The Emsi Software malware research team has discoverd a new outbreak of the TrustSoldier adware. a-squared Anti-Malware detects this malware as Adware.Win32.TrustSoldier.

TrustSoldier is a rogue scanner program, it will act like antivirus program. It show misleading scan results, and fake security alerts to convince the user that their computer infected with malware. The author of TrustSoldier also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier,  SoftCop, TrustFighter, SafeFighter, SecureVeteran, etc. To more convince users, TrustSoldier will also create numerous files on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

This application try to contacts trustsoldier.com, to download the latest update of this rogue.

Create new files:

• %ProgramFiles%\TrustSoldier Software\TrustSoldier\TrustSoldier.exe
• %ProgramFiles%\TrustSoldier Software\TrustSoldier\uninstall.exe
• %AllUsersProfile%\Desktop\TrustSoldier.lnk
• %AllUsersProfile%\Start Menu\Programs\TrustSoldier\1 TrustSoldier.lnk
• %AllUsersProfile%\Start Menu\Programs\TrustSoldier\2 Homepage.lnk
• %AllUsersProfile%\Start Menu\Programs\TrustSoldier\3 Uninstall.lnk
• %Cookies%\username@trustsoldier[2].txt

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\TrustSoldier
• HKEY_LOCAL_MACHINE\software\TrustSoldier
• HKEY_CURRENT_USER\software\TrustSoldier
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run|TrustSoldier

Malware screenshots:

How to remove the infection of Adware.Win32.TrustSoldier?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: Rogue, TrustSoldier

This entry was posted on Wednesday, October 14th, 2009 at 04:00 and is filed under Malware Alerts, Removal Help. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.