Here are some screenshots of the members of this scareware family:
![[gickr.com]_6c803672-8a5f-25e4-5109-31b55ebdf362](http://r3v3rs3e.files.wordpress.com/2009/10/gickr-com_6c803672-8a5f-25e4-5109-31b55ebdf362.gif "[gickr.com]_6c803672-8a5f-25e4-5109-31b55ebdf362")
Beware of these rouge apps.
Posts Tagged ‘Winifighter’
Sysguard / Winifighter Clones
Posted by Steve Espino on October 15, 2009
Posted in Rogue Apps | Tagged: rogue app, rogue av, security, Sysguard, TrustCop, TrustNinja, Winifighter, WiniShield | Leave a Comment »
Winifighter Clone: TrustFighter
Posted by Steve Espino on October 13, 2009
Another scareware has been spotted in the wild and it calls itself TrustFighter. This is a recent addition to the Winifighter family of scareware.
Same as other members of this family of scareware, as in a previous post, TrustFighter creates heaps of junk binary files in the %systemroot% and %system% directories.
Sample junk files are the following:
%systemroot%\51c0vzr24975.dll
%systemroot%\51cbthreatz1991.ocx
%systemroot%\524699py69fz.bin
%systemroot%\525z1vi9us4e4.cpl
%systemroot%\5294viz115.exe
%systemroot%\5eddaddwar9167z.dll
%systemroot%\5ezast95l495.dll
%systemroot%\5ezdaddware2359.cpl
%systemroot%\5z09s9yware545.cpl
%systemroot%\5z56th5eat19149.bin
%systemroot%\5z85thief22759.cpl
%systemroot%\5z99addware2835.ocx
%systemroot%\5z9bba5kdoor525.dll
%systemroot%\5z9cth5ef13559.cpl
%systemroot%\5zfdaddware950.bin
%systemroot%\5zfesparse709.exe
%systemroot%\6169th5zf99.ocx
%systemroot%\6210spywa5e192z.ocx
%system%\1905szea51146.cpl
%system%\190979iru57z7.ocx
%system%\190cszywa591879.exe
%system%\19105vizus1c.bin
%system%\19179virusz65.ocx
%system%\1930thief97z5.cpl
%system%\19559spamboz6bb.ocx
%system%\1958stezl2595.cpl
%system%\195b5hreat39894z.exe
%system%\19645worm7zd.exe
%system%\1969spz715.bin
%system%\1977zhacktool54d.cpl
%system%\19792troz5aa.bin
%system%\1987th5z92904.cpl
Here are some domains participating in this campain:
securityannounce(dot)com
securityadjust(dot)com
bestmalwaredetect(dot)com
pcprotectzone(dot)com
trustfighter(dot)com
Unsuspecting users get set back by $49.95 from their hard-earned money.
PC Tools Spyware Doctor protects your computers from the scum of the universe (the digital universe) and aptly detects TrustFighter as RogueAntiSpyware.Winifighter.
Posted in Rogue Apps | Tagged: bestmalwaredetect.com, Malware Research Centre, MRC, pcprotectzone.com, rogue app, rogue av, RogueAntiSpyware.Winifighter, scareware, security, securityadjust.com, securityannounce.com, theatypxdd.net, TrustFighter, trustfighter.com, Winifighter | Leave a Comment »
Rogue AV: RogueAntiSpyware.Winifighter
Posted by Steve Espino on August 11, 2009
We’ve talked about digital clutter on a previous post.
But this one’s a real bugger. Winifighter creates heaps of junk binary files in the %systemroot% and %system% directories. The filenames, the contents, and filesize are all random. The names, however, contains bits and pieces taken from malware names such as the following:
backdoor
not a virus
spy
trojan
virus
worm
This one also, spoofs the Windows Security Center to give itself that authentic feel and advises unsuspecting users to register Winifighter.
Ad of course we also have those ever so genuinely adorable warning messages:
As always, I advise everyone to steer clear of these Rogue AVs.
Posted in Rogue Apps | Tagged: fake alert, fake av, rogue app, rogue av, RogueAntiSpyware.Winifighter, scareware, Winifighter | Leave a Comment »
