My Anti Spyware

Mirar Toolbar – Unwanted Tool ? YES

Sunbelt have finished review process.

They concludes that the Mirar Toolbar product does, in fact, satisfy Sunbelt’s objective criteria for a Potentially Unwanted Installation.

Currently Sunbelt classifies the Mirar toolbar as a “moderate risk” “adware toolbar.” Mirar toolbar is marked by a number of problems including:

• poor installation practices resulting in inadequate notice and disclosure
• the display of unrequested, undisclosed advertising on the users’ desktops
• undisclosed addition of NetNucleus sites to the Internet Explorer Trusted sites zone
• poor uninstallation practices, including the use of an uninstaller available only online

Read more here: Our response on the Mirar Toolbar

Found new fake codecs – SilverCodec and BrainCodec

Sunbelt blog and Bleepingcomputer reported about two new fake codecs: SilverCodec and BrainCodec

This is so new in fact, that though the BrainCodec has its own domain and its own braincodec.107.exe, they forgot to change the web site itself. As you can see the web site is still showing the layout and image for Gold Codec.

Links: Silver, Gold… but you’re not getting platinum, scumbags
From precious metals to body parts?

More fake codec sites

As always, DO NOT download these fake codecs.

They do not improve video or audio, and installing them under the premise of “free video” or any other reason is a very bad idea.

MovieCodec

TV Codec

WatchFree

SuperCodec

Perfect Codec

Related articles: How to remove malicious codecs.

More fake codec sites or story continue…

The story continue… some days ago Sunbeltblog reported about fresh fake codec sites.
Codec is actually a trojan download installer, It will change your home page to one of the current security scam site used like iupdate.com. It produces unwanted popup to sell rough security software or open to porn content type pages like adultfriendfinders[dot]com.
Continue reading More fake codec sites or story continue……

MSN Worm Used to install Backdoor | How to remove

F Secure have received reports from customers of suspicious pop-ups that were being spammed through MSN Messenger. Below is a sample message:

lol check http://peopleonline.pe.funpic.de/[REMOVED].pif

When the link in the message is clicked, it automatically downloads a file named photo942.PIF. This file is the backdoor component of Licat.C This is used to connect to go.cheap[Removed].info and go.links4[Removed].biz

These websites contains a malicious IP address. Access to this address will again download other malware and adware from www.uglyphotos.net/[Removed] and execute it on the infected machine.

One of the downloaded files is responsible for the pop-up messages that are being spammed via MSN Messenger. It arrives on the system with the filename sprT.exe. This file is also detected as IM-Worm.Win32.Licat.c.

Licat.C, a variant of Licat, is a Trojan. Licat.C can send instant messages or contact certain websites to inform malware authors about certain events and allows downloading files on the infected computer. Licat.C tries to connect to certain websites on Internet.

Licat.C also attempts to replace the original MSN Messenger application client, msnmsgr.exe, with its own copy. The original Messenger file is renamed and is started by the copy. Deleting the Licat.C copy and renaming the original file, msgs.exe, may repair the installation of Messenger.

The other downloaded files are adware related. One is a trojan that drops a variant of PurityScan adware onto the system – detected as Trojan-Dropper.Win32.PurityScan.ag. The other is a Softomate adware installer – detected as Softomate toolbar.
Continue reading MSN Worm Used to install Backdoor | How to remove…

More fake codec sites

Sunbeltblog reported (1, 2) about two fresh fake codes sites.

Strcodec

MP Video Codec

Add both sites in to your blocklist. Use follow info:

69.50.160.58 Mpcodec.com
85.255.118.194 strcodec.com

Related articles: How to remove malicious codecs.

SmartBrowser have smart EULA

Spywareguide reported about site enticing an end-user to install something they think they need, only to pull the rug out from under them and reveal that (in actual fact), is was this program over here that they needed all along! The site is a typical free movies / webcam website. This site displays numerous videos for you to watch, with the words “live now” next to a play button. Pressing the button does not launch a video (as one would reasonably assume!), but actually opens up a download prompt.

The name of the executable continues the baiting strategy – “open for instant access“. At this stage, the end-user still reasonably believes running this software is essential to viewing the videos on the frontpage. However, when you install it, IE opens automatically and you see a page of Zango videos, where you have to install various pieces of Adware from Zango in order to acquire the License to watch the video. However, these are not the “videos” mentioned on the frontpage – in fact, they don’t seem to exist. And as far as “watching the videos on the frontpage” goes, installing Smart Browser serves no purpose whatsoever.

The SmartBrowser is controlled by smart-browser.com. In our studies it changes the default home page. It opens pop-up pornographic advertising. Examples included extremelybabes.com and extremelyamateurs.com, and redirects attempted access of other pornographic sites to these sites instead. (Caution: these sites may attempt to load premium-rate dialers.)

EULA Analysis demonstrates some notable and alarming security risks:

“YOU AGREE THAT UPON ENTERING ANY SITES UNDER THE CATEGORY THAT FEETS OUR PUBLISHERS CATEGORIES ,AN ADVERISEMENT MATCHING THAT CATEGORY WOULD POP UP, AND”

- “YOU AGREE THAT YOUR COMPUTER WILL BE USED TO CONNECT TO OUR SERVER FOR ANY UPDATES OR ADDINS. AND”

- “YOU KNOW AND AGREE THAT YOUR COMPUTER WILL BE USED TO SEND EMAILS (PUBLISHMENT & FILES) TO YOUR FRIENDS (USING YOUR LOCAL USER DATABASE) AND TO OUR LISTS .AND YOU ASSURE US THAT YOU WON’T CONSIDER THAT A VIOLATIONS OF YOUR PRIVACY OR ANY OTHER RIGHT. AND”

- “YOU KNOW AND AGREE THAT YOUR COMPUTER WILL BE USED TO CONNECT TO CHATS IRC, YAHOO ,MSN ,ETC IN ORDER TO PUBLISH OUR PRODUCTS.”

What we have here is a clear example of Bait and Switch – luring you in with one offer, only to be denied the desired item, but presented with a “substitute” at the last moment. The difference here, is that the webmaster also gets to install Smart Browser onto the PC in the process – I suppose you could call it a two for the price of one deal or a “bonus”. Even if the end-user doesn’t choose to download any Zango videos, they’ll still be receiving pop-ups (and possibly premium rate dialers) via Smart Browser.

Browsezilla – next internet generation – Web browser that contains malware

PandaLabs has discovered that Browsezilla, a free web browser available on several web pages, infects computers with the adware PicsPlace, without users’ knowledge. This adware, which activates whenever a user starts up the infected PC, opens a series of adult web pages, although they are not visible to the user. This tactic is aimed at artificially increasing visits to these pages.

Browsezilla is an application similar in appearance to the widely-used Mozilla browser, and also uses a dinosaur as a logo, no doubt to encourage users to trust the application. Ironically, the creators claim that Browsezilla offers safer Internet use than other browsers, as it supposedly does not store the history of pages visited or favorites lists. To encourage users to install it, the official page offers an Internet search service. However, the search always results in a page advising that it is necessary to download the browser in order to obtain the requested information.

Browsezilla is detected as adware due to the following reasons:

• It is automatically downloaded to the computer when carrying out a search using it, without asking for user permission.
• It installs itself without user’s explicit permission and knowledge.
• It does not display an EULA (End User License Agreement) during its installation.
• One of its components downloads and runs automatically a file without asking for user permission.
• It offers links to adult content without clearly asking for user consent.

Browsezilla can be voluntarily downloaded when visiting certain websites for adults, and from the website belonging to the company that has developed it.

Note: although a former version of Browsezilla downloaded a copy of the adware PicsPlace to the affected computer, a newer version has been released, which does not carry out this action.

How to remove NEED2FIND and RXToolbar

Need2Find is an adware promoted by Ask Jeeves. Ask Jeeves distributes a variety of programs that offer users some trinket of apparent value (e.g. smileys for email programs) while also adding an extra toolbar to users’ web browsers. Ask Jeeves promotes these programs in ways that do not entail meaningful user consent.
Continue reading How to remove NEED2FIND and RXToolbar…

YapBrowser is back online

Some time ago we`ve reported about the adware:

YapBrowser, potentially dangerous application that pre-installs 180Solutions Zango and does nothing but apparently redirect you to a porn site. Read more: YapBrowser and Yapsearch(dot)com

now yapbrowser site back online.

The website claims:

YapBrowser is a browser which will make searching for any information online much simpler. Download YapBrowser for free and forget about getting to sites containing harmful exploits. Your computer will be free from viruses breeding online. Attention! You can download a 100% free adult version of YapBrowser. Using it you will be able to search for and browse adult content for free. There is a 100% guarantee no system infection will occur when using our software. YapBrowser is the only browser which gives you safe search and browsing capabilities. Now you can download it for no cost at all. So it is an adult version this time around and the user is getting a warning upfront and you guessed it- it’s free and now backed by a 100% guarantee you won’t experience a system infection.

Read more about yapbrowser on Spyware Guide: Return of The Yap Browser