Virus Alerts

Microsoft update email

2009-10-26T05:28:00.000-07:00

Just came into one of my customers email although it looks real and like Microsoft sent it they did not. Do not click on the link or download the file.

From: Microsoft Update Center [mailto:noreply@microsoft.com]

Sent: Sunday, October 25, 2009 10:30 AM

To:

Subject: Update for Microsoft Outlook

Critical Update

Update for Microsoft Outlook / Outlook Express (KB910721)

Brief
Description

Microsoft has released an
update for Microsoft Outlook / Outlook Express. This update is critical and
provides you with the latest version of the Microsoft Outlook / Outlook
Express and offers the highest level of security and stability.

Instructions

To install Update
for Microsoft Outlook / Outlook Express (KB910721) please visit
Microsoft Update Center:

http://update.microsoft.com.feddddiz.eu/microsoftofficeupdate/KB910737/default.aspx?ln=en-us&email=office@clccnet.org&id=73815793458420297083401643384296246712058370

Quick Details

File Name:
officexp-KB910721-FullFile-ENU.exe

Version: 1.5

Date
Published: Sun, 25 Oct 2009 11:30:18 -0300

Language:
English

File Size:
100 KB

System
Requirements

Supported
Operating Systems: Windows
2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows
XP; Windows Vista

This
update applies to the following product: Microsoft Outlook / Outlook Express

SoftCop Virus

2009-10-24T07:20:00.000-07:00

How To Remove / Uninstall SoftCop Virus (Removal Guide)

If your computer got infected with the new SoftCop Virus, here is a way to remove it. Want to know how this malware got on your computer, what it does and how to remove it? Read on to find out.

SoftCop is not actually a virus as it is more a rogue-antivirus. That means SoftCop pretends it is an anti-virus program that detected infections on your computer and that you need to buy the program to remove them. However, these reports are fake as SoftCop is a malware itself. It just tries to trick you so that you give them your money. Do not buy SoftCop! If you already did, try contacting your credit card company for disputing the charges.

SoftCop can be downloaded by a number of sites that promote it as an anti-virus program. It also can get on your computer by masking Trojans as a Flash update that you need for online video viewing. The Trojans will then download the rest of the files and SoftCop will be autmatically set up to start next time you load the Windows Operating System. Then it will begin with the tricks we talked about earlier: fake scan reports that pretend to find infections on your computer that cannot be removed until you buy this fake software, fake Windows Security Center windows that advise you should buy SoftCop to protect your computer and a whole series of fake security messages and warnings.

How To Remove / Uninstall SoftCop Virus (Removal Guide)
What you should do is ignore all the warnings that SoftCop gives you and remove it from your computer.

Here is how to remove/uninstall SoftCop virus from your computer using the Malwarebytes’ Anti-Malware free program (MBAM).

Note: you may want to print out the instructions as we will require that you close all open windows and applications at some point in the process.

1. Click here to download Malwarebytes’ Anti-Malware for free.

2. Save the file called “mbam-setup.exe” on your desktop but don’t run it now.
3. Close all open windows and applications (this one too).

4. Run the mbam-setup.exe file that you downloaded earlier on your desktop.

5. Go through the installation process by following the instructions the wizard gives you. If you are not an experienced user, do not change the default settings.

6. Make sure that at the end of the installation you tell the program to automatically update itself and then launch when the install is finished (there will be boxes you need to check for each of these things).

7. When MBAM loads, go to the Scanner tab, select “Perform Quick Scan” and click Scan. Now wait for the program to scan your computer for malware.

8. When the scan is complete, go to the main Scanner tab and click “Show Results”.

9. Now MBAM will display all the malware it found on your desktop. Check all the results and click “Remove Selected”.

10. Malwarebytes’ Anti-Malware will now remove the malware it found. The program may require that you restart your computer at some point.

11. When the removal process is finished, a log will be displayed in Notepad. Close this

Now you should have removed SoftCop and any related files from your computer.

Migrate to Windows 7--Slowly

2009-10-22T04:33:00.000-07:00

Who says you have to make the move all at once? A gradual migration might make things easier--and safer.

Spammer.ANT

2009-10-19T04:39:00.000-07:00

Common name:
Spammer.ANT
Technical name:
Trj/Spammer.ANT
Threat level:
Medium
Type:
Trojan
Effects:
It is designed to distribute the fake antivirus detected as AntivirusPro2010 by sending spam messages. It does not spread automatically by its own means.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
Oct. 2, 2009
Detection updated on:
Oct. 19, 2009
Statistics
No
Brief Description

Spammer.ANT is a Trojan designed to distribute the fake antivirus detected as AntivirusPro2010. In order to do so, it sends spam messages informing users about the state of a product that the user has supposedly ordered. This email contains an attached file which, once run, downloads and installs the fake antivirus in the computer.
Spammer.ANT does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.

Visible Symptoms

Spammer.ANT is easy to recognize, as it reaches the computer in a file with the following icon:

Trojan.PWS.OnlineGames.KCWP

2009-10-16T14:19:00.000-07:00

Trojan.PWS.OnlineGames.KCWP( W32.Gammina.AG; Worm:Win32/Taterf.B )
Spreading: high
Damage: medium
Size: ~100 kbytes
Discovered: 2009 Oct 14

SYMPTOMS:
The following files will be found on an infected computer:%TEMP%\herss.exe%TEMP%\cvasds[random_one_digit_number].dll

TECHNICAL DESCRIPTION:
When executed this malware creates a copy of itself under herss.exe and adds this copy at startup using the following registry key: SoftWare\Microsoft\Windows\CurrentVersion\Run\Name: cdoosoftValue: %TEMP%\herss.exeNext it drops a .dll file in %TEMP% folder under cvasds[random_one_digit_number].dll and injects it in every running process.

This dll is the actual password stealing component. Some of the targeted games are: MapleStory, The Lord Of The Rings Online, Knight Online, Dekaron. The gathered data is sent to many IPs found inside the .dll file.

Both components of the malware are packed using NSAnti packer in order to avoid AV detection.

WORM_ASPXOR.AB

2009-10-12T09:31:00.000-07:00

Malware type: Worm
Aliases: No Alias Found
In the wild: Yes
Destructive: No
Language: English
Platform: Windows 98, ME, NT, 2000, XP, Server 2003
Overall risk rating:
attach_file_singleprofile('WORM_ASPXOR.AB',0,0);
Reported infections:
Low
attach_file_reportedInfection('WORM_ASPXOR.AB',0,0);
Damage potential:
Low
Distribution potential:
High
Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Threat Diagram shown below.

Malware Overview
This worm may be downloaded from remote sites by other malware. It may be dropped by other malware, specifically TROJ_DROPPER.JIZ. It may be downloaded unknowingly by a user when visiting malicious Web sites.
It registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating registry keys/entries. It creates registry keys/entries as part of its installation routine.
It drops component files.
It compromises Web sites to redirect users to URLs where a copy of itself may be downloaded.

AlphaAntivirus

2009-10-10T06:37:00.000-07:00

Common name: AlphaAntivirus
Technical name: Adware/AlphaAntivirus
Threat level: Medium
Type: Adware
Effects:
It is an adware program which deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they are enticed to purchase a certain program. It can reach the computer downloaded from certain websites where banners or pop-up windows are displayed.

Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95

First detected on:
Sept. 29, 2009

Detection updated on:
Oct. 2, 2009
Statistics
No

Brief Description

AlphaAntivirus is an adware program that deceives users warning them of unexisting threats in their computers so that they purchase a certain program that removes them from the computer.
AlphaAntivirus can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.

Visible Symptoms

AlphaAntivirus eis easy to recognize, as it displays the following symptoms:
When it is run, the installation process of the program starts and several screens are displayed, among them the following:

Once installed, it starts scanning the computer in search for possible malware:

SilentBanker.D

2009-10-10T06:35:00.000-07:00

Common name: SilentBanker.D
Technical name: Trj/SilentBanker.D
Threat level: Medium
Type: Trojan
Effects:
It is designed to intercept bank transfers and modify the account details to which users make the transfer, changing them to the account details of the cybercrook, without user's awareness. It does not spread automatically using its own means.

Affected platforms: Windows 2003/XP/2000/NT/ME/98/95
First detected on: Oct. 2, 2009
Detection updated on: Oct. 8, 2009
Statistics
No
Brief Description

SilentBanker.D is a Trojan designed to intercept bank transfers and modify the account details to which users make the transfer, changing them to the account details of the cybercrook, without user's awareness.
When users enter the details of the account to which the tranfer is going to be made in the legitimate website of the banking entity and the request is sent, the Trojan intercepts the request and modifies the data replacing them with the account details of its creator.
Then, users are redirected to a website which informs them that the transfer has been confirmed and which shows the details of the account to which the transfer has been made. However, this website is not the legitimate one, but a fake website displayed by the Trojan in order to deceive users.

SilentBanker.D does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.
Visible Symptoms

SilentBanker.D is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

Another Facebook Hoax Christopher Butterfield

2009-09-25T06:27:00.000-07:00

According to this warning message, a hacker named "Christopher Butterfield" is currently active. The message warns that simply accepting a "friend request" from Christopher Butterfield will allow him to hack into your computer and gain access to your email account. The warning is circulating rapidly via social networking websites such as Facebook as well as via email.

This warning is a hoax and has no basis in fact. It is nothing more than a new variant in a seemingly endless list of similar hoaxes. A number of versions of the hoax are currently circulating, including one that claims that a person named Simon Ashton is the supposed hacker. A 2007 version, which is very similar to the Christopher Butterfield version above, claimed that adding the email address "bum_tnoo7@hotmail.com" will allow a hacker to take control of your computer. The following example shows the similarities between the two versions:

if somebody called bum_tnoo7@hotmail.com adds you don't accept it because its a hacker. Tell everyone on your list because if somebody on your list adds them you get them on your list he'll figure out Your ID, computer address, so copy and paste this message to everyone even if you hate them and fast cause if he hacks their email he hacks your mail

Like all of these hoax warnings, the Christopher Butterfield version is technically impossible. The message suggests that just accepting "Christopher Butterfield" as a "friend" on your contact list will not only give the hacker access to your computer but to the computers of everyone else on your list as well. This is total nonsense. Hackers certainly do use a range of tactics to trick users into relinquishing access to their computers. Hackers might, for example, trick victims into installing trojan software that allows a computer to be controlled remotely. Or they might use a phishing attack to trick a victim into sending them personal information such as usernames and passwords, which would, of course, allow hackers to access their victim's account. However, even the smartest hacker will not be able to hack your computer just by being added to your contact list. For a hacking attempt to be successful, some sort of file transfer or exchange of information must take place.

Any warning message that claims that adding a contact address or accepting a friend request will, by itself, give a hacker access to your computer should be regarded as a hoax and should not be passed on to others.

The Fan Check Virus

2009-09-14T17:30:00.000-07:00

I have spent hours looking over this information and this is what I found:

We believe that this is merely a two part hoax: on one hand, you have a defunct application that allegedly lets you see who’s been visiting your Facebook profile – which cannot work due to Facebook’s policies, and all applications claiming to do so are scams. On the other, spammers and malicious hackers are feeding the rumors around this application to lead people to search for a solution, and getting their computers infected by malware in return.

This alleged virus has only been described on a couple of blogs, such as this one, but we’ve found no reports about it on sites of security firms such as McAfee or Symantec.

Source: mashable.com

ZOMFG! Another Facebook Virus!!! This time, it's a Facebook Fan Check application virus, attacking everyone who's using Fan Check to see who's visiting their pages. Whoah, whoah, whoah- hold yer horses there, Tex: chances are there's no virus. That's because Fan Check itself is BS. The ancient app never worked in the first place, and would violate Facebook's TOS even if it did. Which it didn't.
A few blogs have picked up this rumor (dare I say Truemor? I dare!), but no reputable security site has even mentioned it once. However, beware of so-called virus-fix sites, as they tend to bear evil gifts of... malware! Yup, the ol' switcheroo.
So, if you're still using Fan Check, then slap yourself in the face before uninstalling, but don't worry about malware.
At least not this time.

source:http://www.nowpublic.com/

Facebook Fan Check Virus scare leads to malware
Beware of Googling (or indeed Yahooing or Binging or using any other internet search engine) for information about something called "Facebook Fan Check Virus", as you're likely to end up on a website hosting malicious code.

Read this too:

http://www.sophos.com/blogs/gc/g/2009/09/07/facebook-fan-check-virus-scare-leads-malware/

SecretService

2009-08-05T05:18:00.001-07:00

Common name:
SecretService
Technical name:
Adware/SecretService
Threat level:
Medium
Type:
Adware
Effects:
It is an adware program which deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they are enticed to purchase a certain program. It can reach the computer through banners or pop-up windows which are displayed in certain websites.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
July 21, 2009
Detection updated on:
July 24, 2009
Statistics
No
Brief Description

SecretService is an adware program that deceives users warning them of unexisting threats in their computers so that they purchase a certain program that removes them from the computer.
SecretService can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program.
Visible Symptoms

SecretService is easy to recognize, as it shows the following symptoms:
When it is run, an interface like the following is displayed, which is similar to a legitimate security program:

Additionally, it adds an icon belonging to the program in the taskbar of the Internet Explorer browser:

Koobface.EA

2009-07-27T04:12:00.000-07:00

Common name:
Koobface.EA
Technical name:
W32/Koobface.EA.worm
Threat level:
Medium
Alias:
Net-Worm.Win32.Koobface.aub,
Type:
Worm
Effects:
Its main aim is to spread itself via the social network Facebook and affect as many computers as possible. It downloads and installs in the computer a fake antivirus program that warns users of unexisting threats.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
July 20, 2009
Detection updated on:
July 27, 2009
Statistics
No
Brief Description

Koobface.EA is a worm whose main aim is to spread itself via the social network Facebook and affect as many computers as possible.
Additionally, it downloads and installs in the computer a fake antivirus program that warns users of unexisting threats, so that they pay for a certain security solution.
Visible Symptoms

Koobface.EA is easy to recognize, as it spreads via the social network Facebook:
It publishes a video like the following in the home page of the user:

If the link is followed, users are redirected to a website that imitates YouTube's, where the video can be viewed.
However, in order to view the video, an Adobe Flash Player update is required:

.

HomeAntivirus2010

2009-07-24T03:06:00.000-07:00

Common name:
HomeAntivirus2010
Technical name:
Adware/HomeAntivirus2010
Threat level:
Medium
Type:
Adware
Effects:
It is an adware program which deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they are enticed to purchase a certain program. It can reach the computer through banners or pop-up windows which are displayed in certain websites.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
July 20, 2009
Detection updated on:
July 23, 2009
Statistics
No
Brief Description

HomeAntivirus2010 is an adware program that deceives users warning them of unexisting threats in their computers so that they purchase a certain program that removes them from the computer.
HomeAntivirus2010 can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program.
Visible Symptoms

HomeAntivirus2010 is easy to recognize, as it shows the following symptoms:
It reaches the computer with the following icon:

When it is run, the following installation screen is displayed, informing that the program is being downloaded:

PCSecurity2009

2009-07-17T06:22:00.001-07:00

Common name:
PCSecurity2009
Technical name:
Adware/PCSecurity2009
Threat level:
Medium
Type:
Adware
Effects:
It is an adware program which deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they are enticed to purchase a certain program. It can reach the computer through banners or pop-up windows which are displayed in certain websites.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
July 10, 2009
Detection updated on:
July 17, 2009
Statistics
No
Brief Description

PCSecurity2009 is an adware program that deceives users warning them of unexisting threats in their computers so that they purchase a certain program that removes them from the computer.
PCSecurity2009 can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program.
Visible Symptoms

PCSecurity2009 is easy to recognize, as it shows the following symptoms:
When it is run, the following installation screen is displayed, informing that the program is being downloaded:

Once installed, it displays a warning message in the Taskbar, informing users that their computer is infected:

SmartDefenderPro

2009-07-10T05:04:00.000-07:00

Common name:
SmartDefenderPro
Technical name:
Adware/SmartDefenderPro
Threat level:
Medium
Type:
Adware
Effects:
It is an adware program which deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they are enticed to purchase a certain program. It can reach the computer through banners or pop-up windows which are displayed in certain websites.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
July 8, 2009
Detection updated on:
July 10, 2009
Statistics
No
Brief Description

SmartDefenderPro is an adware program that deceives users warning them of unexisting threats in their computers so that they purchase a certain program that removes them from the computer.
SmartDefenderPro can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program.
Visible Symptoms

SmartDefenderPro is easy to recognize, as it shows the following symptoms:
When it is run, the program starts scanning the system in search for possible malware:

Once finished, a warning message is displayed, informing users that their computer is infected:

Waledac.BN

2009-07-08T11:02:00.000-07:00

Common name: Waledac.BN
Technical name: W32/Waledac.BN.worm
Threat level: Medium
Type: Worm
Effects: It sends spam messages related to pharmaceutical products. It spreads in email messages related to the celebrations of the Independence Day which takes place on 4th of July.

Affected platforms: Windows 2003/XP/2000/NT/ME/98/95

First detected on: July 6, 2009
Detection updated on: July 7, 2009
Statistics No
Brief Description
Waledac.BN is a worm which is designed to send spam messages related to pharmaceutical products to the email addresses gathered from the affected computer.

Waledac.BN spreads via email in messages about the 4th of July, the Independence Day of the United States.

Visible Symptoms
Waledac.BN is easy to recognize, as it spreads via email in messages related to the celebrations of the Indepence Day. The message contains a link to a video about this special date, the 4th of July:

Sinowal.WKM

2009-07-08T11:00:00.000-07:00

Common name:
Sinowal.WKM
Technical name:
Trj/Sinowal.WKM
Threat level:
Medium
Type:
Trojan
Effects:
It is designed to steal user's confidential information, such as passwords related to different web services or banking entities. It reaches the computer in an email message about who killed Michael Jackson.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
July 7, 2009
Detection updated on:
July 8, 2009
Statistics
No
Brief Description

Sinowal.WKM is a Trojan designed to steal user's confidential information, such as passwords related to different web services or banking entities.
Sinowal.WKM reaches the computer in an email message about who killed Michael Jackson.
Visible Symptoms

Sinowal.WKM is easy to recognize, as it reaches the computer in an email message about who killed Michael Jackson.
The following image belongs to the message:

Brontok.KN

2009-06-30T05:29:00.001-07:00

Common name:
Brontok.KN
Technical name:
W32/Brontok.KN
Threat level:
Medium
Type:
Virus
Effects:
It infects the files with an EXE extension it finds in the affected computer and reduces the security level of the system, as it deletes the files belonging to several antivirus programs and ends processes related to security programs. It reaches the computer by distributing the previously infected files.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
June 22, 2009
Detection updated on:
June 29, 2009
Statistics
No

KillRDLL.A

2009-06-25T08:14:00.000-07:00

Common name:
KillRDLL.A
Technical name:
Trj/KillRDLL.A
Threat level:
Medium
Type:
Trojan
Effects:
It creates a copy of itself whenever the user accesses a directory. This file has the icon of a Windows folder and the extension hidden so that the user thinks it is a folder. It does not spread automatically using its own means.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
June 23, 2009
Detection updated on:
June 25, 2009
Statistics
No
Brief Description

KillRDLL.A is a Trojan designed to create a copy of itself whenever the user accesses a directory. This file has the icon of a Windows folder and the extension hidden so that the user thinks it is a folder.
If the user accesses any subdirectory, it also creates the copy of itself.
KillRDLL.A does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.
Visible Symptoms

KillRDLL.A is easy to recognize, as it displays the following symptoms:
Whenever the user accesses any directory, it creates a new folder, which is actually a copy of itself. The folder Favorites of the image, is in fact a copy of the Trojan disguised as a Windows folder:

These are some of the names it uses, among others:

Angelina Jolie

ClipsDocuments

Favorites

Flash GamesGames

My Documents

My FolderPicture

VideoWallPapers

Addiionally, when it is run, it opens the website of a search engine which falsifies the results:

Terminator2009

2009-06-25T03:09:00.001-07:00

Common name:
Terminator2009
Technical name:
Adware/Terminator2009
Threat level:
Medium
Type:
Adware
Effects:
It passes itself off as a legitimate antivirus program with options and functions similar to those of a real antivirus solution. It detects spyware activity, which is false, and simulates that it has been blocked. It can reach the computer through banners or pop-up windows which are displayed in certain websites.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
June 24, 2009
Detection updated on:
June 25, 2009
Statistics
No
Brief Description

Terminator2009 is an adware program that passes itself off as a legitimate antivirus program with options and functions similar to those of a real antivirus solution.
Among the options it offers, it can carry out scans of the system in search for possible malware. If the scan is performed, it will detect spyware activity, which is false, and will simulate that it has been blocked.
Its objective is to make users purchase the full version of the program, which is not free.
Terminator2009 can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program.
Visible Symptoms

Terminator2009 is easy to recognize, as it shows the following symptoms:
When it is run, a window is displayed with an interface similar to an antivirus program's.
Among the options it offers, it can carry out scans of the system in search for possible malware.
If the users clicks this option, it starts scanning the system and displays periodically security warnings informing users that spyware activity has been detected and blocked:

Rimecud.E

2009-06-25T03:08:00.001-07:00

Common name:
Rimecud.E
Technical name:
W32/Rimecud.E.worm
Threat level:
Medium
Alias:
Trojan.Win32.Buzus.bhnb,
Type:
Worm
Effects:
It downloads malware to the affected computer which is designed to send spam messages and to download more malware. It spreads itself via certain P2P programs, the MSN Messenger and through removable drives.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
June 24, 2009
Detection updated on:
June 24, 2009
Statistics
No
Brief Description

Rimecud.E is a worm which downloads malware to the affected computer from certain websites. The malware it downloads is designed to send spam messages and to download more malware.
Rimecud.E uses the following means to spread:
it copies in the folders belonging to several P2P file sharing programs, such as Bearshare and eMule.
the instant messaging program MSN Messenger.
it copies in the removable drives of the system.
Visible Symptoms

Rimecud.E is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

2009-06-21T17:53:00.000-07:00

Common name: FastAntivirus2009
Technical name: Adware/FastAntivirus2009
Threat level: Medium
Type: Adware
Effects: It is an adware program which deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they are enticed to purchase a certain program. It can reach the computer through banners or pop-up windows which are displayed in certain websites.

Affected platforms: Windows 2003/XP/2000/NT/ME/98/95

First detected on: June 10, 2009
Detection updated on: June 16, 2009
Statistics No
Brief Description
FastAntivirus2009 is an adware program that deceives users warning them of unexisting threats in their computers so that they purchase a certain program that removes them from the computer.

Additionally, it prevents many files from being run, which belong to antivirus and security programs, and firewalls, among others, leaving the computer vulnerable against possible malware.

FastAntivirus2009 can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program.

Visible Symptoms
FastAntivirus2009 is easy to recognize, as it shows the following symptoms:

When it is run, it displays a window like the following:

Once installed, the program starts scanning the hard disk in search for possible malware:

XPDeluxeProtector

2009-06-21T17:39:00.001-07:00

Common name:
XPDeluxeProtector
Technical name:
Adware/XPDeluxeProtector
Threat level:
Medium
Type:
Adware
Effects:
It is an adware program which deceives users and warns them of unexisting threats in their computers. In order to eliminate them, they are enticed to purchase a certain program.
Affected platforms:
Windows 2003/XP/2000/NT
First detected on:
June 5, 2009
Detection updated on:
June 9, 2009
Statistics
No
Brief Description

XPDeluxeProtector is an adware program that deceives users warning them of unexisting threats in their computers so that they purchase a certain program that removes them from the computer.
XPDeluxeProtector can be voluntarily downloaded from the website belonging to the company that has developed it.
Visible Symptoms

XPDeluxeProtector is easy to recognize, as it shows the following symptoms:
When it is run, it displays a window like the following:

Once installed, the program starts scanning the hard disk in search for possible malware:

2009-06-21T17:25:00.000-07:00

Common name: MSNworm.GM
Technical name: W32/MSNworm.GM.worm
Threat level: Medium
Type: Worm
Effects: Its main aim is to spread itself via the instant messaging program MSN Messenger and affect as many computers as possible.

Affected platforms: Windows 2003/XP/2000/NT/ME/98/95

First detected on: June 15, 2009
Detection updated on: June 16, 2009
Statistics No
Brief Description
MSNworm.GM is a worm whose main aim is to spread itself via the instant messaging program MSN Messenger and affect as many computers as possible.

Visible Symptoms
MSNworm.GM is easy to recognize, as it displays the following symptoms:

It spreads via the instant messaging program MSN Messenger in a message containing a file which passes itself off as an image.
When the file is run, the following error message is displayed:

Snapper.C

2009-06-12T05:40:00.001-07:00

Common name:
Snapper.C
Technical name:
W32/Snapper.C.worm
Threat level:
Low
Type:
Worm
Effects:
It makes screenshots each 9 seconds. This way, it can obtain information about the user's movements, actions, habits or even confidential information. It spreads through shared, mapped and removable drives, making copies of itself in them.
Affected platforms:
Windows 2003/XP/2000/NT/ME/98/95
First detected on:
June 8, 2009
Detection updated on:
June 12, 2009
Statistics
No

Brief Description

Snapper.C is a worm which makes screenshots each 9 seconds and stores them in a directory of the system. These screenshots allow its creator to obtain information about the user's movements, actions, habits or even confidential information.
Snapper.C spreads through shared, mapped and removable drives, making copies of itself in them.

Visible Symptoms

Snapper.C is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.