SUPERAntiSpyware Malware Research and Removal Blog

New Rogue : UnVirex

admin — Wed, 03 Jun 2009 00:02:42 +0000

UnVirex is a new/updated rogue. We have updated our definitions to detect and remove all traces of this rogue. Being distributed through the spam and adult/keygen sites.

UnVirex Application

Files/Folders Created
%CSIDL_COMMON_PROGRAMS%\UNVIREX.LNK
%CSIDL_COMMON_PROGRAMS%\UNVIREX
%CSIDL_COMMON_PROGRAMS%\UNVIREX\HOW TO REGISTER UNVIREX.LNK
%CSIDL_COMMON_PROGRAMS%\UNVIREX\REGISTER UNVIREX.LNK
%CSIDL_COMMON_PROGRAMS%\UNVIREX\UNVIREX.LNK
%PROGRAMFILES%\UNVIREX
%PROGRAMFILES%\UNVIREX\DAILY.CVD
%PROGRAMFILES%\UNVIREX\DRVFLTIP.SYS
%PROGRAMFILES%\UNVIREX\HJENGINE.DLL
%PROGRAMFILES%\UNVIREX\IEADDON.DLL
%PROGRAMFILES%\UNVIREX\MAIN.CVD
%PROGRAMFILES%\UNVIREX\MFC71.DLL
%PROGRAMFILES%\UNVIREX\MFC71ENU.DLL
%PROGRAMFILES%\UNVIREX\MSVCP71.DLL
%PROGRAMFILES%\UNVIREX\MSVCR71.DLL
%PROGRAMFILES%\UNVIREX\PTHREADVC2.DLL
%PROGRAMFILES%\UNVIREX\SHELLEXT.DLL
%PROGRAMFILES%\UNVIREX\SIGLSP.DLL
%PROGRAMFILES%\UNVIREX\UNINSTALL.EXE
%PROGRAMFILES%\UNVIREX\UNVIREX.EXE

Registry Items Created/Added
HKLM\SOFTWARE\UnVirex#ADVid =
HKLM\SOFTWARE\UnVirex# = C:\Program Files\UnVirex
HKLM\SOFTWARE\UnVirex#InstallDir = C:\Program Files\UnVirex
HKLM\SOFTWARE\UnVirex#SoftID = UnVirex
HKLM\SOFTWARE\UnVirex#ScanSystemOnStartup
HKLM\SOFTWARE\UnVirex#AutomaticallyUpdates
HKLM\SOFTWARE\UnVirex#MinimizeOnStart
HKLM\SOFTWARE\UnVirex#BackgroundScan
HKLM\SOFTWARE\UnVirex#BackgroundScanTimeout
HKLM\SOFTWARE\UnVirex#LastTimeStamp

Click here to download SUPERAntiSpyware to Remove UnVirex

SUPERSampleSubmit - Submit Samples

admin — Thu, 28 May 2009 18:10:31 +0000

We have just released a utility called “SUPERSampleSubmit” to make it easier for users to submit samples for review and analysis.

The link to the utility is :
http://www.superantispyware.com/downloads/SUPERSampleSubmit.exe

Please ONLY submit files you believe are “harmful” and they will be analyzed by our labs on a priority basis.

Threat Research Center

admin — Thu, 21 May 2009 23:00:35 +0000

We are always asked “Does SUPERAntiSpyware detect ?” or “I have running on my computer, what is it?” - we decided to post our live threats stream on our Threat Research Center here:

Threat Research Center
http://www.superantispyware.com/threatresearchcenter.html

The files are updated several times a day and are from real infected systems. If you have an infection that can’t be removed by SUPERAntiSpyware or another product, please do not hesitate to contact us via our forums (link below) or submit a support request!

SUPERAntiSpyware Forums
http://forums.superantispyware.com

We also have our File Research Center here:
http://www.fileresearchcenter.com

New Rogue : Renus 2008

admin — Wed, 18 Mar 2009 15:01:11 +0000

Renus 2008 is a new/updated rogue. We have updated our definitions to detect and remove all traces of this rogue. Being distributed through the spam and adult/keygen sites.

Renus 2008 Application

Click here to download SUPERAntiSpyware to Remove Renus 2008

New Rogue : AntiSpyware Pro 2009

admin — Fri, 06 Mar 2009 23:51:34 +0000

AntiSpyware Pro 2009 is a new/updated rogue. We have updated our definitions to detect and remove all traces of this rogue. Being distributed through the spam and adult/keygen sites.

AntiSpyware Pro 2009 Application

Folders Created by AntiSpyware Pro 2009
%PROGRAMFILES%\AntiSpyware Pro
%CSIDL_APPDATA%\AntiSpyware Pro

Registry Items Created by AntiSpyware Pro 2009
HKCR\CLSID\{66B643BE-5E94-4569-B93E-CE2636848AC8}
HKCR\CLSID\{6D1CD63B-2FD7-48AA-ADA9-C847829A22AD}
HKCR\CLSID\{BFD7B5CD-F8CB-4E26-A406-CC5B655F4815}
HKCR\TypeLib\{7FA7E4D2-5EA2-4B67-8A04-661663F3DBE9}
HKCR\Interface\{DBFB5DCA-362F-4B62-AF35-476F95927C84}
HKCR\Interface\{EC4C2EAC-A823-42D4-9675-3D286A281BF5}
HKCU\Software\AntiSpyware Pro
HKLM\Software\AntiSpyware Pro
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyware Pro

Click here to download SUPERAntiSpyware to Remove AntiSpyware Pro 2009

New Rogue : Malware Doctor/MalwareDoc

admin — Wed, 25 Feb 2009 21:26:09 +0000

Malware Doctor/MalwareDoc is a new/updated rogue. We have updated our definitions to detect and remove all traces of this rogue. Being distributed through the spam and adult/keygen sites.

Malware Doctor Application

Click here to download SUPERAntiSpyware to Remove Malware Doctor

New Rogue : TotalVirusProtection

admin — Wed, 25 Feb 2009 21:24:46 +0000

TotalVirusProtection is a new/updated rogue. We have updated our definitions to detect and remove all traces of this rogue. Being distributed through the spam and adult/keygen sites.

TotalVirusProtection Application

Click here to download SUPERAntiSpyware to Remove TotalVirusProtection

New Rogue : Anti-Virus-1

admin — Thu, 19 Feb 2009 18:06:30 +0000

Anti-Virus-1 is a new/updated rogue. We have updated our definitions to detect and remove all traces of this rogue. Being distributed through the spam and adult/keygen sites.

Anti-Virus-1 Application

Registry BHO Guid
{70FEAD04-A7FD-4B89-B814-8A8251C90EF7}
InprocServer32#C:\Documents and Settings\All Users\Application Data\AV1\QWProtect.dll
ProgID#QWProtect.QWProtectBHO.1
TypeLib#{512E801E-2F02-4ADE-ACAA-58F08A22B2F8}
VersionIndependentProgID#QWProtect.QWProtectBHO
HKCR\TypeLib\{512E801E-2F02-4ADE-ACAA-58F08A22B2F8}
HKCR\Interface\{051C9A06-FB08-486F-B09B-8B33B261637D}
HKCR\AppId\QWProtect.DLL
HKCR\AppId\{29256442-2C14-48CA-B756-3EE0F8BDC774}

Click here to download SUPERAntiSpyware to Remove Anti-Virus-1

Happy Valentines Day……

admin — Fri, 13 Feb 2009 20:13:25 +0000

Not if you click a link in one of the many spam e-mails everyone will receive on this holiday! Our spam traps are receiving tens of thousands of e-mails with links to malicious sites in them and we of course are processing these on a priority basis to protect our user base.

Just a note to BE CAREFUL - and DO NOT click those links!

New Rogue : IE-Security

admin — Tue, 27 Jan 2009 19:23:04 +0000

IE-Security is a new/updated rogue. We have updated our definitions to detect and remove all traces of this rogue. Being distributed through the spam and adult/keygen sites.

IE-Security Application

Click here to download SUPERAntiSpyware to Remove IE-Security