Randomness
in Folder name, Process and Driver Files...
We just launched Fully 64 bit compatible
Spyware Detector. Although we did not find many spyware
launched for 64 bit so far but we are ready...whenever
they come.
We came across several Spyware related
products coming out of PC Sentinal Software such as
Spyware Smoking Gun, KeyLogger.Busted and Spyware.Red
handed. All of these have random names in the program
files folder. Randomness was created with some pattern
so it was not difficult to detect and quarantine them
at run time.
Another Downloader that we recently
found on many customer PCs modifies system file beep.sys
which is originally responsible for giving beep on PC
restart. This Downloader fully overwrites beep.sys file
and changes everything in this file right from Microsoft
signed signature to file size. It overwrites it with
its own code. Main function of infected beep.sys is
to block any anti-spyware or anti-virus program from
running and updating. It blocks many anti-spyware and
anti-virus programs, following is a partial list:
Kaspersky
Norton
McAfee
AVG
Spyware Detector
SuperAntispyware
SpyBot
Outpost
Sandbox
---
This Downloader also downloads some
files in system32 folder such as cru629.dat braviax.exe
and univers32.dat. It creates registry entries to make
braviax.exe run at start-up. cru629.dat is added in
appInit entry in registry so that it loads early at
logon with every Microsoft application that use user32.dll.
It displays fake messages claiming the computer is infected
with spyware and then tries to sell the user Anti-Spyware
tools.
We have released a patch for fixing
this Spyware which can be found at www.spywaredetector.net
website or http://www.spywaredetector.net/SDFraudToolFix.exe
. After running this patch you will be required to scan
and quarantine with Spyware Detector. Only registered
users can remove this Spyware using Spyware Detector.
You can find more information on this Spyware can be
obtained from http://www.spywaredetector.net/spyware_encyclopedia/Downloader.FraudTool.htm
. Following are some of the characteristics of this
Spyware:
- Braviax.exe
also installs rogue security applications such as
Ultimate Defender , Winreanimator and displays false
alert.
- A
red circle with a red X appears in your taskbar
telling that machine is infected with virus.
- Following
is the snapshot from an infected PC:
Here is the summary on the
Spyware Categories processed for Spyware
Detector Live Updates in the month of April:
| No |
Category |
Count |
| 1 |
Adware |
166 |
| 2 |
Backdoor |
163 |
| 3 |
Dialer |
16 |
| 4 |
Downloader |
49 |
| 5 |
Fake Anti Spyware |
232 |
| 6 |
Flooder |
16 |
| 7 |
KeyLogger |
73 |
| 8 |
Spyware |
30 |
| 9 |
ToolBar |
40 |
| 10 |
Trojan |
77 |
| 11 |
Worm |
75 |
| 12 |
Constructor |
22 |
| 13 |
Exploit |
26 |
| 14 |
HackTool |
45 |
| 15 |
Proxy |
12 |
| 16 |
PSW |
52 |
We appreciate any feedback on our products
from our valuable customers. You would also notice daily
news updates on our Spyware patch releases. You will
also find more detailed information on the Spyware Encyclopedia
pages which can be reached either from Spyware
we Remove Link or by clicking on the Spyware Detector
itself after a particular Spyware is detected, by clicking
on Threat Information Link right next to the name of
the Threat detected.
Please continue to support this effort
by reading this blog for the latest information on new spyware
releases. You are welcome to send us queries on any
spyware that can not be removed from your PC. Our
technical support will be happy to help you through
chat, email or free remote support. We will not rest until Spyware writers give
up and let the users of PCs enjoy their computing as
it was intended to be without any slowdown, without
fear of losing Privacy and with no advertisements or
other unwanted nuisances.
Rachna Pradhan
CTO
Max Secure Software
|
Submit
a Threat
Request
for Software to be Removed from our Database
