W32.Relnek.A

W32.Relnek.A is a nasty new Trojan making the rounds on the internet. I’m not yet sure what W32.Relnek.A uses to get onto your computer but W32.Relnek.A is known for generating the following popups:

Foobar has encountered a problem and needs to close.
We are sorry for the inconvenience.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about the problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
To see what data this error report contains, click here.

C:\Blah.exe is not a valid W32 application.

There are no manual removal instructions for W32.Relnek.A yet but we can use the error messages it causes to our advantage.

Click Start > Run: Type MSCONFIG, Click OK, Uncheck “Load Startup Items“, click OK and restart your computer when prompted.

Now make your way to the C: and find and delete Blah.exe if it is there.

Click Start > Search, in “What do you want to search for?” Click “All files and folders.” Do a search for Foobar and delete any folder or file using this name.

This may not work and even if it does, it wont completely remove W32.Relnek.A. This is just a stopgap measure until proper removal instruction for W32.Relnek.A become available. Only a legit security program will completely remove W32.Relnek.A at the moment.

Popularity: 2% [?]

LOL_YOUR_DAD_SMOKES_WEED.GIF—WWW.YOUTUBE.COM

Skype scammers are continuing their obsession with your father with their latest infection, LOL_YOUR_DAD_SMOKES_WEED.GIF—WWW.YOUTUBE.COM

If for some reason you are tempted to open LOL_YOUR_DAD_SMOKES_WEED.GIF, bare in mind that watching Daddy get stoned is as traumatizing as watching your parents have sex. With that image I have single handedly saved Skype users from being opening LOL_YOUR_DAD_SMOKES_WEED.GIF—WWW.YOUTUBE.COM, installing a Trojan and sending LOL_YOUR_DAD_SMOKES_WEED.GIF to everyone on their Skype contact list. Go me!!

Spywarevoid.com has the manual removal instructions for “Your_dad_has_shit_fetish_too.PIF” but your probably too traumatized after reading this post to follow it so just use Spyware Doctor to remove “LOL_YOUR_DAD_SMOKES_WEED.GIF—WWW.YOUTUBE.COM” for you.

Popularity: 3% [?]

Delta_RQ763.exe

411-Spyware is talking about Delta_RQ763.exe, a Trojan that comes in a fake email from Delta airlines.

The email titled “Confirmation of airline ticket purchase at www.delta.com” says:

Thanks for the purchase! Booking number: LVSN50
You will find attached to this letter PASSENGER ITINERARY RECEIPT of your electronic ticket. It verifies that you paid the ticket in full and confirms your right for air travel and luggage transportation by the indicated flight Delta Air Lines. On board you will be offered beverages; food; daily press. You are guaranteed top-quality services and attention on the part of our benevolent personnel. We recommend you to print PASSENGER ITINERARY RECEIPT and take it alone to the airport. It will help you to pass control and registration procedures faster.
See you on board!
Best regards,
Delta Air Lines

The fact that it wants you to open an exe file rather than a PDF is a big sign that this is a scam. It goes without saying, don’t open a e-ticket for something that you did not buy.

If you have opened a Delta_RQ763.exe, run a free scan of Spyware Doctor to find out what they have put on your computer.

Popularity: 2% [?]

Postcard.gif.exe

Postcard.gif.exe is a nasty Trojan that comes in an email titled “You have received a virtual postcard!”.

Scammers love sending fake e-cards as it is a very efficient way of infecting someones computer. I’ve seen enough of them come through where I work as people seem to let their guard down as soon as they see that they have been sent an e-card.

According to 411-Spyware, “You have received a virtual postcard!” says:

You have just received a virtual greeting from a family member!
You can pick up your postcard at the following web address: clicking the link below:
http://www.postcards1001.com/?a91-valets-cloud-187
If you can’t click on the web address above, you can also visit E-Greetings at http://www.postcards1001.com/ and enter your pickup code, which is: a91-valets-cloud-187
(Your postcard will be available for 60 days.)

Notice how the email says it’s from Hallmark but the link goes to postcards1001.com. This is the biggest clue that this is fake e-card. If you ever receive an e-card, place your cursor over the link and see where it goes. Read the link carefully as scammers will use names like “Hallllmark” that you that you might miss at first glance.

Above all, do not install any software if you are asked. You mostly need Flash to view these cards and you will most likely already have it on your computer.

If you have opened “You have received a virtual postcard” and run Postcard.gif.exe, you will need a program like Spyware Doctor to remove Postcard.gif.exe off your machine.

Popularity: 2% [?]

Trojan.Fraudpack

Trojan.Fraudpack is a Trojan that gets onto your computer by pretending to be a Microsoft Word document.

I’m not sure what error message is displayed when the Trojan.Fraudpack fake Word Document is opened but be suspicious if you are unable to open a Word file, especially if shows a strange error you haven’t seen before.

There’s enough information for you to manually remove Trojan.Fraudpack but it can be difficult, even for experienced computer users, so I recommend you use Spyware Doctor to remove Trojan.Fraudpack for you.

Popularity: 2% [?]

Lady_Eats_Her_Shit–www.youtube.com

Spywarevoid.com is reporting an infection called Lady_Eats_Her_Shit–www.youtube.com is circulating around Skype.

If you open this file than you deserve to to be infected so don’t expect me to be posting a link to the removal instructions.

Fine, but only because you’ll be sending malicious files to everyone on your contact list. You can remove Lady_Eats_Her_Shit–www.youtube.com using these instructions. Because shit sticks, you would be better off using Spyware Doctor to remove it.

Popularity: 3% [?]

iWorkServices.pkg

411-Spyware is talking about the iWorkServices.pkg Trojan. The good news is those of you use Windows don’t have to worry about it. The bad news is those of you with Apple Mac’s are vulnerable.

It seems that iWorkServices.pkg is spread through in a fake iWork09 trial program called iWork09.zip. Once it’s on your computer, it contacts a list of hackers leaving them to do what they want on your computer.

Although 411-Spyware has instructions to manually remove iWorkServices.pkg, the site is geared toward Windows users so it won’t be of much help. You could hit an Apple forum to see what others have done to remove it however I recommend that you run MacScan to remove iWorkServices.pkg. MacScan will also protect your Mac from future threats that sadly will increase in number.

Popularity: 3% [?]

UPSInv.zip and NorthwestAirlines.zip

411-Spyware has found two malicous emails you should be on the lookout for.

First is NorthwestAirlines.zip which is a trojan that comes on a fake Northwest Airlines ticket email.

From: Damian Muller
Subject: E-ticket #4418910180
Hello!
Thank you for using our new service “Buy Northwest Airlines ticket Online” on our website.
Your account has been created:
Your login: ida.camacho@t********.com
Your password: passXNK0
Your credit card has been charged for $471.52.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the Northwest Airlines ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Kind regards,
Damian Muller
Northwest Airlines
Attachment: NorthwestAirlines.zip

UPSInv.zip is a trojan that comes in a fake UPS email.

From: United Postal Service
Subject: Delivery problems
Hello!

Sorry, we were not able to deliver postal package you sent on December the 25th in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office.

Your UPS Support Team
Attachment: UPSInv.zip

If you have opened the attachments on either on these emails, naughty, naughty. Luckily 411-Apyware has the instructions to remove NorthwestAirlines.zip and remove UPSInv.zip

Popularity: 3% [?]

Tubeplayer.ver.6.exe

411-Spyware has written about a trojan called Tubeplayer.ver.6.exe

Tubeplayer.ver.6.exe pushes fake security software and you wont know it’s on your computer unless you run a free spyware scan using a progam like Spyware Doctor or you see that you are running a process titled Tubeplayer.ver.6.exe

I’m not sure if Tubeplayer.ver.6.exe takes you to the following sites or if they are download sites for it, but avoid the following Tubeplayer.ver.6.exe affiliated websites.

http://2009download-best-soft.com
http://2009download-best-soft.com
http://best-ps-download-4pc.com
http://best-ps-download-4pc.com
http://downloabsecurehere1.com
http://downloabsecurehere1.com
http://downloabsecurehere2.com
http://downloabsecurehere2.com
http://downloabsecurehere3.com
http://downloabsecurehere3.com
http://downloabsecurehere4.com
http://downloabsecurehere4.com
http://download-all4free.com
http://download-all4free.com
http://downloadallsoftnow.com
http://downloadallsoftnow.com
http://download-allsoftnow.com
http://download-allsoftnow.com
http://downloadallsoft-now.com
http://downloadallsoft-now.com
http://downloadall-soft-now.com
http://downloadall-soft-now.com
http://download-files-bak.net
http://download-fls.com
http://download-fls.com
http://download-softarch.com
http://download-softarch.com
http://download-top-software.com
http://download-top-software.com
http://download-top-software.net
http://download-top-software.net
http://download-top-software.net
http://dwnld-files.com
http://dwnld-files.com
http://fast-download-base-free.com
http://fast-download-base-free.com
http://files-upload-21.com
http://files-upload-21.com
http://get-files-4free.net
http://get-frsh-files.com
http://get-frsh-files.com
http://go-downloadz-pc-soft.com
http://go-downloadz-pc-soft.com
http://load-software-dowload.net
http://load-software-dowload.net
http://pure-download-new.net
http://pure-download-new.net
http://soft-4-you-download.net
http://soft-4-you-download.net
http://top-best-software-area.net
http://top-best-software-area.net

Visiting any of these sites in Firefox will ask you to open an unnamed file. In Internet Explorer the file name will be whatever the website you are visiting is called. For example http://pure-download-new.net asks you to download pure_download_new.net

In summary avoid installing Tubeplayer.ver.6.exe unless you like popups.

Popularity: 5% [?]

Trojan.Zlob.G

Trojan.Zlob.G is the type of Trojan that if it was physical, it would be appearing on Americas Most Wanted.

Trojan Zlob is the main cause of infections on infections on computers that come onto the PC repair shop where I work.

If you have Trojan.Zlob.G on your computer, follow the Trojan.Zlob.G removal instructions before it downloads something nasty.

Popularity: 3% [?]

Next Page »