Threat Update : FakeAlert/SmitFraud/ZLob and VirusTrigger

FakeAlert/SmitFraud/ZLob Registry Items
{854B8525-C907-4258-BC2E-7B118037419C}
{DFB3C1DC-1212-4235-88FD-98539540F423}

Virus Trigger Registry Item
{3A267370-076E-4AF4-B986-77626B8E89DF}

Associated File Item(s)
C:WINDOWSSYSTEM32UMHZWL.DLL (name varies)
C:WINDOWSSYSTEM32EEBJP.DLL (name varies)
C:PROGRAM FILESAVIRTRSOFTWAREAVIRTRWARNING.DLL

MD5 Hash
A0C02530EC6C7701C9872D0E1EAC8495
EF418C2FA21F6A795B8F1FD6721874FB
F5AD9FF34E66CC133053729DD88F75FB

Click here to download SUPERAntiSpyware and remove these threats

New Rogue : SpywareRemover2009

SpywareRemover2009 is yet another rogue – we have updated our definitions to detect and remove all traces of this rogue. Being distributed through the spam and adult/keygen sites.

SpywareRemover2009 Application
Rogue - SpywareRemover2009 Main Screen

Associated File Items
%PROGRAMFILES%SpywareRemover2009
%PROGRAMFILES%SpywareRemover2009cn.exe [MD5:8CD76F9EA4E7A8E8BD95D8F4E7568BF6]
%PROGRAMFILES%SpywareRemover2009cn.xml [MD5:CD781F6EDAEE7362C303B801A15FA76C]
%PROGRAMFILES%SpywareRemover2009database
%PROGRAMFILES%SpywareRemover2009databaseAutoProcess.dat [MD5:7DEA362B3FAC8E00956A4952A3D4F474]
%PROGRAMFILES%SpywareRemover2009databaseenemies.dat [MD5:1F668F488E9034D6B3D0F59D742BB283]
%PROGRAMFILES%SpywareRemover2009databasemonstate.dat [MD5:1E53F880D256AE64575D6E2ABF035C32]
%PROGRAMFILES%SpywareRemover2009databasequarantine.dat
%PROGRAMFILES%SpywareRemover2009databasequarantine.dat#post_quarantine
%PROGRAMFILES%SpywareRemover2009databaseSummary.dat
%PROGRAMFILES%SpywareRemover2009databasevbpv.dat [MD5:0369EEF45ECC69BDD9BDC5DE4FBA5F22]
%PROGRAMFILES%SpywareRemover2009InstUp.exe [MD5:5D6C54F0E2414E2EA5B8FD43C6C25AFF]
%PROGRAMFILES%SpywareRemover2009license.rtf [MD5:143188FDE601860E34E51A5998240523]
%PROGRAMFILES%SpywareRemover2009mfc80.dll [MD5:1B7524806D0270B81360C63A2FA047CB]
%PROGRAMFILES%SpywareRemover2009Microsoft.VC80.CRT.manifest [MD5:541423A06EFDCD4E4554C719061F82CF]
%PROGRAMFILES%SpywareRemover2009Microsoft.VC80.MFC.manifest [MD5:97B859F11538BBE20F17DFB9C0979A1C]
%PROGRAMFILES%SpywareRemover2009msvcm80.dll [MD5:CAE6861B19A2A7E5D42FEFC4DFDF5CCF]
%PROGRAMFILES%SpywareRemover2009msvcp80.dll [MD5:4C8A880EABC0B4D462CC4B2472116EA1]
%PROGRAMFILES%SpywareRemover2009msvcr80.dll [MD5:E4FECE18310E23B1D8FEE993E35E7A6F]
%PROGRAMFILES%SpywareRemover2009PaymentPage.exe [MD5:F89E95B92E9812A6F782E5FF872E8C54]
%PROGRAMFILES%SpywareRemover2009pv.dat [MD5:E60821D5D30481FC5B15A611905E7CD9]
%PROGRAMFILES%SpywareRemover2009Quarantine
%PROGRAMFILES%SpywareRemover2009quaratine.dat
%PROGRAMFILES%SpywareRemover2009readme.rtf [MD5:BABAC5871CB31E1BC076B8EBABC4BC85]
%PROGRAMFILES%SpywareRemover2009settings.ini [MD5:63A1C1F9ED8472F8C560E935B49799D8]
%PROGRAMFILES%SpywareRemover2009SR.exe [MD5:CD675DB34D3BBE6BACB1CF8A0A09F110]
%PROGRAMFILES%SpywareRemover2009SR.xml [MD5:C96D0BA4EF785932F3B62AC1FFB40D22]
%PROGRAMFILES%SpywareRemover2009unins000.dat [MD5:99E53AF36095EA493A51EB8D4C149071]
%PROGRAMFILES%SpywareRemover2009unins000.exe [MD5:21187F13B67CADF5BD798DA9036D1615]
%PROGRAMFILES%SpywareRemover2009updateapp.dat [MD5:9C02B78854878E5D3BA5318C24320947]
%PROGRAMFILES%SpywareRemover2009updatedb.dat [MD5:0E8F782C54CC96E082FEE2E2461049EF]
%PROGRAMFILES%SpywareRemover2009Updater.dll [MD5:54227C0E12394F192752B8F6E7C82B7C]
%PROGRAMFILES%SpywareRemover2009UserAgent.dll [MD5:E5DA1EDF503C7F1ABBD118D086E773E1]

Click here to download SUPERAntiSpyware to Remove SpywareRemover2009

Rogue : XPProtectionCenter

XPProtectionCenter is yet another updated rogue – we have updated our definitions to detect and remove all traces of this rogue. Being distributed through the spam and keygen sites.

XPProtectionCenter Application
Rogue - XPProtectionCenter Main Screen

Associated File Items
%PROGRAMFILES%XPProtectionCenter
%PROGRAMFILES%XPProtectionCenterAVEngn.dll [MD5:64036EF18561D9159A19C1C420E6118F]
%PROGRAMFILES%XPProtectionCenterdata
%PROGRAMFILES%XPProtectionCenterdatadaily.cvd [MD5:3ABFB6068A87262CE66A65E4E234A630]
%PROGRAMFILES%XPProtectionCenterhtmlayout.dll [MD5:C6A107A2675C865A359525AF502A6F23]
%PROGRAMFILES%XPProtectionCenterMicrosoft.VC80.CRT
%PROGRAMFILES%XPProtectionCenterMicrosoft.VC80.CRTMicrosoft.VC80.CRT.manifest [MD5:9EDF5EB3D091D4823C96A00B6B45DF45]
%PROGRAMFILES%XPProtectionCenterMicrosoft.VC80.CRTmsvcm80.dll [MD5:CDCC63E967D64ECE3729246720AF4FCC]
%PROGRAMFILES%XPProtectionCenterMicrosoft.VC80.CRTmsvcp80.dll [MD5:2BC650257FB0867ABD54FD460EC2BAFC]
%PROGRAMFILES%XPProtectionCenterMicrosoft.VC80.CRTmsvcr80.dll [MD5:16D7DDF3B659F7CF1CB9F4DCFF4219F0]
%PROGRAMFILES%XPProtectionCenterpthreadVC2.dll [MD5:0AB7D0E87F3843F8104B3670F5A9AF62]
%PROGRAMFILES%XPProtectionCenterUninstall.exe [MD5:CAB283AAB0DF5D0B102A41A5C42317D5]
%PROGRAMFILES%XPProtectionCenterwscui.cpl [MD5:EF483AAA03356A9DBB30564977EDC17B]
%PROGRAMFILES%XPProtectionCenterXPProtectionCenter.cfg [MD5:DD2E9F1ED79F6AF18689376F48FB97D4]
%PROGRAMFILES%XPProtectionCenterXPProtectionCenter.exe [MD5:158810C8C6BF05BB74C2A5A4F22F1756]

Click here to download SUPERAntiSpyware to Remove XPProtectionCenter

Threat Update : Zlob/FakeAlert

Shared Task Scheduler Registry Entry
WINDOWSCURRENTVERSIONEXPLORERSHAREDTASKSCHEDULER
{1F3DD9BF-1472-4A8B-B295-B596A597149B}
{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}

Associated File Item(s)
C:WINDOWSSYSTEM32GOWQUG.DLL
C:PROGRAM FILESWEBMEDIAVIEWERBROWSEUL.DLL

MD5 Hash
31A79517FB27D3899214FC648D590FF4
A0C71032B65587808779E6D5F1EBCF48

Click here to download SUPERAntiSpyware and remove this threat

New Rogue : VirusTrigger

VirusTrigger is yet another new/updated rogue – we have updated our definitions to detect and remove all traces of this rogue. Being distributed through the spam and keygen sites.

VirusTrigger – DO NOT INSTALL
Rogue - VirusTrigger.com

VirusTrigger Application
Rogue - Virus Main Screen

Associated File Items
%PROGRAMFILES%VirusTriggerBin
%PROGRAMFILES%VirusTriggerBinuninst.exe
%PROGRAMFILES%VirusTriggerBinVirusTriggerBin.exe
%PROGRAMFILES%VirusTriggerBinVirusTriggerBinWarning.dll

Click here to download SUPERAntiSpyware to Remove VirusTrigger

Spam : Scandal: Obama Resignation Letter

The political onslaught continues. We are seeing lots of users in our diagnostic systems infected with the payload from these threats.

Barack Obama Resignation Letter

McCain Lawyer Impeach Obama!
McCain has reached an agreement with the Obama lawyers that makes Obama resignation effective November 11.
Barack Obama can lost President’s Chair.
McCain video report 10 November:

Clicking the link to view the story yields a news looking site where you are required to install the latest “Adobe Flash Player” to watch the movie – of course this leads to the infection.

Barack Obama Resignation Letter Website

Registry Modifications
HKCRCLSID{32C620D6-CC10-4e6a-9715-BACACD5B0E61}
InprocServer32#sxmg4.dll
ProgID#MS
TypeLib#{C8691316-2034-4350-9A66-6AE2FD9EE257}
HKCRCLSID{A744F16C-B2D5-4138-81A2-085CDFCDE83A}
InProcServer32#sxmg4.dll
HKLMSYSTEMCurrentControlSetEnumRootLEGACY_CBEVTSVC
HKLMSYSTEMCurrentControlSetEnumRootLEGACY_NEW_DRV
HKLMSYSTEMCurrentControlSetEnumRootLEGACY_PSYCHE
HKLMSYSTEMCurrentControlSetEnumRootLEGACY_PSYCHEENQUEUE
HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad#WebProxy
HKLMSYSTEMCurrentControlSetServicesCbEvtSvc
HKLMSYSTEMCurrentControlSetServicesnew_drv
HKLMSYSTEMCurrentControlSetServicespsyche
HKLMSYSTEMCurrentControlSetServicesPsycheEnqueue

File System Additions
%SYSTEMROOT%system32adult.txt [MD5:204481C0F1DF8BFB088549A9853E9A2C]
%SYSTEMROOT%system32CbEvtSvc.exe [MD5:BC86CD17838D88329CD44115C7546B1A]
%SYSTEMROOT%system32finance.txt [MD5:72504008E24620145E6139396C3FF2DA]
%SYSTEMROOT%system32lt.res [MD5:22AFC809719809C75A7C024878857B30]
%SYSTEMROOT%system32other.txt [MD5:62F6BE80059453CC5315AFCD3050E7F2]
%SYSTEMROOT%system32pharma.txt [MD5:4919CBEBB282FA70CB5D87CD8879CE7F]
%SYSTEMROOT%system32sft.res [MD5:D56D080C00DFA0E49411559F020AD7A5]
%SYSTEMROOT%system32sxmg4.dll [MD5:D6FDC0F17947E9D78E9AEA2DBC3C9E81]

Click here to download SUPERAntiSpyware to Remove this infection.