DP's Security Bits

Windows Firewall Constructor is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Firewall Constructorin order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-firewall-constructor/

What is Windows Smart Partner?

The Malwarebytes research team has determined that Windows Smart Partner is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=106765

2012-02-29
Adware
+ Babylon.Toolbar
Malware
++ Complitly ++ Win32.2UrFace.bho ++ Win32.Extrafind ++ Win32.FraudPackage.dl + Win32.Renos
PUPS
++ Win32.ZipMo.r
Spyware
++ RelevantKnowledge
Trojans
++ Win32.AutoRun.crj + Win32.Banker.k ++ Win32.Banload.qsp ++ Win32.Graftor.13249 + Win32.Muollo + Win32.OnLineGames.down + Win32.OnLineGames.gen + Win32.VB.ik + Win32.ZBot
Total: 2515392 fingerprints in 785671 rules for 6552 products.

http://www.safer-networking.org/en/index.html

Windows Stability Guard is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Stability Guard in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/uninstall-windows-stability-guard

Smart Fortress 2012 is a rogue anti-spyware program from the Rogue.SecurityTool family. This program is categorized as a rogue anti-spyware program because it pretends to be a legitimate security program, but is actually a program that purposely display false scan results, fake security alerts, and hijacks your computer so that you are not able to run your normal applications. Smart Fortress 2012 is installed onto a computer through other viruses, hacked websites that exploit vulnerable programs on your computer, or through fake online anti-malware scanners that prompt you to install the program. When Smart Protection is installed it will create a malware file in a random named folder in c:\Documents and Settings\All Users\Application Data\, in XP, or C:\ProgramData, in Windows Vista and Windows 7. It will then be configured to start automatically when you login to your computer.

http://www.bleepingcomputer.com/virus-removal/remove-smart-fortress-2012

Windows Basic Antivirus is a rogue anti-spyware program from the Rogue.VirusDoctor family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Basic Antivirus in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-basic-antivirus

The ACCDFISA Protection Program is a ransomware computer infection that pretends to encrypt your files using AES encryption and then locks you out of the Windows desktop. When first encountered, this infection will state that it is from the Anti Cyber Crime Department of Federal Internet Security Agency and that a computer virus has been detected that is sending out SPAM email containing links to web sites hosting child pornography. The program then states that your data and computer will be inaccessible unless you use the Moneypak or Paysafecard services to send $100 via SMS to a particular phone number within 48 hours. It further warns that if you wait longer than 48 hours, the ACCDFISA program will delete your operating system and documents. As you can imagine this is all a scam that is being performed to scare you into paying $100 dollars for the proper operation of your computer and the restoration of your data. For no reason should you pay this ransom and should instead use the steps below to regain access to your data and computer.

http://www.bleepingcomputer.com/virus-removal/remove-decrypt-accdfisa-protection-program

What is Home Malware Cleaner?

The Malwarebytes research team has determined that Home Malware Cleaner is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=106642

Windows PRO Scanner is a rogue anti-spyware program from the Rogue.VirusDoctor family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows PRO Scanner in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-pro-scanner

What is Windows Functionality Checker?

The Malwarebytes research team has determined that Windows Functionality Checker is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=106608

Windows Shield Tool is a rogue anti-spyware program from the Rogue.VirusDoctor family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Shield Tool in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-shield-tool

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-014 - Important
* MS12-001 - Important
* MS11-089 - Important
* MS11-088 - Important
* MS11-DEC

Bulletin Information:

* MS12-014 - Important

- http://technet.microsoft.com/security/bulletin/MS12-014
- Reason for Revision: V1.1 (February 22, 2012): Added a link to
Microsoft Knowledge Base Article 2661637 under Known Issues
in the Executive Summary.
- Originally posted: February 14, 2012
- Updated: February 22, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

* MS12-001 - Important

- http://technet.microsoft.com/security/bulletin/MS12-001
- Reason for Revision: V1.1 (February 22, 2012): Added a link to
Microsoft Knowledge Base Article 2644615 under Known Issues in
the Executive Summary.
- Originally posted: January 10, 2012
- Updated: February 22, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

* MS11-089 - Important

- http://technet.microsoft.com/security/bulletin/MS11-089
- Reason for Revision: V1.2 (February 22, 2012): Revised the
bulletin to identify the update package KB numbers for the
following non-affected software that this update applies to:
Microsoft Visio (KB2553374), Microsoft Visio Viewer (KB2553353),
Microsoft Office Web Application Companions (WAC) (KB2553153),
and Microsoft SharePoint Server 2010 (KB2553132).
See the update FAQ for details.
- Originally posted: December 13, 2011
- Updated: February 22, 2012
- Bulletin Severity Rating: Important
- Version: 1.2

* MS11-088 - Important

- http://technet.microsoft.com/security/bulletin/MS11-088
- Reason for Revision: V1.2 (February 22, 2012): Clarified
product support status for Microsoft Office Pinyin SimpleFast
Style 2010 and Microsoft Office Pinyin New Experience Style 2010.
These versions of Microsoft Office Pinyin are no longer supported.
Microsoft recommends that all customers of these versions upgrade
to the latest version of Microsoft Pinyin IME 2010 available
through Microsoft Office 2010. See update FAQ for details.
- Originally posted: December 13, 2011
- Updated: February 22, 2012
- Bulletin Severity Rating: Important
- Version: 1.2

* MS11-DEC

- http://technet.microsoft.com/security/bulletin/MS11-DEC
- Reason for Revision: V2.1 (February 22, 2012): For MS11-088,
clarified product support status for Microsoft Office Pinyin
SimpleFast Style 2010 and Microsoft Office Pinyin New Experience
Style 2010. These versions of Microsoft Office Pinyin
are no longer supported. See bulletin for details.
- Originally posted: December 13, 2011
- Updated: February 22, 2012
- Version: 2.1

Windows Telemetry Center is a rogue anti-spyware program from the Rogue.VirusDoctor family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Telemetry Center in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-telemetry-center

2012-02-22
PUPS
++ PIPI.Player.cn
Malware
++ Win32.DelResP.cn ++ Win32.FakeAV + Win32.FraudLoad.edt + Win32.Renos
Trojans
+ Atraps.br + Win32.Agent.yjl + Win32.Banker + Win32.Bifrost ++ Win32.DownIn10.cn + Win32.Duqu + Win32.Eyeon.ie + Win32.Muollo + Win32.OnLineGames.down + Win32.OnLineGames.gen ++ Win32.Rapport.eze + Win32.ZBot + Win32.ZBot.rtk
Total: 2511408 fingerprints in 784683 rules for 6546 products.

http://www.safer-networking.org/en/index.html

Antivirus Protection 2012 is a rogue anti-spyware program from the Rogue.Zaxar family. This rogue displays fake scan results and alerts in order to scare you into thinking your computer is infected. This program is installed through Trojans that download and install the program on to your computer without your permission. When installed, the rogue will also create numerous harmless files in your Windows Temp folder that will then be detected as malware when Antivirus Protection 2012 attempts to scan your computer. If you attempt to use the program to remove any of the files it detects as infections, it will state that you need to purchase the program before you can do so. As all of the files it detects as infections are harmless or legitimate Windows files, please disregard the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-protection-2012

Home Malware Cleaner is a rogue anti-spyware program from the Rogue.VirusDoctor family. This infection is promoted through web sites that show advertisements that pretend to be online anti-malware scanners. These scanners will then pretend to scan your computer, and when finished, will state that your computer is infected and that you need to download and install Home Malware Cleaner to protect yourself. The truth is that these online scanners are all fake and are only an advertisement. They have no way of knowing what is running on your computer.

Once Home Malware Cleaner is installed on your computer it will be configured to start automatically. It will also create numerous files that will be detected by the program as malware.

http://www.bleepingcomputer.com/virus-removal/remove-home-malware-cleaner

34 Internet Explorer
0 Restricted Sites
0 Firefox

15020 items in database

What this infection does:

Windows Smart Warden is a rogue anti-spyware program from the Rogue.VirusDoctor family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Smart Warden in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-smart-warden

What is Security Scanner?

The Malwarebytes research team has determined that Security Scanner is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=106299

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-049 - Important
* MS12-016 - Critical

Bulletin Information:

* MS11-049 - Important

- http://technet.microsoft.com/security/bulletin/MS11-049
- Reason for Revision: V2.4 (February 15, 2012): Corrected the SQL
Server Version Range for SQL Server 2008 R2 in the update FAQ.
- Originally posted: June 14, 2011
- Updated: February 15, 2012
- Bulletin Severity Rating: Important
- Version: 2.4

* MS12-016 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-016
- Reason for Revision: V1.2 (February 15, 2012): Removed erroneous
reference to known issues from the Executive Summary.
- Originally posted: February 14, 2012
- Updated: February 15, 2012
- Bulletin Severity Rating: Critical
- Version: 1.2