The Emsi Software malware research team has discoverd a new outbreak of the SoftVeteran adware. a-squared Anti-Malware detects this malware as Adware.Win32.SoftVeteran.

SoftVeteran is a rogue scanner program, it show fake security center, show misleading scan results and fake security alerts. The author of SoftVeteran also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftSoldier,  SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc, so it has same user interface, same characteristics, just different name. To more convince users, SoftVeteran will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

• %ProgramFiles%\SoftVeteran Software\SoftVeteran\SoftVeteran.exe
• %ProgramFiles%\SoftVeteran Software\SoftVeteran\uninstall.exe
• %SystemRoot%\system32\76630_7066807_softveteran.exe
• %AllUsersProfile%\Desktop\SoftVeteran.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftVeteran\1 SoftVeteran.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftVeteran\2 Homepage.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftVeteran\3 Uninstall.lnk
• %UserProfile%\Cookies\user@softveteran[2].txt
• %UserProfile%\Local Settings\Temp\nsy11.tmp\nsProcess.dll

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SoftVeteran
• HKEY_LOCAL_MACHINE\software\SoftVeteran
• HKEY_CURRENT_USER\software\SoftVeteran
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SoftVeteran”

Malware screenshots:

How to remove the infection of Adware.Win32.SoftVeteran?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the SoftSoldier adware. a-squared Anti-Malware detects this malware as Adware.Win32.SoftSoldier.

SoftSoldier is a rogue scanner program, it show fake security center, show misleading scan results and fake security alerts. The author of SoftSoldier also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc, so it has same user interface, same characteristics, just different name. To more convince users, SoftSoldier will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

• %ProgramFiles%\SoftSoldier Software\SoftSoldier\uninstall.exe
• %ProgramFiles%\SoftSoldier Software\SoftSoldier\SoftSoldier.exe
• %AllUsersProfile%\Desktop\SoftSoldier.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftSoldier\2 Homepage.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftSoldier\3 Uninstall.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftSoldier\1 SoftSoldier.lnk
• %UserProfile%\Local Settings\Temp\mnn8.tmp.exe
• %UserProfile%\Local Settings\Temp\00006617
• %UserProfile%\Local Settings\Temp\nszB.tmp\nsProcess.dll
• %SystemRoot%\system32\mnn8.tmp.exe

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\SoftSoldier
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SoftSoldier
• HKEY_CURRENT_USER\software\SoftSoldier
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “mnn8.tmp.exe”
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SoftSoldier”

Malware screenshots:

This downloader try to contacts softsoldier.com, to download the latest update of this rogue:

SoftSoldier will look like these:

How to remove the infection of Adware.Win32.SoftSoldier?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the Alpha Antivirus adware. a-squared Anti-Malware detects this malware as Adware.Win32.AlphaAntivirus.

Alpha Antivirus is a rogue scanner program. It show fake security center, show misleading scan results, and fake security alerts. The author of Alpha Antivirus is still the same as that made Cyber Security (Adware.Win32.CyberSecurity), so it has same user interface, same characteristics, same protection, just different name. To more convince users, Alpha Antivirus will also create numerous files on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it. And also, Alpha Antivirus will install a new BHO (Browser Helper Objects) on victim machine.

Create new files:

• %ProgramFiles%\AlphaAV\alpha.exe
• %ProgramFiles%\Common Files\AlphaAVUninstall\Uninstall.lnk
• %SystemRoot%\System32\IEaddonscontrol.dll
• %AllUsersProfile%\Start Menu\AlphaAV\Help.lnk
• %AllUsersProfile%\Start Menu\AlphaAV\Registration.lnk
• %AllUsersProfile%\Start Menu\AlphaAV\Security Center.lnk
• %AllUsersProfile%\Start Menu\AlphaAV\Settings.lnk
• %AllUsersProfile%\Start Menu\AlphaAV\Update.lnk
• %AllUsersProfile%\Start Menu\AlphaAV\Alpha Antivirus.lnk
• %AllUsersProfile%\Start Menu\AlphaAV\Computer Scan.lnk
• %UserProfile%\Desktop\Alpha Antivirus.lnk

Create new registry entries:

• HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, “AlphaAV”

Malware screenshots:

How to remove the infection of Adware.Win32.AlphaAntivirus?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the SoftCop adware. a-squared Anti-Malware detects this malware as Adware.Win32.SoftCop.

SoftCop is a rogue scanner program, it show fake security center, show misleading scan results and fake security alerts, to convince the user that their computer infected with malware. The author of SoftCop also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier,  TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To more convince users, SoftCop will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

The fake security center:

The file name is not constant, so can be different, and it also use fake version information. The file located at:

• %SystemRoot%\System32\

It also add the following registry entry, so it can run automatically whenever Windows starts:

• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “setup.exe”.

The fake security center will shows like these:

This downloader try to contacts soft-cop.com, to download the latest update of this rogue:

SoftCop will look like these:

Create new files:

• %AllUsersProfile%\Desktop\SoftCop.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftCop\1 SoftCop.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftCop\2 Homepage.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftCop\3 Uninstall.lnk
• %UserProfile%\Local Settings\Temp\nsz24.tmp\nsProcess.dll
• %ProgramFiles%\SoftCop Software\SoftCop\SoftCop.exe
• %ProgramFiles%\SoftCop Software\SoftCop\uninstall.exe

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\SoftCop
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SoftCop
• HKEY_CURRENT_USER\software\SoftCop
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SoftCop”

How to remove the infection of Adware.Win32.SoftCop?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the Cyber Security adware. a-squared Anti-Malware detects this malware as Adware.Win32.CyberSecurity.

Cyber Security is an new rogue scanner program. It show misleading scan results, and fake security alerts to convince the user that their computer infected with malware. The author of Cyber Security is still the same as that made TotalSecurity (Adware.Win32.TotalSecurity). To more convince users, Cyber Security will also create numerous files on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it. And also, Cyber Security will install new BHO (Browser Helper Objects) on victim machine.

This rogue scanner has the ability to avoid Virtual Machine, of course the goal is to make analysis more difficult.

When running on a virtual environment, Cyber Security will display a fake error message like this:

After bypassing the VM protection, this application will download the main rogue application from this address:

Create new files:

• %AllUsersProfile%\Start Menu\CS\Computer Scan.lnk
• %AllUsersProfile%\Start Menu\CS\Cyber Security.lnk
• %AllUsersProfile%\Start Menu\CS\Help.lnk
• %AllUsersProfile%\Start Menu\CS\Registration.lnk
• %AllUsersProfile%\Start Menu\CS\Security Center.lnk
• %AllUsersProfile%\Start Menu\CS\Settings.lnk
• %AllUsersProfile%\Start Menu\CS\Update.lnk
• %AppData%\Microsoft\Internet Explorer\Quick Launch\CS.lnk
• %UserProfile%\Desktop\Cyber Security.lnk
• %ProgramFiles%\Common Files\CSUninstall
• %ProgramFiles%\Common Files\CSUninstall\Uninstall.lnk
• %ProgramFiles%\CS\cs.exe
• %SystemRoot%\system32\iehelpmod.dll

Create new registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\CS
• HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, CS

Malware screenshots:

How to remove the infection of Adware.Win32.CyberSecurity?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.