Thursday, August 31, 2006

VirusBurst, Another Fake Spyware Program

While I was posting about SiteAdvisor in my earlier posts today, Bleeping Computer announced they found yet another fake antispyware program, VirusBurst. While the name is different, it looks pretty much the same as SpywareQuake to me.

Looking at the registration info for, I can see the usual suspect is involved with this site as well. Estdomains is the registration provider. They seem to always be near questionable programs and websites.

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217


Burst Technology GesmbH
Judi Stewart (Whois Privacy and Spam Prevention by Whois Source)
Davidgasse 87
Tel. +431.3365073

Creation Date: 10-Aug-2006
Expiration Date: 10-Aug-2007

I'm sure the above info contains fake information. Most of the time when these rogue programs are registered, the info is not real.

Bleeping computer reports that the following file is responsible for installing this pest. When it gets on your system, it will download VirusBurst and download software without permission.


You will see a warning balloon above the clock on your coputer. Right now they spell balloon wrong, baloon. If they can't get that right, makes you wonder what else they did wrong. Here's what it says:

"System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click this baloon to get all available software.”

This is not the same one, but it looks like this one:

Right now, you can use the VirusBurst removal instruction at Bleeping Computer to fix this pest. More details as they become available. Update, S!ri's SmitFraudfix will now remove VirusBurst as well.

Edit to update: Here's some more info on


Domain servers in listed order:

Right now, is a SpyAxe download page, which is also a Rogue program. Here are other sites on the same IP address as tokiodrift:


So I would say that is no good and so is the program VirusBurst.

OK, one more update. Paperghost at Vitalsecurity noticed the EULA for VirusBurst is the same one for SpywareQuake. They changed the main title, but eveything in the long wordy part says SpywareQuake. Look at the end of his post for this.


AndyAtHull said...

Hi Nick/Nel,

Did you realise they have a .org parked?

I just found it ranked number one in G00gle.

Just visit my blog, I did an update about it.