R3v3rs3e's Blog

Archive for November, 2009

Spyware Doctor with AntiVirus 2010 gets 4.5 out of 5 stars from How-to Geek

Posted by Steve Espino on November 6, 2009

PC Tools’ award winning Spyware Doctor with AntiVirus 2010 has done it again, earning a rating of 4.5 out of 5 stars as reviewed by How-to Geek.

Spyware Doctor with Antivirus is a top-rated malware, spyware & virus removal utility that detects, removes and protects your PC from thousands of potential spyware, adware, trojans, viruses, keyloggers, spybots and tracking threats. Spyware Doctor’s advanced Intelliguard technology only alerts users on a true spyware and virus detection. Spyware Doctor with Antivirus has the most advanced update feature that continually improves its spyware and virus fighting capabilities on a daily basis. As spyware gets more complex in order to avoid detection, Spyware Doctor responds with new technology to stay one step ahead.

More details here.

Posted in Uncategorized | Tagged: , , , , | Leave a Comment »

MaCatte scareware fools users by masquerading as McAfee

Posted by Steve Espino on November 3, 2009

rogue2

MaCatte Antivirus is a rogue av that attempts to impersonate McAfee scanners in order to scam users, which PC Tools Spyware Doctor with Antivirus aptly detects as RogueAntiSpyware.MaCatte

This scareware has been seen to be using a bogus My Computer online scan similar to ones we’ve seen here, here and here.

rogue6

The online scan can be seen on this url:

hxxp://proscan5.info/25/26-088wLzQzL1EzL==

The downloader being served from this url is time-sensitive and will not work after a period of time. A session ID of some sort is embedded on the binary executable itself. After such time has elapsed, the downloader tells the user to contact MaCatte Antivirus support people. This prevents reverse-engineers from replicating the infection and gathering samples for analysis.

Presence of these files / folders would signal infection from this scareware:
C:\Documents and Settings\All Users\Application Data\msca
C:\Documents and Settings\All Users\Application Data\msca\MaCatte.ico
C:\Documents and Settings\All Users\Application Data\msca\mcull.exe
C:\Documents and Settings\All Users\Application Data\msca\msc.exe
C:\Documents and Settings\All Users\Application Data\msca\Viruses.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Media\WPtect.dll
C:\Documents and Settings\All Users\Desktop\MaCatte.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\MaCatte
C:\Documents and Settings\All Users\Start Menu\Programs\MaCatte\MaCatte.lnk

Unsuspecting users are set back from their hard-earned money by a hefty $99.

Stay away from these rogue apps.

Posted in Uncategorized | Tagged: , , , , , , , , , , , , , , | 2 Comments »

 
Follow

Get every new post delivered to your Inbox.