Advanced Virus Remover PRO at

Users continue to get slammed by a Rogue Antivirus distributor. We’ve posted before about the prevalent Virut family redirecting compromised hosts to download FakeAv or scareware product. You can see a screenshot of the previous scareware scam “Secure Antivirus Pro” from “Guardog Computing” at the previous post. Compare to the current version “Advanced Virus Remover PRO”:

Along with modifying tcp drivers, another fairly prevalent and currently active malicious component is editing hosts files with the same effort, adding the following entries to the hosts file on victim systems: advanced-virus-remover2009. com www.advanced-virus-remover2009. com

Check out the image in the TE report, the lvllord component reports on its own maximum concurrent half open tcp connection editing functionality there with “VALUES HIGHER THAN 100 ARE NOT RECOMMEND! Worms will be able to spread very fast!” It is obvious what tool these distributors are bundling and reusing in an attempt to increase the networking throughput of the system.

When there is money to be made on scareware, the same behaviors will be displayed again and again in malware, including the stuff by sloppy authors.

This entry was posted in The Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>