Courtesy of Panda Security.
This week’s PandaLabs report looks at a rogue antivirus, a backdoor Trojan and a program for creating Trojans.
Personal Guard 2009 is a new sample of the infamous rogue antivirus programs. On reaching computers, it runs a spoof hard disk scan.
These malicious codes typically display fake infections when running the scan, but Personal Guard 2009 does not show any infections during the first scan. Instead, the file goes hard disk resident and later on displays pop-ups in the toolbar warning about possible malicious items. During the second scan it shows fake viruses.
From then on it follows the standard procedure; tempting users into buying a fake security program in order to profit directly as well as stealing any data entered by the user.
WinVNC.A is a backdoor Trojan distributed via email. It uses the subject of swine flu as a lure, and talks about a potential conspiracy of pharmaceutical laboratories, tricking users into opening a PowerPoint presentation (“POS.exe”) where “the big secret” is revealed.
On running the attached file, the Trojan is downloaded to the computer without the user’s knowledge, while the presentation is displayed. This malicious code is especially designed to steal confidential information from the user and send it to its creator.
Finally, PassThief.A is a program designed to create password-stealing Trojans.
The information stolen by the Trojan is sent to an email account specified
by the program user. The directory where the Trojan will be installed can be selected, and whether it should run during the first or fourth operating system restart.
The Trojan will have the same icon as the task manager and will function on WIN9x/WINME, as it steals the passwords of the pwl files in the operating systems. These pwl files contain passwords for accessing protected resources, session start, phone access to networks, etc.
More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.
If you become infected by Personal Guard 2009, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.
If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.
The following free resources can provide tools and the advice you will need to attempt removal.
Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.
411 Spyware – a site that specializes in malware removal. I highly recommend this site.
Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.
SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.
What you can do to reduce the chances of infecting your system with rogue software.
Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.
Do not click on unsolicited invitations to download software of any kind.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Pingback: personal guard 2009 removal | What's going on!!
Pingback: personal guard 2009 removal – 海运女
Thanks,for your information. I’ve been dealing with “personal guard 2009” which infected my laptop ( XP) for 2 days.It is vicious and have had to wipe the hard drive and start over.
I downloaded Spydoctor–and their program could not remove it. The “guard 2009” would not even let the spyware be dowloaded at first! They said that they could get rid of it-before I bought it but it did not work! I spent hours with their techs and got it downloaded and it ran but never even picked this thing up! So, it’s hiding somewhere out of sight from anti-spyware programs.
I tried other malware removals but none worked either. They are all blocked by the virus from being able to be opened.
I am not a heavy web user so it’s a mystery how I got this. I have not found help from Microsoft on their site under “personal guard 2009” anyway. They address spyware removal but if they have a solution to this one, they do not categorize it under that name. We non-techies need it spelled out for us.
I would have liked to have had some support from Microsoft so, I’ve decided to look around for a used Mac to purchase. I worked on my laptop for about 12 hrs yesterday and it’s maddening. Now I’m entering into day 2 of this thing.
If Microsoft is so easy to infect–it is just not worth it to me.
Hi Sandi,
You’re right, Personal Guard 2009 is a particularly vicious piece of malware. I believe you did the right thing in reformatting and reinstalling since, even for a professional, there is no guarantee that malware like this can be removed in full. In fact, it’s extremely doubtful. This type of situation emphasizes just how important it is, for users to have a current and reliable backup of all important files.
While at first glance, it may appear that Mac’s are immune from malware attacks (Apple certainly tries hard to create that impression), it is simple not true. Mac users don’t have to deal with the same volume of malware as PC users do, because the installed base is only a fraction of the PC base – cyber crooks go for volume. Nevertheless, Apple released 39 security updates in the last few days, since Mac’s are now under attack as never before.
Until such time as there is international agreement on how to pursue and punish cyber criminals, I see little hope for a reduction in malware attacks. Frankly, I believe the situation will get much worse, long before it gets better.
I don’t know if you are a first time visitor to this site or not, but there are numerous articles here, on Internet security, with application reviews and download links to free applications that will increase your Internet security substantially.
Bill