PC Pals Forum

Technical Help & Discussion => General Tech Discussion, News & Q&A => Topic started by: Clive on August 27, 2009, 23:44

Title: New 'rogueware' variants spotted
Post by: Clive on August 27, 2009, 23:44

Security researchers have warned of three new variants of fake anti-virus programs, also known as 'rogueware', in circulation.

The malware attempts to convince anyone unwise enough to install it on their system that they should hand over money in order to wipe non-existent viruses from their system.

The three programs use different names but look very similar.

"Three of the new families we've seen this week, called SaveKeep, SaveSoldier and TrustNinja are at the end the same rogueware but rebranded, which is one of the common strategies they use," said Luis Corrons of PandaLabs.

Using programs that claim to be legitimate anti-virus software has become a common tactic among cybercriminals.

AntiVirus XP and VirusRemover 2008 both emerged last year, aiming to con surfers into paying money to have non-existent infections removed.

Title: Re: New 'rogueware' variants spotted
Post by: Simon on August 27, 2009, 23:46

Thanks for the heads up, Clive.  :)

Title: Re: New 'rogueware' variants spotted
Post by: chorleydave on August 28, 2009, 01:06

I've spent most of the day cleaning a friend's computer from one of these programs called "Personal Antivirus".  I had to remove it manually as none of the usual anti-malware programs could remove it (i.e. Malwarebytes, AVG, Superantispyware etc.).  In fact, these programs wouldn't even install until I changed the name of them and then they found it but couldn't cure it.

Title: Re: New 'rogueware' variants spotted
Post by: sam on August 28, 2009, 02:48

Quote from: Simon on August 27, 2009, 23:46

Thanks for the heads up, Clive.  :)

more doom and gloom eh Clive?  :woot:

Title: Re: New 'rogueware' variants spotted
Post by: Clive on August 28, 2009, 09:14

Beware the Ides of March.   :laugh:

Title: Re: New 'rogueware' variants spotted
Post by: davy51 on August 28, 2009, 13:48

I got one of these last week in a drive by
It didnt ask for permission to download
It disabled my firewall and all antivirus and spyware hunters

Anytime i  went online to run a anti virus or spyware scan it would reboot the computer

Almost impossible to get rid of it locked the program so I couldnt delete it had to use an unlocker before I could delete it

Mine was TSSD!IK

Title: Re: New 'rogueware' variants spotted
Post by: GillE on August 28, 2009, 14:32

Politicians are rogueware.  Every few years they keep coming back and asking for your vote.  If nobody fed them, perhaps they would go away.

Title: Re: New 'rogueware' variants spotted
Post by: Clive on August 28, 2009, 17:41

Quote from: davy51 on August 28, 2009, 13:48

Almost impossible to get rid of it locked the program so I couldnt delete it had to use an unlocker before I could delete it

Mine was TSSD!IK

That must have been very scary davy.  Where did you manage to get the unlocker?   :dunno:

Title: Re: New 'rogueware' variants spotted
Post by: davy51 on August 28, 2009, 18:17

Quote from: Clive on August 28, 2009, 17:41

That must have been very scary davy.  Where did you manage to get the unlocker?   :dunno:

I got it here Clive it will unlock most programs unless they are protected by some brands of firewalls
http://ccollomb.free.fr/unlocker/

Title: Re: New 'rogueware' variants spotted
Post by: Clive on August 28, 2009, 19:29

Thanks very much davy.  That might prove very useful!   8-)

Title: Re: New 'rogueware' variants spotted
Post by: davy51 on August 29, 2009, 01:29

Your welcome Clive
I have others if you ever need them