Spam : Scandal: Obama Resignation Letter

The political onslaught continues. We are seeing lots of users in our diagnostic systems infected with the payload from these threats.

Barack Obama Resignation Letter

McCain Lawyer Impeach Obama!
McCain has reached an agreement with the Obama lawyers that makes Obama resignation effective November 11.
Barack Obama can lost President’s Chair.
McCain video report 10 November:

Clicking the link to view the story yields a news looking site where you are required to install the latest “Adobe Flash Player” to watch the movie – of course this leads to the infection.

Barack Obama Resignation Letter Website

Registry Modifications
HKCRCLSID{32C620D6-CC10-4e6a-9715-BACACD5B0E61}
InprocServer32#sxmg4.dll
ProgID#MS
TypeLib#{C8691316-2034-4350-9A66-6AE2FD9EE257}
HKCRCLSID{A744F16C-B2D5-4138-81A2-085CDFCDE83A}
InProcServer32#sxmg4.dll
HKLMSYSTEMCurrentControlSetEnumRootLEGACY_CBEVTSVC
HKLMSYSTEMCurrentControlSetEnumRootLEGACY_NEW_DRV
HKLMSYSTEMCurrentControlSetEnumRootLEGACY_PSYCHE
HKLMSYSTEMCurrentControlSetEnumRootLEGACY_PSYCHEENQUEUE
HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad#WebProxy
HKLMSYSTEMCurrentControlSetServicesCbEvtSvc
HKLMSYSTEMCurrentControlSetServicesnew_drv
HKLMSYSTEMCurrentControlSetServicespsyche
HKLMSYSTEMCurrentControlSetServicesPsycheEnqueue

File System Additions
%SYSTEMROOT%system32adult.txt [MD5:204481C0F1DF8BFB088549A9853E9A2C]
%SYSTEMROOT%system32CbEvtSvc.exe [MD5:BC86CD17838D88329CD44115C7546B1A]
%SYSTEMROOT%system32finance.txt [MD5:72504008E24620145E6139396C3FF2DA]
%SYSTEMROOT%system32lt.res [MD5:22AFC809719809C75A7C024878857B30]
%SYSTEMROOT%system32other.txt [MD5:62F6BE80059453CC5315AFCD3050E7F2]
%SYSTEMROOT%system32pharma.txt [MD5:4919CBEBB282FA70CB5D87CD8879CE7F]
%SYSTEMROOT%system32sft.res [MD5:D56D080C00DFA0E49411559F020AD7A5]
%SYSTEMROOT%system32sxmg4.dll [MD5:D6FDC0F17947E9D78E9AEA2DBC3C9E81]

Click here to download SUPERAntiSpyware to Remove this infection.

Spam : Barack Obama Sex Scandal

We are seeing an lots more Barack Obama E-Mails. Clicking the links in these will of course lead to an infection. Do not unzip the attachement!

Sample Barack Obama Sex Scandal E-Mail :

Barack Obama Sex Scandal

Barak Obama p0rn video, file attached, watch him

Registry Modifications
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalvbagz.sys
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkvbagz.sys
HKLMSYSTEMCurrentControlSetEnumRootLEGACY_VBAGZ
HKLMSYSTEMCurrentControlSetServicesvbagz

Click here to download SUPERAntiSpyware to Remove this infection.

New Rogue : SecureFileShredder

SecureFileShredder is yet another new/updated rogue – we have updated our definitions to detect and remove all traces of this rogue. Being distributed through the spam and keygen sites.

SecureFileShredder WebSite – DO NOT INSTALL
Rogue - SecureFileShredder.com

SecureFileShredder Application
Rogue - SecureFileShredder Main Screen

Associated File Items
%PROGRAMFILES%SecureFileShredder
%PROGRAMFILES%SecureFileShredderExpBtn.dll [MD5:4C0AE76052D36C303885D97AE7680259]
%PROGRAMFILES%SecureFileShredderExtSFS.dll [MD5:C2288C9B4997CA684F4522AF3A1E1FF2]
%PROGRAMFILES%SecureFileShredderFileMonitor.exe [MD5:B796AB758734A939F9C2DDA213084BB6]
%PROGRAMFILES%SecureFileShredderFileShredder.exe [MD5:DED319AE57BDCFCD7D6CCE1A33B464C7]
%PROGRAMFILES%SecureFileShredderFileShredder.ico [MD5:7B99696CD8DD31397357DF4316B4CC09]
%PROGRAMFILES%SecureFileShredderFileShredder.xml [MD5:30D357DE962073755FF0479D5A37308F]
%PROGRAMFILES%SecureFileShredderFShellEx.dll [MD5:6835BEB60D6B6C01531018ECFFA2BB53]
%PROGRAMFILES%SecureFileShreddernew.log
%PROGRAMFILES%SecureFileShredderSafeOper.dll [MD5:995A614F222C05177B3780B096BDD035]
%PROGRAMFILES%SecureFileShreddersecurefileshredder.url [MD5:212D424A9FC6327535042D5AB7622C13]
%PROGRAMFILES%SecureFileShredderunins000.dat [MD5:6D251102555331BC23FA9145E097EAD2]
%PROGRAMFILES%SecureFileShredderunins000.exe [MD5:8807C751A835B77C3759997B78613C88]

Click here to download SUPERAntiSpyware to Remove SecureFileShredder

New Rogue : UltraAntiVirus2009

UltraAntiVirus2009 is another new/updated rogue – we have updated our definitions to detect and remove all traces of this rogue. Being distributed through the “Recovery KEYS to your account” spam being distributed today.

Associated Files and Folders
%PROGRAMFILES%UltraAV
%PROGRAMFILES%UltraAVUltraAV.cpl
%PROGRAMFILES%UltraAVUltraAV.exe
%PROGRAMFILES%UltraAVUltraAV.ooo
%PROGRAMFILES%UltraAVUltraAV0.dat
%PROGRAMFILES%UltraAVUltraAV1.dat
%PROGRAMFILES%UltraAVUninstall.exe

Installer Application
Release_UNREG.exe

Click here to download SUPERAntiSpyware to Remove UltraAntiVirus2009

Warning Spam : Barack Obama Infection E-Mails

We are seeing an lots of Barack Obama E-Mails. Clicking the links in these will of course lead to an infection. Always pay attention to what you are opening!

Sample Barack Obama E-Mail :

Barack Obama Infection E-Mails

Spam Barack Obama E-Mail Text
Barack Obama Elected 44th President of United States

Barack Obama, unknown to most Americans just four years ago, will become the 44th president and the first African-American president of the United States.
Watch His amazing speech at November 5!

Proceed to the election results news page>>

2008 American Government Official Website
This site delivers information about current U.S. Foreign policy and about American life and culture.

Barack Obama Infection E-Mails