Tag Archives: backdoor

Ransom.K, Bifrost.GEN and Safety Center Fake Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report looks at two Trojans and a new fake antivirus.

Bifrost.GEN is a backdoor-type Trojan whose objective is to go resident, concealing its presence and displaying no visible symptoms. The malware inserts its code into Internet Explorer and runs it in the background, leaving an open connection to await instructions from the attacker to access the infected computer.

The second Trojan we are looking at today is Ransom.K. It reaches computers with an icon that resembles an application Help file and encrypts the code of the .TXT, .DOC, .XLS and .JPG files detected on the computer, using a file it downloads called CryptLogFile.txt. Additionally, it replaces the desktop wallpaper with a message asking users to pay for the credentials for decrypting the code.

image

This type of extortion is known as “ransomware”. The solution to this problem
is simple, and involves deleting the CryptLogFile.txt file from C:\Windows and re-running the Trojan. When it can’t find the file with the list of documents, it will automatically return the files it encrypted to their original status.

Finally, Safety Center is a new fake antivirus. It is presented as an unregistered multi-tool product.

image

It asks users to purchase the license by registering online in order to use or update all the tools. On reaching computers it carries out a fake hard-disk scan, displaying false infections to trick users. If victims fall for the trap and pay, they will not only be paying for a fraudulent product, but will also have their bank details exposed.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

Safety Center Removal:

If you have become infected by Safety Center, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Anti-Malware Tools, Browser add-ons, Don't Get Scammed, Don't Get Hacked, downloads, Encryption, Free Anti-malware Software, Free Security Programs, Freeware, Internet Safety Tools, internet scams, Internet Security Alerts, Malware Advisories, Panda Security, PandaLabs, Ransomware, Rogue Software, Rogue Software Removal Tips, Scareware Removal Tips, Software, trojans, Windows Tips and Tools

Personal Guard 2009 – PandaLabs Takes a Look

Courtesy of Panda Security.

This week’s PandaLabs report looks at a rogue antivirus, a backdoor Trojan and a program for creating Trojans.

Personal Guard 2009 is a new sample of the infamous rogue antivirus programs. On reaching computers, it runs a spoof hard disk scan.

image

These malicious codes typically display fake infections when running the scan, but Personal Guard 2009 does not show any infections during the first scan. Instead, the file goes hard disk resident and later on displays pop-ups in the toolbar warning about possible malicious items. During the second scan it shows fake viruses.

From then on it follows the standard procedure; tempting users into buying a fake security program in order to profit directly as well as stealing any data entered by the user.

WinVNC.A is a backdoor Trojan distributed via email. It uses the subject of swine flu as a lure, and talks about a potential conspiracy of pharmaceutical laboratories, tricking users into opening a PowerPoint presentation (“POS.exe”) where “the big secret” is revealed.

On running the attached file, the Trojan is downloaded to the computer without the user’s knowledge, while the presentation is displayed. This malicious code is especially designed to steal confidential information from the user and send it to its creator.

Finally, PassThief.A is a program designed to create password-stealing Trojans.

image

The information stolen by the Trojan is sent to an email account specified
by the program user. The directory where the Trojan will be installed can be selected, and whether it should run during the first or fourth operating system restart.

The Trojan will have the same icon as the task manager and will function on WIN9x/WINME, as it steals the passwords of the pwl files in the operating systems. These pwl files contain passwords for accessing protected resources, session start, phone access to networks, etc.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you become infected by Personal Guard 2009, or other scareware (rogue software), have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage. Computer technicians do not provide services at no cost, so be prepared for the costs involved.

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Anti-Malware Tools, Don't Get Scammed, Don't Get Hacked, Free Anti-malware Software, Freeware, Interconnectivity, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Panda Security, PandaLabs, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, trojans, Viruses, Windows Tips and Tools