The relentless rogueware distribution groups that we’ve been monitoring have changed their gig yet again, in their efforts to evade the typical AV solutions. And by the numbers this month, it seems that they are having a successful go at it.
The installer drops cs.exe to c:\program files\cs\cs.exe on your system and runs it, which prompts the user with nagging popups. If you are seeing “Cyber Protection Center reports that ‘Cyber Security’ is inactive” on your system, do not activate it:
Standard set of phony detections to scare the victim into paying for the software:
“Cyber Protection Center” gui has become the “usual” Microsoft security center spoof:
The naming has changed a bit. The typical download Url will look like a variant on this scheme:
91.212.107. 5/download/Soft_40s5.exe
91.212.107. 5/download/Soft_257.exe (starting 10/13)
91.212.107. 5/download/scanner-323_2007.exe
91.212.107. 5/download/scanner-323_2007.exe (starting 9/8)
91.212.107. 5/download/antivirus-8D5D21_2015-5.exe
91.212.107. 5/download/antivirus-32CED34_2007.exe (starting 8/12)
This month’s moves include ip and domain changes:
91.212.107.5
best-antispyware-09 .com
best-antispyware-11 .com
computer-protection-7 .com
computer-protection-9 .com
quick-antimalware-2 .com
top-antispyware-scan9 .com
topantimalwarescan5 .com
wwwantispyware-01 .com
your-pc-protection0 .com
your-pc-protection2 .com
yourantispyware-2 .com
yourspywarescan1 .com
yourspywarescan6 .com
yourspywarescan8 .com
83.133.119.154
yourspywarescan0 .com
computer-protection-7 .com
computer-protection-9 .com
ftp.dot5productions .com
your-pc-protection0 .com
your-pc-protection2 .com
yourspywarescan0 .com
yourspywarescan1 .com
yourspywarescan6 .com
yourspywarescan8 .com
85.12.24.12
computer-protection-7 .com
computer-protection-9 .com
your-pc-protection0 .com
yourspywarescan0 .com
yourspywarescan1 .com
yourspywarescan6 .com
yourspywarescan8 .com
Do not activate the product:
What will the group have in store in November? We’ll wait and see. In the meantime, PC Tools ThreatFire users and the recently award winning Spyware Doctor with AntiVirus 2010 (with Behaviorguard) are well protected from this round of scareware.
My daughter loaded cyber security on my laptop. I don’t think she meant to, but… I have the blue screen of death, can’t bring up task manager to cancel it so I can load any program to remove it. If you could provide any suggestions, I would appreciate the help.
Thanks Marv for the inquiry. Support for infections may receive support on our PC Tools forums at http://www.pctools.com/forum/ under
“Spyware, Adware and Malware Discussion” by volunteer gurus and some PCToolers.
Security Tool is an infection I’ve encountered. Now…as Computer Guy, I have successfully removed said infection from EVERY MACHINE I’ve encountered – now, if it comes upon your PC, try to close any other apps you have, save any work you can, and then TURN YOUR PC OFF.
Now, if you don’t have the tools to circumvent the compromised OS, bring it to a professional (and you’ll know that they’re a professional when they first ask if you’ve backed up everything that’s important; then they save your OS). Now, if you just keep that PC on and continue surfing, you’ve no one to blame but yourself.
As for those who still believe that “Macs don’t get viruses” or some such bushwah, let me tell you this: a week ago, someone came in to my office with a Mac, afflicted with AntiSpyware 2010, an infection I’ve only seen on PCs…until then.
Be vigilant about your travels, and have a Happy New Year!