22 May 2009

System Security Rogue Anti-Spyware Still Going Strong

Although five months passed since the System Security first appeared, it's still going strong. Yesterday it installed on my malware honeypot by exploiting a security hole:

Screenshot of System Security 2009

Here's the FreeFixer log from the infected computer. If your are removing System Security, select the items marked in red:

FreeFixer v0.39 log
Operating system: Windows XP Service Pack 1
Log dated 2009-05-18 12:52

Registry Startups
HKLM\..\Run, PromoReg = C:\WINDOWS\Temp\wpv351242765100.exe
HKLM\..\Run, 17826874 = C:\Documents and Settings\All Users\Application Data\17826874\17826874.exe
HKLM\..\Run, 97836866 = C:\Documents and Settings\All Users\Application Data\97836866\97836866.exe
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

Processes (16 whitelisted)
C:\Documents and Settings\All Users\Application Data\97836866\97836866.exe

Services (34 whitelisted)
VSSlanmanserver, Volume Shadow Copy VSSlanmanserver, c:\windows\system32\advpackv.exe


No comments posted yet.

Leave a reply