Monday, September 04, 2006

Spyware Pop Ups This Week

I was testing one of the newer codecs that installs spyware, and thought I would share some of the pop ups it will put on your system. One of the things I found out was that VirusRescue is still out there and is being promoted through pop ups.

I was at a web site and was offered a video to watch. I couldn't see it and was told that I needed a codec to properly watch it. I knew this was going to install something unwanted, so I prepared to get infected with spyware on my test computer.

After installing the fake codec, I received the pop up above after a few minutes. Knowing I had installed a trojan, it was no surprise that I had a trojan that the pop up was warning about. All of the info in the pop up is made up. Nothing was actual scanned or confirmed to make the report in it. They already knew the computer was infected since that is the way the scam is set up.

Clicking the update security button changed the to what is on the left. The only way to solve the problems that the computer has now is to download one of the programs listed. AntiVirusGold, System Doctor, and WinAntiVirus are all known rogue programs. For now, I decided to not download anything and see what other pop ups I might get.

I got some other pop ups and alerts while waiting for something new to come up. Some were similar to ones I posted about earlier in my fake warnings from spyware post. I commented in that post about the English used in some of the fake warnings. This trend continues with latest one, VirusBurst. The warning balloon mention that clicking the warning will help you. They misspelled balloon like this: baloon. You can see this at Bleeping Computer's report about VirusBurst.

After awhile, I saw a familiar one. This pop up is made to look like it is part of Microsoft's Live OneCare. It's a bit out of date now, since Microsoft changed the look of their site some. Still, it's trying to dupe people into thinking it is from Microsoft or at least affiliated with them.

People who have used or been to Live OneCare may remember that and just assume this one is part of that. Unfortunately, it is not and is probably why this pop up was made. I decided to click on this one and see what it would do.

Clicking on the fake live op up took me to the home page for VirusRescue. What a surprise I thought. Since I already tested this rogue earlier, I didn't bother to download it. You can see my report on VirusRescue in an earlier post. They did redo the home page to make it look different, but it's still a scam. It doesn't have anything to do with OneCare or Microsoft. It's just a trick to get people to buy it.

If you do have any of the pop ups, fake alerts, or programs mentioned in this post, try following the free virus and spyware removal instructions I posted about.


Anonymous said...


I hope you can help me. I tried to sign onto Spyware Warrier last night but did not get an acknowledgement and have not yet today either. I tried to log onto the sight this morning but the name/password didn't work. There is no way I can contact an administrator on SW to ask for help (Catch 22) because I need the name/password.

My problem, BTW, is near identical to the one described in your blog with Virus Blaster installing itself (I think?). I belatedly installed AVG and a host of anti Malware/Spyware as suggested on the Spyware Warrior site. It seems to have removed the virus (if indeed there was one), but I still keep getting some anoying popups - one every few minutes on my tray and one when I first go onto the internet.

If you can help me get a password for Spyware Warrior, it would be appreciated. I also downloaded HijackThis last night and ran a scan. Thanks for any help!

Nick said...

Hi, I can't give out any log details in a public pace like this. I did look for your login info, but couldn't find anything. Probably the easiest thing to do is to register again with a different username and see if that works.