W32.Relnek.A

W32.Relnek.A is a nasty new Trojan making the rounds on the internet. I’m not yet sure what W32.Relnek.A uses to get onto your computer but W32.Relnek.A is known for generating the following popups:

Foobar has encountered a problem and needs to close.
We are sorry for the inconvenience.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about the problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
To see what data this error report contains, click here.

C:\Blah.exe is not a valid W32 application.

There are no manual removal instructions for W32.Relnek.A yet but we can use the error messages it causes to our advantage.

Click Start > Run: Type MSCONFIG, Click OK, Uncheck “Load Startup Items“, click OK and restart your computer when prompted.

Now make your way to the C: and find and delete Blah.exe if it is there.

Click Start > Search, in “What do you want to search for?” Click “All files and folders.” Do a search for Foobar and delete any folder or file using this name.

This may not work and even if it does, it wont completely remove W32.Relnek.A. This is just a stopgap measure until proper removal instruction for W32.Relnek.A become available. Only a legit security program will completely remove W32.Relnek.A at the moment.

Popularity: 2% [?]

INVENTIVE FACEBOOK SCAMMERS TRICK YOU OUT OF MONEY WITH TROJANS

The following is an article from Bill Mullins’ Weblog – Tech Thoughts

Do you take the same pains to protect your FaceBook details online, that you do your banking info?

A recent case involving a Microsoft employee from Seattle, Bryan Gutberg, highlighted the need to protect your FaceBook details in the same way, and be as wary surfing around FaceBook as you are the rest of the net.

This story was first reported by Bob Sullivan, respected cyber-scam reported for MSNBC. In the tale, hackers somehow gained access to Gutberg’s login and password – most likely through a keylogger, or a Trojan such as Zlob or Vundo.

Keep reading “Inventive FaceBook Scammers Trick You Out of Money with Trojans”.

Popularity: 2% [?]

My Supervisor

I often wonder what goes through scammer’s heads when they name a fake antivirus program.

“Ok guys, we need a name for this weeks program. All the good ones are taken, any ideas?”

“I know, My Supervisor, It has nothing to do with spyware removal and it will generate warm fuzzy feelings of the great supervisors our Marks are sure to have.”

“Genius, and here I was thinking of Mr Spyware Protection.”

I suppose the name My Supervisor is appropriate for this program, it’s really annoying, slows you your computer down, bombards you with fake security alerts, doesn’t appreciate any of the hard work you do or the long hours you put in. I have a life too Mr Prefectionist….

Sorry, I went of track there, you can remove My Supervisor AKA – My Supervisor Total Doctor with these instructions

Popularity: 1% [?]

SysAntivirus 2009

SysAntivirus 2009 is the latest fake anti-spyware that wants to con you out of your money.

Once it is on your computer, SysAntivirus 2009 will make your life hell by bombarding you with fake security alerts to trick you into buying the “full” version of Adware Eradicator.

You probably got SysAntivirus 2009 from a Trojan disguised as legitimate file that you downloaded; luckily you should be able to remove SysAntivirus 2009 with these instructions.

SysAntivirus 2009 is reported to generate the following popups:

“Spyware Alert! Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of SysAntivirus 2009 and remove spyware threats from your PC.”

“SysAntivirus 2009 alert
INFILTRATION ALERT: Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar.
DETAILS: Attack from: 46.252.39.218, port 23272; Attacked port: 37481; Threat: Dealbar Toolbar
Do you want SysAntivirus 2009 to block this attack?”

“Insecure Internet Activity. Threat of virus attack!
Due to insecure Internet browswing your PC can easily You may be infected with viruses, worms and trojans without your k nowledge, which can lead to system slowdowns, freezes and crashes. Unprotected Internet browsing can result in your personal information being revealed without your knowledge or permission. To get full advanced real-time protection for PC and Internet activity, register SysAntivirus 2009.”

“Spyware alert! You are trying to download a file. This file may contain dangerous code and seriously damage your compuer. Downloading and running files from Internet may be dangerous. If you do not trust this download, do not open this program without activated antivirus software! It is strongly recommended to activate your seceity software to prvent malicious code execution and your private information damage.
Activate SysAntivirus 2009 Now [or] Stay unprotected.”

Popularity: 2% [?]

AdwareRemover

AdwareRemover is another fake anti-spyware programs that are trying to con you out of your money.

AdwareRemover doesn’t seem to remove adware at all, all it does is bombard you with security alerts for threats that aren’t even on your computer in order to trick you into buying the full version.

If the thought of paying for the annoyance of being infected by fake-antispyware appeals to you, by all means buy AdwareRemover. Or you can remove AdwareRemover with these instructions.

Popularity: 1% [?]

VIRUS WRITER SIGNS OFF IN CORDIAL TROJAN MESSAGE TO MS

So long, and thanks for all the phish

An unidentified Russian virus writer has reached out to Microsoft with a message buried within a recent variant of the Zlob Trojan. The greeting in the malicious code was friendly and cordial, in sharp contrast to messages posted on compromised websites by defacement crews, which frequently deride the security of Microsoft’s software.

Microsoft’s researchers are dedicated to making sure the Zlob Trojan causes the minimum of damage, in opposition to the hacker’s objective of infecting as many systems as possible with the money-making code. Despite this the message is amiable, even chatty, and respectful after the fashion of an exchange between an old-school blagger and a rozzer.

Keep reading “Virus writer signs off in cordial Trojan message to MS” »

Popularity: 1% [?]

Express Antivirus 2009

Express Antivirus 2009 is yet another fake antivirus that wants to con you out of your money.

Once it is on your computer, Express Antivirus 2009 will make your life miserable by bombarding you with fake security alerts to trick you into buying the “full” version.

Buying Express Antivirus 2009 wont give you an antivirus program but if you are lucky, the scammers may send you a worthless activation code.

Save yourself some money and remove Express Antivirus 2009 with these instructions.

Popularity: 2% [?]

How to Remove Trojan-Downloader.Win32.Agent

Ignore his bad sweater — this is a great video about how to remove Trojan-Downloader.Win32.Agent.

You can also print out instructions on how to remove Trojan-Downloader.Win32.Agent.Bq, a variant of this Zlob Trojan.

Another day, another damn Trojan.

Popularity: 5% [?]