Tuesday, June 19, 2007

System Live Protect and SpyHazard

Two new rogue programs are out there on the Net trying to get you, System Live Protect and SpyHazard. Both should be avoided like the garbage they are.

System Live Protect is trying to pass itself off as a Microsoft program and playing off the name of the real Windows Live Onecare. I just finished testing Live Onecare and the screen shots of System Live Protect look too similar. They are definitely trying to trick people. Anyways, I don't have any copies of this joke to test, but you can look at Bleeping Computer's System Live Protect removal help. Hijackthis logs will show this if you have this rogue:

O4 - HKLM\..\Run: [LiveProtect] "C:\Program Files\LiveProtect\LiveProtect.exe" -h

SpyHazard is another rogue. This one looks pretty generic compared to it's fellow fake antispyware programs like SpyCrush and SpyLocked. You'll find the following line if you run Hijackthis:

O4 - HKLM\..\Run: [SpyHazard] C:\Program Files\SpyHazard\SpyHazard.exe /h

In add or remove programs you'll find SpyHazard 3.1 which you should uninstall. It will leave behind some other junk, so follow another Bleeping Computer removal guide to get rid of the rest.


AndyAtHull said...

Hi Nick,

We actually managed to get some of the award banners taken off last week for the SLP site.

They also have other sites with the same "people" involved which I write about in my article last week. I managed to test it and it seems to be a stand alone useless scanner.

For sure they are trying to trick. And they are autoinstalled obviously.