Thursday, August 10, 2006

VirusRescue Appears to be New Trojan

One of the ways that spyware gets onto your computer is by tricking you into installing a codec. Usually, a video file will be on a web page and you will be prompted to install a file to be able to view it. When a spammer posted a link to an adult site on one of the sites I visit, I took a look at it. The first thing on the site was a blank video and a message that I needed to download a codec to view the file. Installing the file brought spyware to my computer.

After installing the codec, the video file did play, but it was only 10 seconds or so. Not worth the trouble. A few minutes later, the first pop up appeared.

I was warned that I had a virus. I already know that I had no virus on my system and that the warning was fake. Looking at the programs offered, I recognized two of them as rogue antispyware programs that are no good. The first one on the list, VirusRescue, was new to me. So I decided to download that one.

While I was installing VirusRescue, I got the first warning from SpywareQuake. SpywareQuake came with the video codec I downloaded earlier. By now, many people know that SpywareQuake is a bad rogue program, but if not, now you do.


The install of VirusRescue goes pretty much like a normal program. As I would find out later, it also installed some extra and unwanted extras.

An interesting fact is that both SpywareQuake and VirusRescue report the media codec that I first installed as spyware. So even these fake programs admit the codec is no good.

A few minutes after VirusRescue was installed, I got a warning in the lower right corner of my desktop. Now I have two warnings telling me I have spyware on my computer. I took this screen shot while the one for SpywareQuake was not showing. If you look two places to the left of the yellow triangle for this alert, you see a circle with a question mark. That's the one for SpywareQuake.

A screen shot of the main VirusRescue (also called Virus Rescue) program is below. If you have this pest on your computer, then the best thing to do is to not buy it. It is a scam and a rip off. Follow my Easy Fix For Spyware and Virus Alert post from earlier to get rid of this trojan. A free fix that's alot better than paying $50 to the same people who put spyware on your computer.


Edit to add on Aug 21, Virusrescue or Virus Rescue has been added to Counterspy's spyware definitions.

The host for the virusrescue.com site is also used by the same people who are behind SpyFalcon, SpywareStrike, and other questionable security products. See a rather lengthy tracking of this at Bluetack.

Other places reporting on VirusRescue: Vitalsecurity, Realtechnews, Spywareguide.com, and even hardware site Hardocp.com.

On Security Cadets, someone actually posted a comment to defend VirusRescue but never replied back to answer questions.

3 comments:

Anonymous said...

So they get you to download a virus in disguise, then they get you to download a program to remove the virus, then they try to get you to buy the program to get rid of the virus that they put there?!!!! seems like a well thought-out way to do it i suppose... lol

Anonymous said...

thanx for the info . I work for a chain of computer repair shops. and I got a comptuer in today that has this.. now that I know it's only smitfraud in descuise I know how to kill it!

Thanx!

Anonymous said...

Dear Nick:


I came across a codec that did install spyware in my computer, pop-ups,web redirection you name it and SpyQuake was there. I wanted to see a video and the site said I needed that codec.

Well I want to share that Spybot Search & Destroy removes the codec and all spyware associated with it. Also you may want to use ePestPatrol too.

dilsiam

Sitemeter