New Targets in Detection – December 2007

JohnthePilot · 01-04-2008, 03:19 PM

New Targets in Detection – December 2007
This list was provided by Lavasoft.

AdwarePatrol
AdwarePatrol is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

AdwarePro
AdwarePro is rogue anti-spyware. It exploits the name “Ad-Aware.” AdwarePro also displays false positives with the aim to trick the user into buying the commercial version.

AdwareRemover
AdwareRemover is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

AdwareRemover2007
AdwareRemover2007 is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

AntiSpyPro
AntiSpyPro is rogue anti-spyware and a clone of IEDefender; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

AntivirusProtection
AntivirusProtection is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

Cleanator
Cleanator is rogue anti-errorware that tricks the user into buying the commercial version. Cleanator’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

DeusCleaner
DeusCleaner is rogue anti-spyware that tricks the user into buying the commercial version. DeusCleaner’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

DoctorAdware
DoctorAdware is rogue anti-spyware and a clone of DoctorAdwarePro; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

DoctorAdwarePro
DoctorAdwarePro is rogue anti-spyware that tricks the user into buying the commercial version. DoctorAdwarePro’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by Trojans that scare / trick the user into clicking yes.

DrProtection
DrProtection is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

ErrorDigger
ErrorDigger is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

ErrorInspector
ErrorInspector is rogue anti-errorware that tricks the user into buying the commercial version. ErrorInspector's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

ETDSecurityScanner
ETDSecurityScanner is rogue anti-spyware that tricks the user into buying the commercial version. ETDSecurityScanner's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

GuardCenter
GuardCenter is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

LiveAntispy
LiveAntispy is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

MacroVirus
MacroVirus is rogue anti-spyware. It detects files based on name and location, potentially generating many false positives. SpywareBot's GUI is a clone of SpywareBot.

MalwareDestructor
MalwareDestructor is a rogue anti-spyware application; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

OnlineGuard
OnlineGuard is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

Pestbot
PestBot is rogue anti-spyware and a clone of SpywareXP; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

RegistryCleanerXP
RegistryCleanerXP may be a rogue registry cleaner/ FraudTool application that can display exaggerated registry error warnings in the form of pop-ups. The pop-ups may look similar to Windows notifications, tricking the user into believing that the warnings are real and originate from Windows.

SmartAntiSpyware
SmartAntiSpyware is rogue anti-spyware that tricks the user into buying the commercial version. SmartAntiSpyware's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes.

VirusProtect
VirusProtect is rogue anti-spyware and a clone of SpyDawn; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

VsSpy
VsSpy is rogue anti-spyware and a clone of RaptorDefence; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats.

Win32.Backdoor. KolMat
Win32.Backdoor.KolMat opens a backdoor that may allow a remote user to take control of the infected system.

Win32.Backdoor. Small
Win32.Backdoor.Small installs a backdoor service on the infected computer allowing the attacker to gain control of the compromised system.

Win32.Trojan. AdClicker
Win32.Trojan.AdClicker is a Trojan that will visit certain web pages in the background to simulate users clicking on ads.

Win32.Trojan. Inject
Win32.Trojan.Inject is malware that injects itself into legitimate processes. It may run behind processes as svchost.exe, iexplorer.exe and rundll32.exe. While running protected by another process, it may contact remote domains to download more malware. Its purpose is to hide itself from the visible processes and infect the user’s system.

Win32.Trojan. Pushdo
Win32.Trojan.Pushdo is a Trojan that is often installed through downloaders. It is known to come with rootkit components that are used to hide its presence.

Win32.Trojan. Searches
Win32.Trojan.Searches copies itself to the root and runs continuously as a process in stealth, giving no clue of its functionality to the user.

Win32.Trojan. Shutdowner
Win32.Trojan.Shutdowner will attempt to shutdown the infected machine without the user’s permission.

Win32.TrojanDropper. Frijoiner
Win32.TrojanDropper.Frijoiner will drop additional files on the infected system. These files are often other Trojans or downloaders.

Win32.TrojanSpy. Broker
Win32.TrojanSpy.Broker will try to monitor and steal log-in information on the infected machine. It is also known to install a rootkit to help hide its presence.

Win32.TrojanSpy. Graball
Win32.TrojanSpy.Graball will try to monitor and steal log-in information on the infected machine.

Win32.TrojanSpy. Pophot
Win32.TrojanSpy.Pophot will try to monitor and steal login information on the infected machine. It will also try to open Chinese web pages.

Win32.Virus.Kies
Win32.Virus.Kies is a virus that infects selected executable files. If infected by Win32.Virus.Kies, you will need to run an anti-virus program to clear it.

Win32.Virus.Trats
Win32.Virus.Trats is a virus that infects selected executable files. If infected by Win32.Virus.Trats, you will need to run an anti-virus program to clear it.

WinZix
WinZix is a compression program that makes the user aware of the fact that it will show advertisements from time to time. This version of WinZix includes an unwanted installation of Lop. The Lop infection causes system instability, hijacks Internet Explorer, and guards processes to prevent the user from killing it manually. It may cause auto-updates and operate in stealth.

01-04-2008, 03:19 PM	#1 (permalink)
JohnthePilot Asst Manager, TSF Articles Join Date: Mar 2006 Location: Cheltenham, near Wales. Posts: 27,322 OS: XP Home SP3, PCLinux, Vista Home Premium SP1 My System Blog Entries: 1	New Targets in Detection – December 2007 New Targets in Detection – December 2007 This list was provided by Lavasoft. AdwarePatrol AdwarePatrol is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. AdwarePro AdwarePro is rogue anti-spyware. It exploits the name “Ad-Aware.” AdwarePro also displays false positives with the aim to trick the user into buying the commercial version. AdwareRemover AdwareRemover is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. AdwareRemover2007 AdwareRemover2007 is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. AntiSpyPro AntiSpyPro is rogue anti-spyware and a clone of IEDefender; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. AntivirusProtection AntivirusProtection is rogue anti-spyware and a clone of AlertSpy; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. Cleanator Cleanator is rogue anti-errorware that tricks the user into buying the commercial version. Cleanator’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. DeusCleaner DeusCleaner is rogue anti-spyware that tricks the user into buying the commercial version. DeusCleaner’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. DoctorAdware DoctorAdware is rogue anti-spyware and a clone of DoctorAdwarePro; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. DoctorAdwarePro DoctorAdwarePro is rogue anti-spyware that tricks the user into buying the commercial version. DoctorAdwarePro’s distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by Trojans that scare / trick the user into clicking yes. DrProtection DrProtection is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. ErrorDigger ErrorDigger is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. ErrorInspector ErrorInspector is rogue anti-errorware that tricks the user into buying the commercial version. ErrorInspector's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. ETDSecurityScanner ETDSecurityScanner is rogue anti-spyware that tricks the user into buying the commercial version. ETDSecurityScanner's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. GuardCenter GuardCenter is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. LiveAntispy LiveAntispy is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. MacroVirus MacroVirus is rogue anti-spyware. It detects files based on name and location, potentially generating many false positives. SpywareBot's GUI is a clone of SpywareBot. MalwareDestructor MalwareDestructor is a rogue anti-spyware application; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. OnlineGuard OnlineGuard is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. Pestbot PestBot is rogue anti-spyware and a clone of SpywareXP; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. RegistryCleanerXP RegistryCleanerXP may be a rogue registry cleaner/ FraudTool application that can display exaggerated registry error warnings in the form of pop-ups. The pop-ups may look similar to Windows notifications, tricking the user into believing that the warnings are real and originate from Windows. SmartAntiSpyware SmartAntiSpyware is rogue anti-spyware that tricks the user into buying the commercial version. SmartAntiSpyware's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans that scare / trick the user into clicking yes. VirusProtect VirusProtect is rogue anti-spyware and a clone of SpyDawn; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. VsSpy VsSpy is rogue anti-spyware and a clone of RaptorDefence; it may give exaggerated threat reports on the compromised computer, and then ask the user to purchase a registered version to remove those reported threats. Win32.Backdoor. KolMat Win32.Backdoor.KolMat opens a backdoor that may allow a remote user to take control of the infected system. Win32.Backdoor. Small Win32.Backdoor.Small installs a backdoor service on the infected computer allowing the attacker to gain control of the compromised system. Win32.Trojan. AdClicker Win32.Trojan.AdClicker is a Trojan that will visit certain web pages in the background to simulate users clicking on ads. Win32.Trojan. Inject Win32.Trojan.Inject is malware that injects itself into legitimate processes. It may run behind processes as svchost.exe, iexplorer.exe and rundll32.exe. While running protected by another process, it may contact remote domains to download more malware. Its purpose is to hide itself from the visible processes and infect the user’s system. Win32.Trojan. Pushdo Win32.Trojan.Pushdo is a Trojan that is often installed through downloaders. It is known to come with rootkit components that are used to hide its presence. Win32.Trojan. Searches Win32.Trojan.Searches copies itself to the root and runs continuously as a process in stealth, giving no clue of its functionality to the user. Win32.Trojan. Shutdowner Win32.Trojan.Shutdowner will attempt to shutdown the infected machine without the user’s permission. Win32.TrojanDropper. Frijoiner Win32.TrojanDropper.Frijoiner will drop additional files on the infected system. These files are often other Trojans or downloaders. Win32.TrojanSpy. Broker Win32.TrojanSpy.Broker will try to monitor and steal log-in information on the infected machine. It is also known to install a rootkit to help hide its presence. Win32.TrojanSpy. Graball Win32.TrojanSpy.Graball will try to monitor and steal log-in information on the infected machine. Win32.TrojanSpy. Pophot Win32.TrojanSpy.Pophot will try to monitor and steal login information on the infected machine. It will also try to open Chinese web pages. Win32.Virus.Kies Win32.Virus.Kies is a virus that infects selected executable files. If infected by Win32.Virus.Kies, you will need to run an anti-virus program to clear it. Win32.Virus.Trats Win32.Virus.Trats is a virus that infects selected executable files. If infected by Win32.Virus.Trats, you will need to run an anti-virus program to clear it. WinZix WinZix is a compression program that makes the user aware of the fact that it will show advertisements from time to time. This version of WinZix includes an unwanted installation of Lop. The Lop infection causes system instability, hijacks Internet Explorer, and guards processes to prevent the user from killing it manually. It may cause auto-updates and operate in stealth. __________________ Submit New Articles Here If you feel that TSF has helped you please make a donationand help to keep the forum free Cenedl heb iaith, cenedl heb galon Folding@Home - Team 85015