Swatkat's rants

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, 23 June 2007

AVSystemCare – New fake anti-malware

Posted on 13:09 by Unknown
AVSystemCare is one of the latest fake/dubious anti-malware. The installer stub of AVSystemCare is detected by most of the AVs as a variant of "popular" WinFixer rogue software. AVSystemCare is one among numerous similar looking dubious software. Some of the clones are MenaceRescue, AntiSpywareSuite and GoldenAntiSpy etc. All of them have identical websites, and an example is shown in the below screen shot:


Below screen shot shows Virus.org Malware Scanner scan results of the installer stub:

When this stub is executed, it downloads a 14 MB (!) setup file through which the actual AVSystemCare is installed. This is how AVSystemCare looks like:


AVSystemCare installs some SSDT hooks, IAT hooks and Message Hooks as part of its "real-time monitor" and creates some "Run" Registry keys, as shown in below screen shots:




AVSystemCare also "updates" itself automatically by connecting to one of their servers:


Interestingly, it does seem to monitor the system in real-time, and it alerts the user when it detects a malware or when user tries to execute malware files:


However, this software is dubious and is not at all recommended for usage. The uninstaller provided with the software removes almost all of its traces. However, it is recommended to scan a PC with any of the popular and legitimate anti-malware tools. Also, RogueRemover - a tool from MalwareBytes.org - removes all the traces of AVSystemCare automatically, and it can be downloaded from here for free. More information about AVSystemCare is available at Symantec Security Response pages.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Ax Video Plugin
    Ax Video Plugin is one of the latest fake codec/plugin in the block. The site http://axvideodownload.com/ uses the same old fake "Vide...
  • Spyware Guard 2008
    Spyware Guard 2008 is a new rogue application. Does that name sound familiar? Well, yes, there is a legitimate application named SpywareGuar...
  • Javacool EULAlyzer!
    Have you ever read those ultra-long EULA (End User License Agreement) pages while you are installing any software? I think no one will read ...
  • Zlob brings back fake MP3s!
    Last August, I had blogged about Zlob gang using fake MP3 download sites to push their malware (link here ). Afterwards, we started to see m...
  • Myphonegames.co.uk hacked?!
    It seems that some pages of a mobile-phone games website www.myphonegames.co.uk have been hacked to execute malicious looking Javascript. A...
  • twitcurl - C++ twitter API library
    twitcurl is an open-source pure C++ library for twitter REST APIs. Currently, it has support for most of the twitter APIs and it will be upd...
  • DomPlayer - Rogue Multimedia Player
    DomPlayer is a new rogue multimedia player on the loose. The gang behind DomPlayer is making use of fake video files (available as torrents)...
  • Some new malware - a.exe, gop.exe etc
    We have some "new" malware this time, ranging from trojans to rootkits. One of them is a trojan which detected by some of the AVs ...
  • ThinkPoint rogue antivirus
    ThinkPoint is a new addition to the long list of rogue antivirus programs. ThinkPoint uses fake codec download tricks for its distribution. ...
  • Removing Mailbot.AZ (aka Rustok.A) Rootkit
    Mailbot.AZ (also known as PE386 or Rustock.A) is a kernel mode rootkit backdoor virus. It contains only one file-its driver-and it is stored...

Categories

  • a.exe
  • Autohotkey
  • C++
  • fake mp3 downloads
  • gop.exe
  • NewMediaCodec
  • OAuth
  • Orkut hating virus
  • Privacy Protector
  • rootkit
  • SysProt AntiRootkit
  • TDSServ rootkit removal
  • twitCurl
  • twitter
  • Udefender
  • Ultimate Cleaner
  • vdo_
  • Zlob
  • Zlob rootkit

Blog Archive

  • ►  2013 (1)
    • ►  June (1)
  • ►  2010 (6)
    • ►  October (2)
    • ►  September (2)
    • ►  July (1)
    • ►  April (1)
  • ►  2009 (12)
    • ►  September (1)
    • ►  May (1)
    • ►  April (1)
    • ►  March (4)
    • ►  January (5)
  • ►  2008 (44)
    • ►  December (6)
    • ►  November (6)
    • ►  October (4)
    • ►  September (15)
    • ►  August (2)
    • ►  June (2)
    • ►  May (1)
    • ►  April (1)
    • ►  March (6)
    • ►  January (1)
  • ▼  2007 (38)
    • ►  December (1)
    • ►  November (2)
    • ►  October (9)
    • ►  September (2)
    • ►  August (8)
    • ►  July (11)
    • ▼  June (3)
      • AVSystemCare – New fake anti-malware
      • InternetGameBox Rootkit
      • Update! SysProt AntiRootkit v1.0.0.4 Beta
    • ►  March (2)
  • ►  2006 (6)
    • ►  September (1)
    • ►  August (2)
    • ►  May (1)
    • ►  February (2)
  • ►  2005 (30)
    • ►  December (2)
    • ►  November (2)
    • ►  October (4)
    • ►  September (5)
    • ►  August (11)
    • ►  July (6)
Powered by Blogger.

About Me

Unknown
View my complete profile