The Emsi Software malware research team has discoverd a new outbreak of the PC Defender adware. a-squared Anti-Malware detects this malware as Adware.Win32.PCDefender.

PC Defender is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

This program has a funny thing. It will displays fake blue screen on the victim machine. The blue screen will look like this:

Create new files:

• %ProgramFiles%\Def Group\PC Defender\Antispyware.exe
• %ProgramFiles%\Def Group\PC Defender\hook.dll
• %ProgramFiles%\Def Group\PC Defender\proccheck.exe
• %AllUsersProfile%\Desktop\PC Defender.lnk
• %AllUsersProfile%\Start Menu\Programs\PC Defender\PC Defender.lnk

Create new registry entries:

• HKEY_CURRENT_USER\software\Def Group
• HKEY_CURRENT_USER\software\Def Group\Antispyware
• HKEY_CURRENT_USER\software\Def Group\Antispyware\Found

Modify registry entry:

• HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
  Old: Userinit = C:\WINDOWS\system32\userinit.exe,
  New: Userinit = C:\WINDOWS\system32\userinit.exe,”C:\Program Files\Def Group\PC Defender\Antispyware.exe”

Screenshots:

How to remove the infection of PC Defender (Adware.Win32.PCDefender)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the Your PC Protector adware. a-squared Anti-Malware detects this malware as Adware.Win32.YourPCProtector.

Your PC Protector is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files:

• %ProgramFiles%\nuar.old
• %ProgramFiles%\skynet.dat
• %ProgramFiles%\svchost.exe
• %ProgramFiles%\wp3.dat
• %ProgramFiles%\wp4.dat
• %ProgramFiles%\adc32.dll
• %ProgramFiles%\alggui.exe
• %ProgramFiles%\Your PC Protector\Your PC Protector.exe
• %UserProfile%\Desktop\Your PC Protector.lnk
• %UserProfile%\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}\InprocServer32
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
• HKEY_CURRENT_USER\software\Your PC Protector
• HKEY_CURRENT_USER\software\Your PC Protector\PC_protect
• HKEY_CURRENT_USER\software\Your PC Protector\PC_protect\Registration
• HKEY_CURRENT_USER\software\Your PC Protector\PC_protect\setdata

Modify registry entry:

• HKEY_LOCAL_MACHINE\software\Classes\exefile\shell\open\command\, “C:\Program Files\alggui.exe “%1″ %*”

Screenshots:

How to remove the infection of Your PC Protector (Adware.Win32.YourPCProtector)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the Desktop Security 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.DesktopSecurity2010.

Desktop Security 2010 is a rogue security program. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

Create new files (some files and registry name are random):

• %ProgramFiles%\Desktop Security 2010\
• %ProgramFiles%\Desktop Security 2010\MFC71ENU.DLL
• %ProgramFiles%\Desktop Security 2010\msvcp71.dll
• %ProgramFiles%\Desktop Security 2010\msvcr71.dll
• %ProgramFiles%\Desktop Security 2010\pthreadVC2.dll
• %ProgramFiles%\Desktop Security 2010\securitycenter.exe
• %ProgramFiles%\Desktop Security 2010\taskmgr.dll
• %ProgramFiles%\Desktop Security 2010\uninstall.exe
• %ProgramFiles%\Desktop Security 2010\daily.cvd
• %ProgramFiles%\Desktop Security 2010\Desktop Security 2010.exe
• %ProgramFiles%\Desktop Security 2010\guide.chm
• %ProgramFiles%\Desktop Security 2010\hjengine.dll
• %ProgramFiles%\Desktop Security 2010\mfc71.dll
• %SystemRoot%\system32\cbrdwlvrumw6.exe
• %UserProfile%\Local Settings\Temp\kilslmd.exex
• %UserProfile%\Local Settings\Temp\kn.a.exe
• %UserProfile%\Local Settings\Temp\gedx_ae09.exe
• %UserProfile%\Local Settings\Temp\kgn.exe

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\Desktop Security 2010
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “Desktop Security 2010″
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “SecurityCenter”
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run, “cbrdwlvrumw6″

Screenshots:

How to remove the infection of Desktop Security 2010 (Adware.Win32.DesktopSecurity2010)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the XP Micro Antivirus adware. a-squared Anti-Malware detects this malware as Adware.Win32.XPMicroAntivirus.

XP Micro Antivirus is a rogue application. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase.

We’ve found something interesting with this rogue. When we opened it using Hex Editor, we’ve found this string:

Congratulations, now you see this is just a ****ing rogue antivirus! Have a nice day!

As you can see on this picture:

If you want to see this message directly from the program, type “nocall122″ as a Registration Email and Registration Key on the registration form :)

Another screenshots:

How to remove the infection of XP Micro Antivirus (Adware.Win32.XPMicroAntivirus)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

The Emsi Software malware research team has discoverd a new outbreak of the Security Essentials 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.SecurityEssentials2010.

Security Essentials 2010 is a rogue scanner program. This is a new variant from Internet Security 2010 family. Once installed, this application will be immediately perform scan action without prior notice. This fake scanner application tries to trick you by displaying misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you buy this fraud application. Be careful with this program, because it not going to protect your computer but will only spend your money.

Create new files:

• %ProgramFiles%\Securityessentials2010\SE2010.exe
• %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk
• %UserProfile%\Desktop\Security essentials 2010.lnk
• %UserProfile%\Start Menu\Security essentials 2010.lnk

Create new registry entries:

• HKEY_CURRENT_USER\software\SE2010
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Security essentials 2010″

Screenshots:

How to remove the infection of Security Essentials 2010 (Adware.Win32.SecurityEssentials2010)?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.