Results 1 to 10 of 12

Thread: New malicious ware "Antispyware Shield"

Hybrid View

  1. #1
    frossetmareritt Guest

    Default New malicious ware "Antispyware Shield"

    So I was watching the new Heroes tonight and I got an exasperated call from my father, telling me how there was some program that had installed itself on his computer, unbeknownst to him, without any sort of way that he knew of to remove it...hence his call to me.

    There is a program called "Antispyware Shield" which, ironically is actually spyware itself, and seems to be a fraud and will tell you all sorts of security risks that really are not there to dupe the user into buying this fake program...or just sending money to Zimbabwe and never seeing it again. It will contentiously pop up with this warning in front of all others saying how "you need to protect yourself and get rid of these threats by buying our program" (along with other annoyances) and unless you know a little bit about programs and Task Manager, you'll continually pull your hair out trying to get rid of this nuisance.

    His ZAISS didn't pick this thing up (and subsequently since he knows so little about computers he has his ZAISS update and both scans run nightly at midnight), I had my father use TM to end the process that kept the Add/Remove Program from being able to uninstall it, then I had my father download and run a full scan with Microsoft Malicious Software Removal Tool and it "seemed" to do the trick until the program had him do a reboot and the malicious program was right back there. So now he's pretty much without a computer, I told him the best thing for him to do was unplug it to be sure nothing can happen until we can figure out an answer.

    I DID find out, from very few sources (which is odd and I'll get into that in a second), that it's related to "Dr.Antispy", which I've never heard of it since I usually stay far from places that would have such a thing, and all my emails are business related which makes avoiding the fake and dangerous ones easy. Now this program seems fairly new and the funny part is that only 1 program has the cure to this menace. I did a search for the exact name of this malicious program and I keep running across the same page in different formats for the fix by SpyHunter.

    Now it may just be me, but already having a cure to a seemingly brand new malicious program, which isn't impossible, however if you look at the fact that it's a relatively unheard of program, a "small fry" amongst the "big boy" power hitters, then some questions rise to the surface. I mean everyone else has the same thing and possibly more with their programs what does SpyHunter have to offer that no one else doesn't have if not better? So it seems to me, I don't know how right or wrong I am, that this company created this program (or is in cahoots with the malicious programs creator) so it would be the first one in town with the cure, while all the other anti-spyware companies are scrambling to find a cure while SpyHunter already has one; I know it does sound like a dubbed down villainous clich "market domination plan" of a B rated movie, but that's what this is looking like to me. I also know that with a name like "Antispyware Shield" it's easy to make sure you're a "wolf in sheep's clothing" but it does still seem odd to me that one program that is rather small has the cure while the more well known and better supported programs & companies have nothing.

    Now I know more than my family, which makes me the resident "techie" (hence the call that sparked this), but I'm about just average and can stumble my way across a computer or cell phone pretty efficiently. However my knowledge in malicious programs is very limited, so I would like some insight on this thing and how to possibly fix it, and maybe some first or third hand knowledge of someone getting and successfully getting rid of it for good.

    So any help would be appreciated! ^.^

    Operating System:
    Windows XP Pro
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Internet Security Suite

    Message Edited by FrossetMareritt on 10-09-2007 04:31 PM

  2. #2

    Default Re: New malicious ware "Antispyware Shield"


  3. #3
    frossetmareritt Guest

    Default Re: New malicious ware "Antispyware Shield"

    This is the program I was talking about, the only one with the cure.

  4. #4
    naivemelody Guest

    Default Re: New malicious ware "Antispyware Shield"

    DO NOT GO THERE -
    SEE - http://www.siteadvisor.com/sites/spy...mp;suite=false
    .<hr>Stay away from SpyHunter, too. We'll have more info. later. From - http://www.spywarewarrior.com/rogue_anti-spyware.htm &lt;&lt;&lt;<hr><a target="_blank"></a>Note on Enigma SpyHunter:
    Enigma's SpyHunter anti-spyware application was listed on this page primarily because of the company's history of employing aggressive, deceptive advertising (1, 2, 3, 4, 5). The company was also known for exploiting the name &quot;spybot&quot; in its domain names and online advertising. These objectionable business practices were employed primarily from late-2002 to mid-2004.

    Sometime during summer of 2004 the company halted the most obnoxious and objectionable aspects of its online advertising. It also unloaded all the &quot;spybot&quot; domains (which were promptly picked up by Paretologic for its XoftSpy anti-spyware application).

    While there are still unresolved allegations that SpyHunter transmits the Windows Product ID from users' PCs (1), we can no longer classify this application as &quot;rogue/suspect.&quot; Nonetheless, SpyHunter -- at least in its current state -- cannot be recommended because of its mediocre performance as an anti-spyware scanner. Testing indicates that it does not recognize some well-known spyware installations and has difficulty removing critical spyware/adware files even from those it does recognize (1). Given the many excellent competing anti-spyware applications that are available (some for free), users would do better looking elsewhere for trustworthy anti-spyware protection.



    Domains: enigmasoftwaregroup.com, spywareremove.com, uninstallxupiter.com <hr>



    Message Edited by NaiveMelody on 10-09-2007 12:31 AM

    Message Edited by NaiveMelody on 10-09-2007 12:31 AM

  5. #5
    frossetmareritt Guest

    Default Re: New malicious ware "Antispyware Shield"

    And that's EXACTLY why I was suspicious, thanks for the confirmation NaiveMelody.

    This is an excerpt from one of the posts regarding this web page:

    &quot;Over two and a half years ago, Spywarewarrior delisted Enigma's SpyHunter from their rogue list. It had been previously considered a rogue &quot;because of the company's history of employing aggressive, deceptive advertising.&quot;

    Seems I hit the nail on the head for &quot;being the only cure in town&quot; type of advertising.

    Now the next step is to find out if anyone has themselves or helped someone else (in person or over phone...not posting a link to the very page that would destroy my fathers comp there Jeruselem) successfully remove this stuff from their computers.

    Message Edited by FrossetMareritt on 10-09-2007 02:25 AM

    Message Edited by FrossetMareritt on 10-09-2007 07:52 AM

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: New malicious ware "Antispyware Shield"

    Many of these strange spyware programs (and they are here to stay for a long time) that appear on a user's machine come from "drive-by" installs. In other words they self installed as the user was using some site loaded with files of malicious code.
    A) it will only happen with the IE6 or IE7 and B) using the PC in a limited user account with completely stop the unknown installations. But so will using the IE in a limited mode. The best alternative is to use Firefox or the Opera browser for the riskier users. Neither of these two browsers will install anything from the web - they simple do not have that ability. Whereas the IE unless locked down to stop scripts will always allow hidden installations. That is the default setup of the IE to allow anything to be installed.
    But the ZAISS has the Privacy which can be setup to only allow particular sites to use scripts qand block all other sites from using scripts. Blocking those scripts will usually prevent the "drive-bys" installation or cross-site vulnerabilities or malicious javascripts files to become active.

    Certain spyware such as spyaxe or smitfraud or spysheriff and they large group of related spyware are missed by the ZAISS. Most scanners will miss these since they concentrate on more nefarious varieties of spyware such as rootkits, trojans, worms and malware.

    You could try the SuperAntISpyware freeware version. It may remove this since it does concentrate on the more unusual varieties of spyware. Also check the Add and Remove programs in the Control Panel and see if it can be uninstalled the usual way.

    See http://forum.zonelabs.org/zonelabs/b...ssage.id=17114 for some advice for safer surfing.

    I would try the HJT (HiJack This) forum at CastleCops and ask for some assistance. This link is the advice page before you post the HJT Logs. You will need to login, so get an account established (it's all free and that is another plus). They will have great help with all of the right answers.

    Cheers, Oldsod

    Message Edited by Oldsod on 10-09-2007 08:55 AM

    Message Edited by Oldsod on 10-09-2007 08:56 AM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •