Rebranded Rogue Anti-Virus Strikes Again

Recently, we analysed samples of a new fake anti-virus program that brands itself as Alpha Antivirus. This program uses the following filenames: alphaav.exe and msnaoladdon.dll.

Alpha Antivirus is a new FakeAlert variant evolved from the Personal Antivirus family of rogue anti-virus software. Like many FakeAlert malware, Alpha Antivirus promotes itself through the use of pop-up web pages hosted on malicious websites. These web pages mimic a Windows Explorer folder and a Windows Security Alert dialog, and perform a free but fake online scanning of the affected system.



The following domains were known to host the fake online-scanning web pages and the main executable of Alpha Antivirus:

mycompinfo17.com
internetantivirusproscanner.com
mycomputeronlinescan11.com
internetsecurityscan.com
mycompscanner07.com
mycompscanner42.com
internetantivirusproscan.com
windowsdefenderupdate5.com
securitybugfixupdate6.com
The software prompts the user to install Alpha Antivirus. Once executed, it launches fake scanning and reports multiple infections:



This variant drops a copy of itself as %ProgramFiles%\AlphaAV\AlphaAV.exe and a msnaoladdon.dll component in the Windows System folder, and installs the DLL file as a browser helper object.

(%ProgramFiles% refers to the Programs folder, for example, C:\Program Files.)

AlphaAV.exe is detected as FakeAlert-DI, while msnaoladdon.dll is detected as FakeAlert-EQ.

Frequently, we see abrupt changes in branding, filenames, and GUIs used by the same fake anti-virus programs. As more security vendors and researchers publish their findings about new rogue anti-virus programs, malware authors try to repackage their “products” with new brand names and filenames and try to use more obfuscation and encryption on their files in an attempt to avoid being recognised by users and in some cases evade detection by security vendors.

http://www.trustedsource.org/blog/305/Rebranded-Rogue-Anti-Virus-Strikes-Again


Brought to you by

Jesus it's too early for this shit Dain.


OH and PS, the best free anti-malware scanner out there is this little guy, and you should be using it if you own one of these here Windoze komputers, and it wipes this crap completely out.




download here.........

http://majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html#

I've got something on my computer now, I can tell because it takes a good 15 to 20 seconds for it to shut down where when it's a new install it takes all of maybe 2 or 3 seconds. The next rainy day I plan to reformat and reinstall because that's the only way I know to be sure I am rid of whatever it is. This started happening right after I installed opera10 and gave it a try, I don't know why I bother with shit like trying the other browsers cause every time I have I wind up wishing I'd never put that damn thing on my machine to begin with. I use my own hacked version of xp home using nlite and ie8 and as long as I stay away from trying other browsers I'll be fine but when opera10 came out and I was reading some of the reviews I thought well maybe this is good and that I should try it. fuck that kind of thinking from me ever again.

Malwarebytes I like but it does not, and I repeat, does not always catch everything, just so's you no

and also have it on a thumb drive for remote scanning at work. It has proven time and again to be the best out there. For additional protection, A-Squared FREE

http://www.emsisoft.com/en/software/free/

And SUPERantispyware

http://www.superantispyware.com/

are great additions to increase your wall of protection.

but for some reason of which I can't remember now I don't have it on here now. I've got the reformat and reloading of xp down pat and try not to visit sites where I might get shit from, so I use that to help me. I've put cookienator on my machine, thanks for the link btw, and it seems to be helping to keep my cookies under control. Oh I might add I don't use this computer for anything except an occassional ebay purchase and AutoCad so its not that big of a deal to reload xp. If I was keeping my records and things on here it'd be a whole new ball game though.

early on a couple of purchased antivirus and antispyware program soured me on the bought programs, now I pretty much stay with the free stuff. I'm using cloud antivirus now and like it well. Since I put it on this last reloading of xp it's stop a total of 5, I think it is, attempts on putting shit on my computer. I like it well as it seems to just set there and not get in the way ever. When it comes out of beta and requires a purchase I'll probably pay for it because I like it that well.

kicks the crap out of those Adobe stealth cookies don't it?

:hi:

http://majorgeeks.com/Cookienator_d6186.html#

Cookienator is a tool that will help you remain anonymous from search engines such as Google and other notorious web-usage trackers such as Doubleclick or Omniture.

Many websites install cookies in your browser, and these little bits of tracking data will be used to identify you for as long as you keep using your computer. In the past few years I have been alternating between religiously clearing my cookies from time to time, or neglecting to do so with hope that these corporations will live up to their vague promises of doing no evil.

and you may be able to help me to understand but I have IE set to start with inprivate as the default and I seem to not have any problems with going to any of the sites I visit or following the links, so as it is now I wonder why everyone doesn't use this feature. Like I said though I don't really understand what's going on there. I've been using CCleaner for eons now and will, as it stands today, always have it on my computer. I use it often in fact at least once a day. I just don't like the idea that someone somewhere is possibly keeping tabs on me for whatever the reasons are, it just pisses me off the thought of that so I try to make sure to make it as difficult as I can for that to be.
Thanks for all the good you do and I'm not just talking about here with our computers either, I'm talking about the passion you have in helping to protect one of our manufacturing bases, our automobile companies. For that I'll always put you on a pedestal.

Have a great day. :hi:

I'm a ford man and you seem to be a gm man and thats good because they're both American companies in competition with each other making them to build better and better vehicles. I have a neighbor who used to be a TOY'ota man but I've about convinced him that ford is the way to go. He recently bought his first ford product, he's 66 yo BTW, a ford ranger and is now looking at a ford focus to replace his TOY'ota with. Yea the one he has spent several hundred dollars on since he bought it a couple years ago and now has close to a hundred thousand miles on. We have two '98 fords, F150 we bought new and '98 explorer we bought slightly used and the only thing I had to do to either was on the F150 I had plugs put in at 100 thousand miles and a vacuum hose on the explorer and I had to replace the dryer on the ac on it. Done the job myself so it only cost me the price of the part and the freon. Since the system still had pressure on it when I opened it up I never even bother to pull a vacuum on it and its not been a problem as the air works as good or better than it did when new. So we've spent hardly any money on our fords where my neighbor has spent many hundreds on his TOY'ota and is now seeing the light. I don't care what kind of a vehicle someone drives brand wise, it's none of my business to begin with, I just like to see it be one of our big three. Personally I like fords better but its no big deal. I guess it's maybe because as a lad my parents drove a model a ford as an everyday auto. yes I'm old and from a poor family and proud of both.

InPrivate Browsing in Internet Explorer 8 helps prevent your browsing history, temporary Internet files, form data, cookies, and usernames and passwords from being retained by the browser, leaving no evidence of your browsing or search history. IE8 is a good improvement over IE7, but it depends on what type of browsing you do. If like so many who use their compooters, they have no idea about security or what else is looking at the web page besides them, it makes no difference. After 15 years of being involved with the Internet and computers (I remember when having 6,000,000 pages of documents as a reference was considered a huge amount of information by ALtaVista, and they bragged about it) people are generally just lazy when it comes to 'pooter security. Whenever I get a system to clean (and it's about two a week) I find over 500 threats or actual infections on average. I've recently taken to removing hard drives, hooking them up externally via a USB to IDE/SATA cable,


and scanning them on a box I created JUST for that purpose. This way I don't have to sit and try and get the system to boot or block everything from loading while I attempt to boot it.




And thank you. As you are a passionate defender of Ford, I have been a GM/Chevy guy since I was a teenager. Most people here don't understand the love some of us old timers have for cars, which is why they drive imported appliances. Soulless convenience.

Be well.


:pals:

Taking forever to boot to the desktop and running extremely slow is more the sign of an infection.

NO antimalware app is 100% effective but if you run two different ones the overlap is usually 100+%.

I use Malwarebytes and Spybot S&D together along with AVG for antivirus. I refuse to use IE and Outlook-that alone eliminates 99% of the problems.

Every system that I've built and sold, every one that's come in for me to be disinfected goes out the door with those programs on it.

I've had two out of about 200 come back reinfected. One came back with AVG disabled and when I asked why
"I got tired of the AVG warning screen popping up when I was looking at porn."

My response was "What part of 'Danger, danger, Will Robinson!' did you not understand?"

The other was a case of clicking on a popup and getting malware.

I flat out don't like firefox and everytime I've tried it I can't seem to get it off my machine fast enough. the only problems I've had, other than this slow shutdown now, is because of my own stupidity in clicking on something I shouldn't have. I don't want to argue whether to use ie or firefox though and nothing anyone says will change my mind on that, again.

I've timed, with a stop watch, doing different things, doing the same thing mind you using both browsers so I'm comparing apples to apples, with firefox and ie and ie has always come out on top, whats the deal with that? The reason I say that is because I've from time to time read that firefox is faster but the couple times I've actually been bored enough to compare the two, like I said on my machines it's always been ie coming out on top.

Oh I'm not one to take someone else's word on something either until I try it myself, such as believing that firefox is faster or better because someone said so. btw

I keep a lean and mean machine in case you wonder cause I'm a speed freak and don't need a bunch of trash clogging up the system. Cloud antivirus is the only thing that starts when I boot up.

No big deal though :hi:

It's put out by Mozilla-the same people that do Firefox-it has more of the look and feel of the old Netscape.

but I'm happy with exPLODer, as some puts it, though.

BTW, I have puppy linux on a sd card that I thought I'd use to fix my xp if and when it fucks up but I've never used it for that for some reason.

Highly recommended

If a fake IE window opens up on my browser, I'm immediately suspicious.

and begins a scan. If you try to close it, no means yes. CTRL/F4 is the best method of stopping it, but you still have to immediately scan because it is in the temp folders waiting for a restart to become resident.

I hit Reset and the boot in Safe Mode and scan.
I hit the Warez/crack sites on a regular basis and have never been infected. Have had AVG warnings come on, which is when I hit reset. I also manually clean out all temp, etc. files. I'm an old DOS boy, so I'm not afraid of system and other files. When I download anything, I save it to a different partition than C: drive and scan before opening.

I still go to dos for several things I do. I like that environment and would only use it if it was possible to do the things I do now.

Also, can someone keep this kicked? I would but am out all day. From the amount of crap getting caught in my email protection programs, seems a LOT of people out there have a lot of cooties on their machines. They need to get some help. This thread is a great start.

operating system file trying to fix something that wasn't wrong.

I got a major trojan last year and it was the only one that saved me from reformatting.

Since then, I've gotten smarter with a good firewall, Avast antivirus and NoScript for my Firefox.

Just wondering?

:hi:

thinking it is windoze (and it does not dual-boot)... "Windows Security Alert" my ass. :rofl: :rofl: :rofl:

before they actually USE the OS.

Lotta wasted time.

It lets you sandbox applications or the install of applications, so they do not have contact with the rest of your system. It does this by getting between the application and your computer and making the application think it's installing to C:\Program Files when in fact it's installing to C:\Documents and Settings\(your username)\Application Data\Sandbox\DefaultBox\drive\C:\Program Files. This goes for any directory on your hard drive. It also fakes the registry and it stores the registry entries for the application in a file called RegHive located in C:\Documents and Settings\(your user name)\Application Data\Sandbox\DefaultBox instead of the actual windows registry.

An example of this would be to download an application that you are not quite sure about or just want to install without worrying about it damaging your system. You can right click the .EXE and then choose “Run Sandboxed”. It then proceeds to install the application to the sandboxed location. Because it installs everything in the sandbox it's very easy to remove every trace of the application from the hard drive. You simply have to tell Sandboxie to delete the sandbox (function menu / contents of sandbox / delete contents) and the application you just installed is now gone from your computer.

http://www.sandboxie.com
-----------------------------------------------------------------
Firefox users can install the BetterPrivacy add-on in order to control and delete flash cookies.

CPU-Z 1.52.2

CPU-Z is a freeware utility that gathers information on some of the main devices of your system. CPU-Z does not need to be installed, just unzip the files in a directory and run the .exe. In order to remove the program, just delete the files. The program does not copy any file in any Windows directory, nor write to the registry.

CPU

Name and number.
Core stepping and process.
Package.
Core voltage.
Internal and external clocks, clock multiplier.
Supported instructions sets.
All cache levels (location, size, speed, technology).
Mainboard

Vendor, model and revision.
BIOS model and date.
Chipset (northbridge and southbridge) and sensor.
Graphic interface.
Memory

Frequency and timings.
Module(s) specification using SPD (Serial Presence Detect) : vendor, serial number, timings table.
System

Windows and DirectX version.



Find out what is really inside of your compooter.

http://www.filehippo.com/download_cpuz/#


I go shopping cya's latter!