DP's Security Bits

Windows Safety Checkpoint is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Safety Checkpoint in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-safety-checkpoint

What is MyDefender?

The Malwarebytes research team has determined that MyDefender is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=109256

0 Internet Explorer
10 Restricted Sites
0 Firefox

15153 items in database

http://www.javacoolsoftware.com/downloads.html

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-027 - Critical
* MS12-APR

Bulletin Information:

* MS12-027 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-027
- Reason for Revision: V2.0 (April 26, 2012): Added Service Pack 1
versions of SQL Server 2008 R2 to the Affected Software and
added an entry to the update FAQ to explain which SQL Server
2000 update to use based on version ranges. These are
informational changes only. There were no changes to the security
update files or detection logic. For a complete list of changes,
see the entry to the section, Frequently Asked Questions (FAQ)
Related to This Security Update.
- Originally posted: April 10, 2012
- Updated: April 26, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-APR

- http://technet.microsoft.com/security/bulletin/ms12-APR
- Reason for Revision: V2.0 (April 26, 2012): For MS12-027, added
Service Pack 1 versions of SQL Server 2008 R2 to the Affected
Software and clarified the Affected Software to show that the
update applies to all installations of Microsoft SQL Server 2000
Analysis Services Service Pack 4, as the QFE and GDR distinction
does not apply to this product. These are informational changes
only. There were no changes to the security update files or
detection logic. Because the updates have been offered correctly
since initial release, customers who have already successfully
installed the updates do not need to take any action.
- Originally posted: April 10, 2012
- Updated: April 26, 2012
- Version: 2.0

Summary

The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-028 - Important

Bulletin Information:

* MS12-028 - Important

- http://technet.microsoft.com/security/bulletin/MS12-028
- Reason for Revision: V1.1 (April 25, 2012): Added an entry
to the update FAQ to explain why this update is offered
to customers running Microsoft Office 2007 Service Pack 3.
- Originally posted: April 10, 2012
- Updated: April 25, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

Windows Premium Guard is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Premium Guard in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-premium-guard

With the release of Firefox 12 for Windows, Mozilla has introduced a new feature called silent updates. This feature will allow Firefox to install updates without first displaying a User Account Control (UAC) dialog. This feature is made possible through a Windows service named Mozilla Maintenance Service that is located at %ProgramFiles%\Mozilla Maintenance Service\maintenanceservice.exe. This service is not running all the time, but is started via command line arguments when a new Firefox update is available. Though, the Mozilla Maintenance Service is currently only installing updates, Mozilla has stated that it may include other command line arguments for this service that could clear the Windows prefetch, defrag a user's profile, and perform other actions that are not yet discussed.

Full Story and Instruction

2012-04-25
Hijacker
++ IncrediBar
Malware
+ Fraud.SecurityTool ++ InternetSpeedBooster ++ SmartFortress2012 + Win32.Autorun.ie + Win32.FakeAV + Win32.mIRC.603 + Win32.Renos
Trojans
+ Bancos.prx ++ Banload.bwqg ++ Fraud.Adobe.Vil ++ Fraud.GBIEhSecurity ++ Win32.Agent.q ++ Win32.Banker.srql + Win32.Delf.Agr + Win32.Kazy.def + Win32.Muollo + Win32.OnLineGames.down ++ Win32.Tepfer.hzn
Total: 2529626 fingerprints in 789492 rules for 6635 products.

http://www.safer-networking.org/en/index.html

What is Windows Efficiency Accelerator?

The Malwarebytes research team has determined that Windows Efficiency Accelerator is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=109119

Windows Performance Advisor is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Performance Advisor in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program

http://www.bleepingcomputer.com/virus-removal/remove-windows-performance-advisor

Windows Pro Rescuer is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Pro Rescuer in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-pro-rescuer

Windows Safety Toolkit is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Safety Toolkit in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-safety-toolkit

What is RealSpeed?

The Malwarebytes research team has determined that RealSpeed is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=108957

What is Windows Antivirus Care?

The Malwarebytes research team has determined that Windows Antivirus Care is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=108936

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


* MS12-017 - Important
* MS12-026 - Important


Bulletin Information:

* MS12-017 - Important

- http://technet.microsoft.com/security/bulletin/MS12-017
- Reason for Revision: V1.1 (April 18, 2012): Added a link
to Microsoft Knowledge Base Article 2647170 under
Known Issues in the Executive Summary and corrected the
bulletin replacement information for
Windows Server 2003 Service Pack 2,
Windows Server 2003 x64 Edition Service Pack 2,
and Windows Server 2003 with SP2 for Itanium-based Systems.
This is a bulletin change only. There were no changes to
the detection or security update files.
- Originally posted: March 13, 2012
- Updated: April 18, 2012
- Bulletin Severity Rating: Important
- Version: 1.1


* MS12-026 - Important

- http://technet.microsoft.com/security/bulletin/MS12-026
- Reason for Revision: V1.1 (April 18, 2012): Corrected the
bulletin replacement information for
Microsoft Forefront Unified Access Gateway 2010 Service Pack 1.
This is a bulletin change only. There were no changes to the
detection or security update files.
- Originally posted: April 10, 2012
- Updated: April 18, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

2012-04-18
Hijackers
++ Fraud.Safe360
Malware
++ Fraud.BasicScan
PUPS
++ AdvPCTweaker.cn
Trojans
+ Banload.bho ++ Fraud.CloudWeb.kr ++ Fraud.Winlogon.IRC ++ Win32.Agent.rx ++ Win32.Birele.rtk ++ Win32.Graftor.cn + Win32.Muollo + Win32.OnLineGames.down + Win32.OnLineGames.gen
Total: 2528046 fingerprints in 789202 rules for 6619 products

http://www.safer-networking.org/en/index.html

Windows Safety Manager is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Safety Manager in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-safety-manager

What is Windows Guard Solutions?

The Malwarebytes research team has determined that Windows Guard Solutions is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=108800

28 Internet Explorer
0 Restricted Sites
0 Firefox

15143 items in database

http://www.javacoolsoftware.com/downloads.html

Windows Antivirus Patch is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Antivirus Patch in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-antivirus-patch