave, Eric hasn't updated his rogues list since May of '07, making it nearly useless IMHO.

Marcin updates his RogueRemover very frequently and you can view his RogueNET forum and see what's being tested for inclusion to the db.
Image

User avatar
wawadave
Countermeasures Agent
Countermeasures Agent
Posts: 15
Joined: Tue Feb 22, 2005 7:53 pm
Location: 127.00.00.1
Contact:

Re: Rogue\Suspect & Rogue Remover Anti-Spyware List Update

Postby wawadave » Sat Feb 09, 2008 8:41 pm

well thats to long not to up date i will be recomending this app now!1
thx temerc
Image
http://www.spywarewarrior.com/
Donate Please to help the victims of tsunami http://www.redcross.ca/

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue\Suspect & Rogue Remover Anti-Spyware List Update

Postby TeMerc » Tue Feb 26, 2008 4:24 pm

Bakasoftware Expanding their List
Tuesday, February 26, 2008

A month ago a new group called Bakasoftware (Bakasoftware.com) aka Pandora-Software released three Rogue security applications. The list of applications is as follows:
  • EasySpywareCleaner -.com
  • Spy-Rid -.com
  • InfeStop -.com
  • WinIFixer -.com
Tobesoftware.com and On-linelist.com but these two sites are not functional yet
0-= More w\Screen Shots @ Bharath's Security Blog
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue\Suspect & Rogue Remover Anti-Spyware List Update

Postby TeMerc » Sat Mar 01, 2008 2:37 pm

Version 166 (2/19/08)

[Added]
EliteProtector, MalwareCore, SpyBurner, SpywareSolver, SysCleaner, WinReanimator, WinSpyKiller, WinXDefender, XPDefender

[Updated]
Rogue.Infector, VirusHeat
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue\Suspect & Rogue Remover Anti-Spyware List Update

Postby TeMerc » Sat Mar 01, 2008 2:38 pm

Version 167 (3/1/08)

[Added]
Bug Doctor, DoctorVaccine, SpyWarp, VirusRanger, VsSpy
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [Mar 7]

Postby TeMerc » Fri Mar 07, 2008 4:29 pm

A Crooked Review, or Creative Marketing?
Posted by John Park on March 7, 2008
If you search for the word "antivirus" on major search engines like Google, Yahoo, or MSN there is a possibility you will end up with "6StarReview.com" or "StarReviews.com" with a link name like "Top 10 Antivirus for 2008" as one of top sponsored ads. The Star Reviews is basically a Web-only review site that covers everything from blog services to online banking. Perhaps the site is a bit heavy on affiliate links, but nothing out of the ordinary. No pop-ups. No browser exploits. All in all, it looks legit.

However, while reading the rankings of "2008 Antivirus Review," I felt somewhat uncomfortable, to a similar degree as when I watched the episode of "Will It Blend: iPhone." The rankings show "The Shield Deluxe" as the best AV product. A product that I have never heard of before, beating all other major vendors like CA, BitDefender, Norton, Kaspersky, NOD32, Panda, McAfee, and TrendMicro. This was disturbing to me in two different ways at the same time:
    1) Is this product really that good? I usually keep up with the latest security technologies and products. So, if I have missed this dark horse until it has reached the number one in the ranking, then I have not done my due diligence of keeping up the market research.
    2) Is this review rigged? What's in it for the reviewer to place a no-name product on the top of the list? Is this product even a real product?
0-= More Details @ Symantec Security Response Blog
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [Mar 7]

Postby TeMerc » Fri Mar 07, 2008 4:32 pm

The info below is all related to the site in question on the Symantec blog, except I've not blocked out the public information and included other IPs and domains associated.
TeMerc wrote:Registrant:
Star Advertising, Inc.
150 West 25th Street
New York, New York 10001
United States

Registered through: GoDaddy.com, Inc. (godaddy.com)
Domain Name: STARREVIEWS.COM
Created on: 15-Jan-05
Expires on: 15-Jan-12
Last Updated on: 30-Oct-07

Administrative Contact:
frischman, arthur arthur[AT]6starreviews.com
Star Advertising, Inc.
150 West 25th Street
New York, New York 10001
United States
5612517198

Technical Contact:
frischman, arthur arthur[AT]6starreviews.com
Star Advertising, Inc.
150 West 25th Street
New York, New York 10001
United States
5612517198

Domain servers in listed order:
NS1.GEODNS.NET
NS2.GEODNS.NET


Other sites on same IP, listed in hpHOSTS:
    1 6starreviews.com 63.246.20.208
    2 hxxp://www.6starreviews.com 63.246.20.208
    3 medeox.com 64.34.180.202
    4 myfastsearch.com 64.34.180.202
    5 trafficdiscount.com 64.34.180.16
0-= hpHOSTSOnline
Image

User avatar
MysteryFCM
Site Admin
Site Admin
Posts: 3710
Joined: Sun May 15, 2005 12:42 pm
Location: Newcastle, UK
Contact:

Re: Rogue Anti-Spyware List Update [Mar 7]

Postby MysteryFCM » Fri Mar 07, 2008 4:52 pm

Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [Mar 7]

Postby TeMerc » Fri Mar 07, 2008 6:09 pm

MysteryFCM wrote:It actually gets alot worse ;)

http://hosts-file.net/pest.asp?show=63.246.20.
rofl
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [Mar 7]

Postby TeMerc » Mon Mar 17, 2008 7:53 pm

Version 169 (3/17/08)
[Added]
SpyCatchE

[Updated]
SpywareIsolator

[Removed]
PCSleek Error Cleaner
====================================
Version 168 (3/16/08)
[Added]
SearchAndDestroy, SpyKillerPro, TheSpyBot, Unigray Antivirus, WinIFixer
No other updates, removals or notes
=======================
Version 167 (3/1/08)
[Added]
Bug Doctor, DoctorVaccine, SpyWarp, VirusRanger, VsSpy
No other updates, removals or notes
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [Mar 31]

Postby TeMerc » Mon Mar 31, 2008 2:12 pm

Version 170 (3/31/08)
[Added]
ProAntispy, ProtectingTool, XPCleaner

[Updated]
No applications were updated.

[Removed]
No applications were delisted.

[Notes]
No further comments.
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [Apr 8]

Postby TeMerc » Tue Apr 08, 2008 4:48 pm

Version 171 (4/5/08)

[Added]
AdwareAlert, WinXProtector

[Updated]
No applications were updated.

[Removed]
No applications were delisted.

[Notes]
No further comments.
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [Apr 14]

Postby TeMerc » Mon Apr 14, 2008 7:47 am

Localized Fake Security Software
Monday, April 14, 2008

Would you believe that in times when top tier antivirus vendors are feeling the heat from the malware authors' DoS attacks on their honeyfarms, and literally cannot keep up with their releases, someone out there is using an antivirus scanner that doesn't really exist? It's one thing to promote fake security software in a one-to-many communication channel by using a single language in a combination with cybersquatted domains, and entirely another to do the same in different languages. Localization for anything malicious is already taking place, as originally anticipated as an emerging trend back in 2006. The following currently active fake security software scams are promoted in Dutch, French, German, Italian, and you don't get to download them until you hand out your credit card details, and once you do so, you'll end up in the same situation just like many other people did in the past.

Some sample fake brands:
  • SpyGuardPro
  • PCSecureSystem
  • AntiWorm2008
  • WinSecureAv
  • MenaceRescue
  • PCVirusless
  • LifeLongPC
  • NoChanceForVirus
  • MenaceMonitor
  • TrojansFilter
  • TrojansFilter
  • LongLifePC
  • KnowHowProtection
  • BestsellerAntivirus
  • PCVirusSweeper
  • AVSystemCare
  • AVSecurityPlus
  • AVSecurityPlus
  • PCAssertor
  • PoseidonAntivirus
  • TrustedAntivirus
  • PCBoosterPro
  • DefensiveSystem
  • GoldenAntiSpy
  • AntiSpywareSuite
  • AntiMalwareShield
  • AntivirusPCSuite
  • AntivirusForAll
  • TrustedProtection
  • NoWayVirus
  • AntiSpywareConductor
  • AntiSpywareMaster
  • TurnkeyAntiVirus
  • YourSystemGuard
    Portfolio one:
    • alfaantivirus.com
    • antivirusalmassimo.com
    • farrevirus.com
    • fomputervagt.com
    • figitalerschutz.com
    • flmejorcuidado.com
    • ferramentantivirus.com
    • filterprogram.com
    • filtredevirus.com
    • geeninfectie.com
    • harddrivefilter.com
    • keineinfektionen.com
    • longueviepc.com
    • maseg.net
    • nonstopantivirus.com
    • pcantivirenloesung.com
    • pcsystemschutz.com
    • plutoantivirus.com
    • psbeveiligingssysteem.com
    • riendevirus.com
    • securepcguard.com
    • sekyuritikojo.com
    • sistemadedefensa.com
    • sumejorantivirus.com
    • totaltrygghet.com
    • viruscontrolleuer.com
    • viruswacht.com
    • votremeilleurantivirus.com
    • zeusantivirus.com
    Portfolio two:
    • advancedcleaner.com
    • alltiettantivirus.com
    • antispionage.com
    • antispionagepro.com
    • antispypremium.com
    • antispywarecontrol.com
    • antispywaresuite.com
    • antiver2008.com
    • antivirusaskeladd.com
    • antivirusfiable.com
    • antivirusforall.com
    • antivirusforalla.com
    • antivirusfueralle.com
    • antivirusgenial.com
    • antivirusmagique.com
    • antivirusordi.com
    • antivirusparatodos.com
    • antiviruspcpakke.com
    • antiviruspcsuite.com
    • antiviruspertutti.com
    • antivirusscherm.com
    • antiworm2008.com
    • antiwurm2008.com
    • archivoprotector.com
    • avsystemcare.com
    • avsystemshield.com
    • barrevirus.com
    • bastioneantivirus.com
    • bestsellerantivirus.com
    • bortmedvirus.com
    • cerovirus.com
    • debellaworm2008.com
    • defensaantimalware.com
    • defensaantivirus.com
    • drivedefender.com
    • exterminadordevirus.com
    • fiksdinpc.com
    • mijnantivirus.com
    • mobileantiviruspro.com
    • norwayvirus.com
    • nowayvirus.com
    • pcantivirenloesung.com
    • plutoantivirus.com
    • viruscontrolleuer.com
    • zebraantivirus.com
    • zeusantivirus.com
    Portfolio three:
    • pcsecuresystem.com
    • antiworm2008.com
    • winsecureav.com
    • menacerescue.com
    • pcvirusless.com
    • lifelongpc.com
    • nochanceforvirus.com
    • menacemonitor.com
    • trojansfilter.com
    • longlifepc.com
    • knowhowprotection.com
    • bestsellerantivirus.com
    • pcvirussweeper.com
    • antiespiadorado.com
    • avsecurityplus.com
    • apolloantivirus.com
    • pcassertor.com
    • menacesecure.com
    • poseidonantivirus.com
    • trustedantivirus.net
    • pcboosterpro.com
    • defensivesystem.com
    • goldenantispy.com
    • avsystemcare.com
    • trustedantivirus.com
    • antimalwareshield.com
    • avsystemcare.com
    • antiviruspcsuite.com
    • antivirusforall.com
    • trustedprotection.com
    • nowayvirus.com
    • pcantiviruspro.com
    • antispywareconductor.com
    • antispywaremaster.com
    • turnkeyantivirus.com
    • yoursystemguard.com
0-= Continued @ DDanchev Blog
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [Apr 14]

Postby TeMerc » Thu May 15, 2008 9:56 am

Bakasoftware’s saga continues
Thursday, May 15, 2008
Bakasoftware (Bakasoftware.com) aka Pandora-Software is again busy releasing new rogue applications.

Advanced XP Defender is the new rogue from this group.

Site Name: Advancedxpdefender.com
IP Address: 216.240.138.207

Advanced XP Defender is a clone of WinIFixer application the scammers are so lazy that they even have left the traces of WinIFixer name in Advanced XP Defender application.

The group also uses many sites to push WinIFixer another rogue from the same group. Following are the different sites that are used for advertising WinIFixer.

Site Name: Winifixer.net
Site Name: Winifixer.org
Site Name: Winqfixer.com
IP Address: 216.240.138.207

The following is the affiliate program site

Site Name: Bakasoftware.net
IP Address: 216.240.138.206

Stay away from these sites.
0-= See Screenshots @ Bharath's Security Blog
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [May 15]

Postby TeMerc » Thu May 22, 2008 8:19 am

Advanced XP Fixer
Advanced XP Fixer is yet another Rogue from Bakasoftware (Bakasoftware.com) aka Pandora-Software. The application is a clone of WinIFixer application.

Site Name: Advancedxpfixer.com
IP Address: 216.240.139.169
0-= Screenshots @ Bharath's Security Blog

=======================================================

SpyGuarder
SpyGuarder is a new Rogue security application currently advertised/pushed by Trojan horse.

Site Name: SpyGuarder.com
IP Address: 208.85.178.132

SpyGuarder uses Software-payment.com site for payment processing. Beware that this site is also used by many other rogue security applications for payment processing.
0-= Screenshots @ Bharath's Securty Blog
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [May 25]

Postby TeMerc » Mon May 26, 2008 9:55 am

Recent Rogue Applications advertised by MediaTubeCodec Trojans
Monday May 26, 2008


Here is a list of new rogue Security applications that was advertised by MediaTubeCodec Trojans on infected systems.

Site Name: Antispywareexpert.com
IP Address: 92.62.100.64

Site Name: Antimalwareguard.com
Site Name: Antispywareexpertpro.com
IP Address: 195.5.117.248

The above mentioned sites distribute similar rogue security application. These applications are from AntiSpywareSolutionPro Inc. group (aka Winfixer).

Site Name: Pcprivacycleaner.com
IP Address: 92.62.100.64

Pcprivacycleaner is bogus/rogue privacy protection application by MediaTubeCodec Trojans.

Antivirus-2008-pro is a new rogue security application. Its an clone of Kvmsecure rogue application.
0-= More @ Bhrath's Security Blog
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [May 25]

Postby TeMerc » Fri May 30, 2008 10:21 am

MalwarePatrolPro is a new rogue security application from WinIFixer family of Rogue security applications. As usual this rogue is pushed by Fake codecs.

Site Name: Malwarepatrolpro.com
IP address: 216.240.139.169
0-= Screenshots @ Bharath's Security Blog
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [May 30]

Postby TeMerc » Fri May 30, 2008 10:40 am

Another rogue: PCPrivacy Cleaner @ Malwarebytes Blog

MBAM targets this infection
Image

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15990
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Re: Rogue Anti-Spyware List Update [May 30]

Postby TeMerc » Tue Jul 01, 2008 4:43 pm

Malwarebytes Anti-Malware Version 175 (7/1/08)

[Added]
AdvancedAntivirus, Antivirus2008, MalwarePatrolPro, MalwareProtector2008, SpyGuarder, System Antivirus, Ultimate Antivirus, Windows Antivirus, XPSecurityCenter

[Updated]
WinSpywareProtect

[Removed]
No applications were delisted.

[Notes]
No further comments.
Image

User avatar
secur3d
Moderators
Moderators
Posts: 203
Joined: Tue Jul 01, 2008 11:11 am
Area Of Expertise: Advanced, Expert in some areas.
experience: I know the functions, OS settings, registry tweaks and more
PC time: Alot more than I should
Location: USA
Contact:

Re: Rogue Anti-Spyware List Update [July 1]

Postby secur3d » Wed Jul 02, 2008 7:29 pm

Thanks for the info TeMerc. :)

-eXaByTe
secur3d TIC Moderator


Return to “Countermeasures Discussions\News”

Who is online

Users browsing this forum: No registered users and 1 guest