The Emsi Software malware research team has discoverd a new outbreak of the SpyEraser adware. a-squared Anti-Malware detects this malware as Adware.Win32.SpyEraser.

SpyEraser is a rogue scanner program. This fake scanner application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application.

SpyEraser sites:

• hxxp://www. spyeraser-security.com
• hxxp://www. spyeraser-trial.com

Create new files and directories:

• %ProgramFiles%\SpyEraser\data.dll
• %ProgramFiles%\SpyEraser\SpyEraser.exe
• %ProgramFiles%\SpyEraser\Uninstall.exe
• %AllUsersProfile%\Desktop\SpyEraser.lnk
• %AllUsersProfile%\Start Menu\Programs\SpyEraser\SpyEraser\Launch SpyEraser.exe.lnk
• %AllUsersProfile%\Start Menu\Programs\SpyEraser\SpyEraser\SpyEraser Uninstall.exe.lnk
• %UserProfile%\Local Settings\Application Data\Downloaded Installations\{E5FF35CB-AAE1-4CD6-BFDE-D0BCE9CCBA4C}\SpyEraser.msi
• %SystemRoot%\Installer\{6A2724E2-5E36-4F2E-9B3D-4A716774B3F9}\SpyEraser.exe1_5D3FA81F1A6D4924AD5250A57005F147.exe

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\Classes\Installer\Features\2E4272A663E5E2F4B9D3A41776473B9F
• HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F
• HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F\SourceList
• HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F\SourceList\Media
• HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F\SourceList\Net
• HKEY_LOCAL_MACHINE\software\Classes\Installer\UpgradeCodes\21B289D0EDBF1BD48A4C39C60AF74DE9
• HKEY_LOCAL_MACHINE\software\microsoft\SpyEraser
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\21B289D0EDBF1BD48A4C39C60AF74DE9
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA061871792C67E4997020ED0AF0253E
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EBAB827A17F9D9B40B5A18854589281C
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Features
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\InstallProperties
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Patches
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Usage
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{6A2724E2-5E36-4F2E-9B3D-4A716774B3F9}

Screenshots:

How to remove the infection of SpyEraser (Adware.Win32.SpyEraser)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the GreatDefender adware. a-squared Anti-Malware detects this malware as Adware.Win32.GreatDefender.

GreatDefender, come from hxxp://www.greatdefender.com, is a rogue scanner program, it shows a fake security center window, shows misleading scan results and fake security alerts. The author of GreatDefender also made APCProtect, ProtectPcs, SysDefence, TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftSoldier,  SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc. To further convince victims, GreatDefender will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files and directories:

• %ProgramFiles%\GreatDefender Software\GreatDefender\GreatDefender.exe
• %ProgramFiles%\GreatDefender Software\GreatDefender\main_config.xml
• %ProgramFiles%\GreatDefender Software\GreatDefender\uninstall.exe
• %AllUsersProfiles%\Desktop\GreatDefender.lnk
• %AllUsersProfiles%\Start Menu\Programs\GreatDefender\2 Homepage.lnk
• %AllUsersProfiles%\Start Menu\Programs\GreatDefender\3 Uninstall.lnk
• %AllUsersProfiles%\Start Menu\Programs\GreatDefender\1 GreatDefender.lnk
• %UserProfile%\Cookies\userdemo@greatdefender[1].txt

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\GreatDefender
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\GreatDefender
• HKEY_CURRENT_USER\software\GreatDefender
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “GreatDefender”
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “GreatDefender”

Screenshots:

How to remove the infection of GreatDefender (Adware.Win32.GreatDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the Antivirus PC 2009 adware. a-squared Anti-Malware detects this malware as Adware.Win32.AntivirusPC2009.

Antivirus PC 2009 is a rogue scanner program. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Create new files and directories:

• %ProgramFiles%\Antivirus PC 2009\2.vbs
• %ProgramFiles%\Antivirus PC 2009\avpc2009.exe
• %ProgramFiles%\Antivirus PC 2009\avpc2009s.exe
• %ProgramFiles%\Antivirus PC 2009\bzip2.dll
• %ProgramFiles%\Antivirus PC 2009\libltdl3.dll
• %ProgramFiles%\Antivirus PC 2009\pthreadVC2.dll
• %ProgramFiles%\Antivirus PC 2009\Uninstaller.exe
• %ProgramFiles%\Antivirus PC 2009\data\daily.cvd
• %ProgramFiles%\Antivirus PC 2009\data\self.hdb
• %ProgramFiles%\Antivirus PC 2009\data\
• %ProgramFiles%\Antivirus PC 2009\quarantine\
• %UserProfile%\Desktop\Antivirus PC 2009.lnk
• %UserProfile%\Start Menu\Programs\Antivirus PC 2009.lnk

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Antivirus PC 2009
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Antivirus PC 2009″
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Antivirus PC 2009″

Screenshots:

How to remove the infection of Antivirus PC 2009 (Adware.Win32.AntivirusPC2009)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the Antispyware Shield Pro adware. a-squared Anti-Malware detects this malware as Adware.Win32.AntispywareShieldPro.

Antispyware Shield Pro is a rogue scanner program. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

When installing, it try to make HTTP GET to the following url:

• hxxp://scanner.entiresafescripts.net/installation/

The entiresafescripts.net itself will look like this:

Then you will be redirected to the fake scanner:

When running the application, you can see “Official web site” button on the top of the form, and if you click this button, it take you to hxxp://systemcleanerspro.net, and this site will offer you another rogue application, called “SystemCleanerPro“, a-squared Anti-Malware know this as Adware.Win32.SystemCleanerPro.

Create new files and directories:

• %ProgramFiles%\Antispyware Shield Pro\License.rtf
• %ProgramFiles%\Antispyware Shield Pro\uninst.exe
• %ProgramFiles%\Antispyware Shield Pro\antispyshield.exe
• %UserProfile%\Desktop\Antispyware Shield Pro.lnk
• %UserProfile%\Start Menu\Programs\Antispyware Shield Pro\Antispyware Shield Pro.lnk
• %UserProfile%\Start Menu\Programs\Antispyware Shield Pro\Uninstall.lnk

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\App Paths\antispyshield.exe
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Antispyware Shield Pro
• HKEY_CURRENT_USER\software\Entire Safe Scripts Ltd
• HKEY_CURRENT_USER\software\Entire Safe Scripts Ltd\Antispyware Shield Pro

Screenshots:

How to remove the infection of Antispyware Shield Pro (Adware.Win32.AntispywareShieldPro)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the SystemCleanerPro adware. a-squared Anti-Malware detects this malware as Adware.Win32.SystemCleanerPro.

SystemCleanerPro is a rogue scanner program. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Create new files and directories:

• %ProgramFiles%\SystemCleanerPRO\sysclpro.exe
• %ProgramFiles%\SystemCleanerPRO\unins000.dat
• %ProgramFiles%\SystemCleanerPRO\unins000.exe
• %ProgramFiles%\SystemCleanerPRO\killtask.bat
• %AllUsersProfile%\Start Menu\Programs\SystemCleanerPRO\Uninstall SystemCleanerPRO.lnk
• %AllUsersProfile%\Start Menu\Programs\SystemCleanerPRO\SystemCleanerPRO.lnk
• %AllUsersProfile%\Application Data\AuxCo\
• %AllUsersProfile%\Application Data\AuxCo\SystemCleanerPRO\

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SystemCleanerPRO_is1
• HKEY_CURRENT_USER\software\AuxCo
• HKEY_CURRENT_USER\software\AuxCo\SystemCleanerPRO
• HKEY_CURRENT_USER\software\AuxCo\SystemCleanerPRO\2.2
• HKEY_CURRENT_USER\software\AuxCo\SystemCleanerPRO\2.2\config
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SystemCleanerPRO”

Screenshots:

How to remove the infection of SystemCleanerPro (Adware.Win32.SystemCleanerPro)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.