MALWARE INFECTION THROUGH FALSE WINDOWS SECURITY CENTER
The Windows Security Center or Action Center is a component included with Microsoft's Windows XP (beginning with Service Pack 2), Windows Vista and Windows 7 operating systems that provides users with the ability to view the status of computer security settings and services. Windows Security Center also continually monitors these security settings, and informs the user via a pop-up notification balloon if there is a problem. It is renamed to Action Center in Windows 7, where it covers maintenance as well as security
But here it used to show the false scan alerts& It is spreading
Winwebsec family Trojans
When the user first accesses a malicious page, It is generating fake virus alert
And it asking to install the rogue system security 2009
After Infected
More on Install.exe http://www.virustotal.com/analisis/cb066f00f4dccdd3f24f5f888843aee5
WHOIS INFORMATION:
Domain name: itsecurityscan.com
Name servers:
ns1.itsecurityscan.com
ns2.itsecurityscan.com
Registrar: Regtime Ltd.
Creation date: 2009-03-25
Expiration date: 2010-03-25
Registrant:
Jayme Millwood
Email: millwoodjaymemichael@gmail.com
Organization: Private person
Address: 1892 C Street
City: Pawtucket
State: MA
ZIP: 02860
Country: US
Phone: +1.5083997660
***** Thanks to Kalyan for his analysis *****
Tuesday, March 31, 2009
Subscribe to:
Post Comments (Atom)
2 comments:
We have encountered what we believe is a false security programme called Personal Security which has a logo of a blue shield with a diagonal white stripe. It gives security alerts saying we are heavily infected with spyware and agressively pushes us to buy a licence. The "real" antivus software was changed recently by a computer expert friend who took off AVG and installed a free Windows version called Microsoft Security Essentials. I have run a full scan of this but the problem persists. Can you help us to remove the problem ? philippe@llantellen.com
Yes based on the description you gave, it sounds like the rogueware that we came across recently. We need more details on the processes it is running, the files it is creating, any registry entries, etc. If you did not know how to get these, send us a snapshot of the tool. In one of our friends cases, he got the same rogueware when he unistalled Norton 2009. Send us a snapshot or other details and we can send you the steps to remove them.
Post a Comment