Security System has detected spyware infection!

Not really, but its popup will tell you that it has detected all sorts of things.

A pretty well organized group of fraudsters have been sending out messages and setting up websites to fool users into downloading and running TubeViewer.ver.6.exe. The file, in turn, is not a video codec, it is a familiar installer that drops a.exe, b.exe, ~tmpc.exe and several other dlls installed as a Bho, sometimes named msxml71.dll. The .exe components are Fakealert components, and popup phony scare tactics from the system tray, like the title of this post. We’ve blogged previously about AV2009, AV360, and others.

What’s new is the addition of various ad popups, and not simply FakeAV scams, like the popup shown here:

Multiple windows continue to perform phony AV scans and present phony AV results.
One of the active sites includes stabilityskim.com, which serves up “Security System”.

The site will offer up install.exe, which installs executables with randomly numberic names to the “All users” %appdata% directory. Avoid running these files or visiting these sites.

This entry was posted in Online Fraud. Bookmark the permalink.

5 Responses to Security System has detected spyware infection!

  1. Ted says:

    How do you get rid of the popups? “Security System has detected spyware infection!”


  2. ThreatFire Blogger says:

    Thanks for the comment, Ted. The best place to post your request for cleanup support is on the pctools “Spyware, Adware and Malware Discussion” forum here:

  3. Benzo says:

    got this virus also…theres nothing on pc tools about how to get rid of it…if you find out how please post id appreciate it very much

  4. whizkidforte says:

    Go to http://www.malwarebytes.org! I had that same problem and when I first learned about using it, I installed it, scanned my computer, and removed those annoyances! Trust me, it works!

  5. Eli says:

    I think I may have recently had this one, but I ended up needing to reformat my system disk anyway, so no worries there. At least I know what to do if I see a security alarm now and see a bunch of popups showing up when I’m not even using a browser. Thanks for the tips.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>