From: Microsoft Update Center [mailto:noreply@microsoft.com]
Sent: Sunday, October 25, 2009 10:30 AM
To:
Subject: Update for Microsoft Outlook
|
Update for Microsoft Outlook / Outlook Express (KB910721)Brief |
© |
Monday, October 26, 2009
Microsoft update email
Just came into one of my customers email although it looks real and like Microsoft sent it they did not. Do not click on the link or download the file.
Saturday, October 24, 2009
SoftCop Virus
How To Remove / Uninstall SoftCop Virus (Removal Guide)
If your computer got infected with the new SoftCop Virus, here is a way to remove it. Want to know how this malware got on your computer, what it does and how to remove it? Read on to find out.
If your computer got infected with the new SoftCop Virus, here is a way to remove it. Want to know how this malware got on your computer, what it does and how to remove it? Read on to find out.
SoftCop is not actually a virus as it is more a rogue-antivirus. That means SoftCop pretends it is an anti-virus program that detected infections on your computer and that you need to buy the program to remove them. However, these reports are fake as SoftCop is a malware itself. It just tries to trick you so that you give them your money. Do not buy SoftCop! If you already did, try contacting your credit card company for disputing the charges.
SoftCop can be downloaded by a number of sites that promote it as an anti-virus program. It also can get on your computer by masking Trojans as a Flash update that you need for online video viewing. The Trojans will then download the rest of the files and SoftCop will be autmatically set up to start next time you load the Windows Operating System. Then it will begin with the tricks we talked about earlier: fake scan reports that pretend to find infections on your computer that cannot be removed until you buy this fake software, fake Windows Security Center windows that advise you should buy SoftCop to protect your computer and a whole series of fake security messages and warnings.
How To Remove / Uninstall SoftCop Virus (Removal Guide)
What you should do is ignore all the warnings that SoftCop gives you and remove it from your computer.
Here is how to remove/uninstall SoftCop virus from your computer using the Malwarebytes’ Anti-Malware free program (MBAM).
Note: you may want to print out the instructions as we will require that you close all open windows and applications at some point in the process.
1. Click here to download Malwarebytes’ Anti-Malware for free.
2. Save the file called “mbam-setup.exe” on your desktop but don’t run it now.
3. Close all open windows and applications (this one too).
4. Run the mbam-setup.exe file that you downloaded earlier on your desktop.
5. Go through the installation process by following the instructions the wizard gives you. If you are not an experienced user, do not change the default settings.
6. Make sure that at the end of the installation you tell the program to automatically update itself and then launch when the install is finished (there will be boxes you need to check for each of these things).
7. When MBAM loads, go to the Scanner tab, select “Perform Quick Scan” and click Scan. Now wait for the program to scan your computer for malware.
8. When the scan is complete, go to the main Scanner tab and click “Show Results”.
9. Now MBAM will display all the malware it found on your desktop. Check all the results and click “Remove Selected”.
10. Malwarebytes’ Anti-Malware will now remove the malware it found. The program may require that you restart your computer at some point.
11. When the removal process is finished, a log will be displayed in Notepad. Close this
Now you should have removed SoftCop and any related files from your computer.
Thursday, October 22, 2009
Migrate to Windows 7--Slowly
Who says you have to make the move all at once? A gradual migration might make things easier--and safer.
Monday, October 19, 2009
Spammer.ANT
Common name:
Spammer.ANT
Technical name:
Trj/Spammer.ANT
Threat level:
Medium
Type:
Trojan
Effects:
It is designed to distribute the fake antivirus detected as AntivirusPro2010 by sending spam messages. It does not spread automatically by its own means.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
Oct. 2, 2009
Detection updated on:
Oct. 19, 2009
Statistics
No
Brief Description
Spammer.ANT is a Trojan designed to distribute the fake antivirus detected as AntivirusPro2010. In order to do so, it sends spam messages informing users about the state of a product that the user has supposedly ordered. This email contains an attached file which, once run, downloads and installs the fake antivirus in the computer.
Spammer.ANT does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.
Visible Symptoms
Spammer.ANT is easy to recognize, as it reaches the computer in a file with the following icon:
Friday, October 16, 2009
Trojan.PWS.OnlineGames.KCWP
Trojan.PWS.OnlineGames.KCWP( W32.Gammina.AG; Worm:Win32/Taterf.B )
Spreading: high
Damage: medium
Size: ~100 kbytes
Discovered: 2009 Oct 14
SYMPTOMS:
The following files will be found on an infected computer:%TEMP%\herss.exe%TEMP%\cvasds[random_one_digit_number].dll
TECHNICAL DESCRIPTION:
When executed this malware creates a copy of itself under herss.exe and adds this copy at startup using the following registry key: SoftWare\Microsoft\Windows\CurrentVersion\Run\Name: cdoosoftValue: %TEMP%\herss.exeNext it drops a .dll file in %TEMP% folder under cvasds[random_one_digit_number].dll and injects it in every running process.
This dll is the actual password stealing component. Some of the targeted games are: MapleStory, The Lord Of The Rings Online, Knight Online, Dekaron. The gathered data is sent to many IPs found inside the .dll file.
Both components of the malware are packed using NSAnti packer in order to avoid AV detection.
Spreading: high
Damage: medium
Size: ~100 kbytes
Discovered: 2009 Oct 14
SYMPTOMS:
The following files will be found on an infected computer:%TEMP%\herss.exe%TEMP%\cvasds[random_one_digit_number].dll
TECHNICAL DESCRIPTION:
When executed this malware creates a copy of itself under herss.exe and adds this copy at startup using the following registry key: SoftWare\Microsoft\Windows\CurrentVersion\Run\Name: cdoosoftValue: %TEMP%\herss.exeNext it drops a .dll file in %TEMP% folder under cvasds[random_one_digit_number].dll and injects it in every running process.
This dll is the actual password stealing component. Some of the targeted games are: MapleStory, The Lord Of The Rings Online, Knight Online, Dekaron. The gathered data is sent to many IPs found inside the .dll file.
Both components of the malware are packed using NSAnti packer in order to avoid AV detection.
Monday, October 12, 2009
WORM_ASPXOR.AB
Malware type: Worm
Aliases: No Alias Found
In the wild: Yes
Destructive: No
Language: English
Platform: Windows 98, ME, NT, 2000, XP, Server 2003
Overall risk rating:
attach_file_singleprofile('WORM_ASPXOR.AB',0,0);
Reported infections:
Low
attach_file_reportedInfection('WORM_ASPXOR.AB',0,0);
Damage potential:
Low
Distribution potential:
High
Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Threat Diagram shown below.
Malware Overview
This worm may be downloaded from remote sites by other malware. It may be dropped by other malware, specifically TROJ_DROPPER.JIZ. It may be downloaded unknowingly by a user when visiting malicious Web sites.
It registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating registry keys/entries. It creates registry keys/entries as part of its installation routine.
It drops component files.
It compromises Web sites to redirect users to URLs where a copy of itself may be downloaded.
Aliases: No Alias Found
In the wild: Yes
Destructive: No
Language: English
Platform: Windows 98, ME, NT, 2000, XP, Server 2003
Overall risk rating:
attach_file_singleprofile('WORM_ASPXOR.AB',0,0);
Reported infections:
Low
attach_file_reportedInfection('WORM_ASPXOR.AB',0,0);
Damage potential:
Low
Distribution potential:
High
Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Threat Diagram shown below.
Malware Overview
This worm may be downloaded from remote sites by other malware. It may be dropped by other malware, specifically TROJ_DROPPER.JIZ. It may be downloaded unknowingly by a user when visiting malicious Web sites.
It registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating registry keys/entries. It creates registry keys/entries as part of its installation routine.
It drops component files.
It compromises Web sites to redirect users to URLs where a copy of itself may be downloaded.
Saturday, October 10, 2009
AlphaAntivirus
Common name: AlphaAntivirus
Technical name: Adware/AlphaAntivirus
Threat level: Medium
Type: Adware
Effects:
It is an adware program which deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they are enticed to purchase a certain program. It can reach the computer downloaded from certain websites where banners or pop-up windows are displayed.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
Sept. 29, 2009
Detection updated on:
Oct. 2, 2009
Statistics
No
Brief Description
AlphaAntivirus is an adware program that deceives users warning them of unexisting threats in their computers so that they purchase a certain program that removes them from the computer.
AlphaAntivirus can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.
Visible Symptoms
AlphaAntivirus eis easy to recognize, as it displays the following symptoms:
When it is run, the installation process of the program starts and several screens are displayed, among them the following:
Once installed, it starts scanning the computer in search for possible malware:
Subscribe to:
Posts (Atom)
