DP's Security Bits

Windows Custom Management is a rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This family of infections is spread through hacked web sites, fake online anti-malware scanners, and Trojans that pretend to be software that is necessary to view an online video. When Windows Custom Management is installed it will be set to start automatically when you log into Windows. The installer will also create numerous Windows Registry entries that make it so you unable to launch many of your normal Windows and security applications. Instead when you launch one of these programs, the Registry entry will launch Windows Custom Management, which will state that the program is infected.

When the rogue is started it will automatically perform a scan of your computer and state that there are numerous infections present. If you attempt to remove any of these so-called infections the program will state that you first need to purchase it before being allowed to do so. As all of the files in the scan results are either harmless or do not even exist, please do not purchase Windows Custom Management.

http://www.bleepingcomputer.com/virus-removal/remove-windows-privacy-extension

17 Internet Explorer
0 Restricted Sites
0 Firefox

15350 items in database

What is BoanCode?

The Malwarebytes research team has determined that BoanCode is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=111737

What is AnyBoan?

The Malwarebytes research team has determined that AnyBoan is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=111722

2012-06-27
Malware
++ DeskTicker ++ Fraud.PrivacIE
Trojans
+ Win32.Banker + Win32.Delf.Agr + Win32.Matsnu + Win32.Muollo + Win32.OnLineGames.down + Win32.OnLineGames.gen ++ Win32.ShareDrop + Win32.ZBot
Total: 2546933 fingerprints in 793503 rules for 6683 products.

http://www.safer-networking.org/en/index.html

Windows Custom Management is a computer infection from the Rogue.FakeVimes family of rogue anti-spyware programs. Programs from this family are spread via three methods. The first method is hacked web sites that host malicious scripts that attempt to exploit vulnerabilities on your computer to install Windows Custom Management without your permission or knowledge. The second method is through Trojans that pretend to be a codec or software that is required to view an online video. The last method is through advertisements that pretend to be online anti-malware scanners that state your computer is infected and then prompt you to download and install the rogue to remove the detected threats.

While being installed, Windows Custom Management will set itself to start automatically and will create numerous Windows Registry entries that make it so you are unable to launch your normal programs. When you attempt to launch one of your normal security programs, these Registry entries will instead launch the rogue and state that your programs are infected.

Once started, the program will perform a fake scan of your computer and state that there are numerous infections present. If you attempt to remove any of these infections, though, the program will state that you first need to purchase it before it will allow you to do so. As these threats are either non-existent or harmless files, please ignore any of the scan results and instead remove this rogue via the guide below.

http://www.bleepingcomputer.com/virus-removal/remove-windows-custom-management

Windows Premium Console is a computer infection from the Rogue.FakeVimes family of rogue anti-spyware programs. Programs from this family are spread via three methods. The first method is hacked web sites that host malicious scripts that attempt to exploit vulnerabilities on your computer to install Windows Premium Console without your permission or knowledge. The second method is through Trojans that pretend to be a codec or software that is required to view an online video. The last method is through advertisements that pretend to be online anti-malware scanners that state your computer is infected and then prompt you to download and install the rogue to remove the detected threats.

While being installed, Windows Premium Console will set itself to start automatically and will create numerous Windows Registry entries that make it so you are unable to launch your normal programs. When you attempt to launch one of your normal security programs, these Registry entries will instead launch the rogue and state that your programs are infected.

Once started, the program will perform a fake scan of your computer and state that there are numerous infections present. If you attempt to remove any of these infections, though, the program will state that you first need to purchase it before it will allow you to do so. As these threats are either non-existent or harmless files, please ignore any of the scan results and instead remove this rogue via the guide below.

http://www.bleepingcomputer.com/virus-removal/remove-windows-premium-console

Windows Pro Defence is a rogue anti-spyware program from the Rogue.FakeVimes family. This program is classified as a rogue as it displays false information in order to trick you into purchasing the program. This particular variant is spread via two methods. The first method is the use of hacked web sites that exploit visitor's vulnerable programs in order to install the rogue without their permission. The second method uses web sites that display fake online anti-malware scanners that pretend to scan your computer, state that it is infected, and then prompt you to download and install Windows Pro Defence in order to clean it.

Once the rogue is installed on your computer it will be configured to start automatically when Windows starts. Once started it will perform a fake scan and then state that there are numerous infections present. If you attempt to use the program to remove these infections, though, it will state that you first need to purchase it before it can do so. This is a scam as the scan results are all fake, and in many cases, the infected files do not even exist on your computer. Therefore, please ignore the scan results and do not purchase the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-pro-defence

Windows Control Series is rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This program is categorized as a rogue because it displays fake scan results, false security warnings, and hijacks your computer so you are not allowed to use many of your normal applications. This family of infections is spread through fake online anti-malware scanners that state your computer is infected and then prompts you to download and install the program. It also spreads through hacked web sites that contain scripts that exploit vulnerabilities on your computer to install the infection without your knowledge or permission.

http://www.bleepingcomputer.com/virus-removal/remove-windows-control-series

Windows Advanced Toolkit is rogue anti-spyware program from the Rogue.FakeVimes family that displays false scan results, fake security alerts, and does not allow you to use the normal programs installed on your computer. This family of infections is promoted via three methods. The first method is web site advertisements that pretend to be an online anti-malware scanner that prompts you to download and install the program. The second method is Trojans that pretend to be software that is required to view an online video. The last method is through hacked web sites that contain malicious scripts that exploit vulnerabilities on your computer.

http://www.bleepingcomputer.com/virus-removal/remove-windows-advanced-toolkit

What is SolutionPC?

The Malwarebytes research team has determined that SolutionPC is a fake anti-malware application. These so-called "rogues" use intentional false positives to convince users that their systems have been compromised. Then they try to sell you their software, claiming it will remove these threats. In extreme cases the false threats are actually the very trojans that advertise or even directly install the rogue.

http://forums.malwarebytes.org/index.php?showtopic=111528

Windows Proactive Safety is rogue anti-spyware program from the Rogue.FakeVimes family of computer infections. This family is categorized as a rogue because it purposely displays fake security warnings, false scan results, and hijacks your computer so that you are unable to run your normal applications. This infection is spread via three methods. The first method is fake online anti-virus scanners that pretend to scan your computer, state that your computer has numerous infections, and then prompt you to install the software. The second method is via hacked web sites that have malicious code that attempts to exploit vulnerabilities on your software to install Windows Proactive Safety without your permission or knowledge. The last method is through Trojans that pretend to be a video codec or a program that is required to watch an online video.

http://www.bleepingcomputer.com/virus-removal/remove-windows-proactive-safety

0 Internet Explorer
49 Restricted Sites
0 Firefox

15333 items in database

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


* MS12-029 - Critical


Bulletin Information:

* MS12-029 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-029
- Reason for Revision: V1.2 (June 20, 2012): Added entries to
the update FAQ to clarify that the updates for Microsoft
Word 2003 Service Pack 3 (KB2598332) and Microsoft Word 2007
Service Pack 2 (KB2596917) include architecture updates for
Office File Validation.
- Originally posted: May 8, 2012
- Updated: June 20, 2012
- Bulletin Severity Rating: Critical
- Version: 1.2

2012-06-20
Malware
++ Fake.IE.zusy ++ Sisron.cn ++ Win32.Autorun.kdv + Win32.FraudLoad.edt
Trojans
+ Bancos + Bancos.BHO + Bancos.prx + Banker ++ Fake.FedEx.zusy + Win32.Matsnu + Win32.Muollo + Win32.OnLineGames.down + Win32.OnLineGames.gen
Total: 2545934 fingerprints in 793309 rules for 6681 products

http://www.safer-networking.org/en/index.html

Windows Maintenance Guard is categorized as a rogue anti-spyware programs because it deliberately displays fake scan results, shows fake security warnings, and prevents you from running your normal computer programs. This family of rogues is typically promoted through hacked web sites that attempt to infect you by exploiting vulnerabilities on your computer. This rogue is also spread through advertisements that pretend to be an online anti-malware scanner that scan your computer and states you are infected while prompting you to download and install the software.

http://www.bleepingcomputer.com/virus-removal/remove-windows-maintenance-guard

0 Internet Explorer
35 Restricted Sites
0 Firefox

15284 items in database

Windows Secure Web Patch is a rogue anti-spyware programs that displays fake scan results, fake security warnings, and hijacks your computer so that it is unable to run your normal applications. This infection is part of the Rogue.FakeVimes family of rogue programs that is typically spread via two methods. The first method is through hacked web sites that contain malicious code, which will exploit any detected vulnerabilities found on your computer to install the program without your permission or knowledge. This program is also spread through fake advertisements that pretend to be online anti-malware scanners. When these advertisements run they will state that your computer is infected and then prompt you to download and install the Windows Secure Web Patch program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-secure-web-patch

Windows Active Defender is a computer infection from the Rogue.FakeVimes family rogue anti-spyware programs. It is considered a rogue because it displays fake security alerts, false scan results, and makes it so that you are unable to run your normal programs. This family of infections are spread through hacked web sites that exploit vulnerabilities on your computer so that the program can be installed without your knowledge or permission. This family is also spread via advertisements that pretend to be an online anti-malware scanner that states that you are infected and then prompts you to download and install the program.

http://www.bleepingcomputer.com/virus-removal/remove-windows-active-defender

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


* MS12-036 - Critical


Bulletin Information:

* MS12-036 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-036
- Reason for Revision: V1.1 (June 13, 2012): Added a workaround
in the Vulnerability Information section that explains how to
enable Network Level Authentication on Windows Vista, Windows
7, Windows Server 2008, and Windows Server 2008 R2.
- Originally posted: June 12, 2012
- Updated: June 13, 2012
- Bulletin Severity Rating: Critical
- Version: 1.1