Viruses and spyware removal

Panda’s Top Ten Spyware of 2006

2007-08-01T01:29:00.000-07:00

A list of spyware most frequently detected by Panda Active Scan has been recently published by PandaLabs. The 1^st place has been “awarded” to Gator adware, which offers to use their program for free if users agree to view their pop-ups. Additionally, Gator may replace banners on visited websites with its own advertisements.

Wupd and Ncase took the second and third places respectively. Both are adware parasites that use the same strategy as Gator – offering to use their programs for free if users agree to view their displayed ads. However, Wupd and Ncase also gather private user data to display personalized pop-ups and banners. Moreover, these threats mess up users’ search options and hijack their homepages, replacing them with their own.

CWS “wins” the fourth place. It is another adware application, and infiltrates systems without their victims’ knowledge and/or consent. The fact that CWS uses intricate methods of escaping detection by anti-spyware tools adds to the danger factor of this parasite.

The fifth place belongs to Emediacodec, which is very similar to CWS in its functions.

The multi-purpose adware Lop took the sixth place in the Panda’s Top 10, with its numerous capabilities to avoid detection. It generates pop-ups and hijacks search results.

WinAntiVirus, a rogue anti-spyware parasite, enjoys the seventh place on the list. IT infiltrates computers by using middleware Downloader.LHW and web browser security loopholes.

CWS.Searchpmeup ranks as the eight placeholder in the Top 10. It is a browser hijacker that replaces the Internet Explorer homepage and changes users’ search results with its sponsor’s.

Winfixer2005 made it to the ninth place, being the second rogue anti-spyware parasite to reach Panda’s top spyware list. It displays fake security notifications and tries to scare users into buying its full version.

The last but not least in the list is New.net, a spyware parasite that installs a toolbar to IE web browser and gathers users’ private information to later send it to third party servers for advertising purposes.

The main factor exposed by this Top 10 shows the dominance of adware in the broader malware category. Moreover, past researches indicate the growth of the role of adware in typical system infection cases.

The appearance of rogue anti-spyware in the Top 10 also shows the increase of this type of malware activity. WinAntivirus2006 and Winfixer2005 are perfect examples of such threats, and the frequency of their detection indicates that rogue anti-spyware is a growing force in the world of malware.

If you want to find out if your PC has been infected by any of the above listed parasites, you are welcome to use the free ActiveScan version.

Top 10 Spyware by Panda

1. Adware/Gator

2. Adware/WUpd

3. Adware/nCase

4. Adware/CWS

5. adware/emediacodec

6. Adware/Lop

7. Application/Winantivirus2006

8. Adware/CWS.Searchmeup

9. Application/Winfixer2005

10. Spyware/New.net

Three biggest Internet threats of 2007

2007-06-18T05:16:00.000-07:00

Recently I have found an article with three biggest threats on Internet in 2007. To sum it up, these are as follow:

Internet Explorer
That's the most popular online browsers and that's why most of the worlds hackers attack it. If you use IE, be careful with ActiveX, as it is the main problem today ;)

Phishing and Identity Theft
OK. These are all of the Paypal, E-bay, Amazon and similar messages we get daily. "We regret to inform you that we had to lock your PayPal access because we have reasons to believe that your account may have been compromised by outside parties. In order to protect your sensitive information , we temporally suspended your account."
Never ever trust such a bullshit..

Malware
Think before clicking some suspicious links. Keep your anti virus up-to date and use firewall.

Worst spyware ever: THE SPYLOCKER

2007-06-12T06:00:00.000-07:00

This is a rogue anti-spyware. And rogue anti-spyware means, that once installed this program finds tens or hundreds of various viruses and trojans on your pc, which aren't there actually. Yea, it's quite a good idea to tell user that his pc is infected and he should buy spylocker to remove all this malicious stuff.. However, it is useless.. But that's not all you, as you not only pay money for it, but send your personal info to them and they sell it to third parties, that's why your Internet browser will start popping-up various advertisements when you are online..
NEVER DOWNLOAD AND USE SPYLOCKER!
That's right.. and if you have already done this, it's time to remove it. First of all close these processes:

SpyLocker.exe
avD.exe
isamntr.exe
pmmnt.exe
pmsnrr.exe
codecaddon1169[1].exe

Then remove Spylocker by deleting these .dll files on your pc:

xkrdk.dll
onwtj.dll
fyxkaah.dll
higehsg.dll
geplxss.dll
tvomnc.dll
tahxqcj.dll
qvjpt.dll
oyopu.dll
yronl.dll
isadd.dll

As well as these:

spylocker.exe
xkrdk.dll
onwtj.dll
fyxkaah.dll
higehsg.dll
geplxss.dll
tvomnc.dll
tahxqcj.dll
qvjpt.dll
oyopu.dll
yronl.dll
isadd.dll
pmsnrr.exe
pmmnt.exe
isamntr.exe
avD.exe
codecaddon1169[1].exe
SpywareLocked 3.3.lnk
Spy-Locked.exe

Virus: W32/Alman.B

2007-06-11T01:20:00.000-07:00

It's another quite a dangerous virus that affects all the executable files on the system. It's a network virus/worm with rootkit features. Alman.B requires some specific disinfection instructions. These are as follows:

Completely disconnect from the network
Set real time scanner to "Disinfect automatically"
Perform a full computer scan
Disinfect all infected files
Remove or quarantine the files that cannot be disinfected
Restart computer after disinfection
Run computer full scan once again, just to make sure no damn viruses are left
Connect to the network only when you feel sure about your computer
Make sure all network shares have strong passwords

Hope this helps!

W32/Poebot-LQ

2007-06-05T00:35:00.000-07:00

It's a damn new virus that appeared on the Internet today. Be careful with your network as it spreads via it. It's not very dangerous and will hardly do something really bad for you. Saying really bad, I mean that it will not burn your hard drive, neither will reach all your address book contacts. It is only one more spyware that steals some information and exploits system or software vulnerabilities. It installs itself somewhere in the registry, so if you want to you may remove it manually.
God Bless you my dearest people! :)