WinSecurity Toolbar 2.1 Threat Level:

WinSecurity Toolbar 2.1 is a Zlob.Trojan/Trojan Zlob toolbar that watches your web activity, sends this information back to its parent, and serves you popups and link ads. WinSecurity Toolbar 2.1 may also hijack your web pages, block your URL requests, and download more pests onto your computer. Signs of WinSecurity Toolbar 2.1 include wanting to throw your computer out of the window, a little yellow triangle with an exclamation mark (!) in the bottom right corner of your screen, and tons of bad porn downloaded onto your desktop.

Wait. There’s more.

During WinSecurity Toolbar 2.1’s limited-time offering, you’ll also have a difficult time manually removing WinSecurity Toolbar 2.1, as the adware toolbar will often regenerate.

Read more about WinSecurity Toolbar 2.1 »

SafeShortcuts.com Threat Level:

SafeShortcuts.com is another browser hijacker that changes your home page to SafeShortcuts.com. Brought to you by Trojan Zlob, which is more overexposed than Paris Hilton, you probably got infected with SafeShortcuts.com while using a peer-to-peer program. SafeShortcuts.com may pimp rogue anti-spyware, like Antispyware Shield and WinSpyKiller. Thankfully, SafeShortcuts.com’s IP address 85.255.118.210 is already blocked by some Internet service providers.

SafeShortcuts.com? More like GetInfectedWithSpywareShortcuts.com.

Read more about SafeShortcuts.com »

Zlob.PornAdvertiser.ba Threat Level:

Zlob.PornAdvertiser.ba is a trojan that appears in fake security alerts from rogue antispyware. Zlob.PornAdvertiser.ba popups could read:

“Windows Security System: Zlob.PornAdvertiser.baAdware Zlob.PornAdvertiser.ba detected. This program advertises sites with explicit content. Please be attentive because advertised content could be illegal”

And popups like this should be illegal. This Zlob.PornAdvertiser.ba popup is supposed to scare you into buying the fake antispyware, like Smitfraud. You may have caught “Zlob.PornAdvertiser.ba” by a drive-by download, or getting tricked into downloading a fake video codec.

Don’t download the software the Zlob.PornAdvertiser.ba popup links to. You’re not really infected with Zlob.PornAdvertiser.ba — you’re infected with fake anti-spyware that wants to take your money.

Read more about Zlob.PornAdvertiser.ba »

InstantSafePage.com Threat Level:

InstantSafePage.com is another browser hijacker that changes your home page to InstantSafePage.com. Like its twin PureSafetyHere.com, InstantSafePage.com sells rogue anti-spyware, such as AntiSpyware Shield and WinSpyKiller. InstantSafePage.com runs its a fake security scan and launches popups, telling you you’re infected with W32.Myzor.FK@yf. This InstantSafePage.com popup reads:

Warning! W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer.
Type: Virus
Infection Length: 138,293 bytes
Systems Affected: Windows 95, 98, ME, NT (all versions), 2003, Windows XP (all service packs)
Systems Not Affected: DOS, EPOC, Linux, Macintosh, Novell Netware, OS/2, UNIX
Technical details: Creates files in %Windir%\ directory. By default, this is C:\Windows.
Adds values to registry keys: HKEY_LOCAL_MNACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Scans the hard drive for .exe files and infects any executable files. Searches for passwords/information, which it may send to a remote attacker.
Recomendations [SIC]: Click “OK” to download officially approved security software.
Always keep your patch levels up-to-date.

Always keep a healthy skepticism would be a better recommendation.

You’re not infected with W32.Myzor.FK@yf: you’re infected with InstantSafePage.com. And the only thing InstantSafePage.com and its fake anti-spyware removes is money from your pockets.

Read more about InstantSafePage.com »

Trojan.Win32.BlackBird Threat Level:

Trojan.Win32.BlackBird is a trojan that appears in fake security alerts from rogue antispyware. Trojan.Win32.BlackBird popups could read:

“Your computer was infected with Trojan.Win32.BlackBird.
It’s dangerous for your system, some files can be lost and your browser can be slow!
Click OK to download the antispyware program to clean your computer! (Recommended)”

or

“Your browser was hijacked by Trojan.Win32.BlackBird.”

This Trojan.Win32.BlackBird popup is supposed to scare you into buying the fake antispyware, like Smitfraud. You may have caught “Trojan.Win32.BlackBird” by a drive-by download, or getting tricked into downloading a fake video codec.

Unless you like getting ripped off, don’t download the software the Trojan.Win32.BlackBird popup links to. You’re not really infected with Trojan.Win32.BlackBird — you’re infected with fake anti-spyware that you need to remove.

Read more about Trojan.Win32.BlackBird »

Antivirus2008 Threat Level:

Antivirus2008 is just more rogue anti-spyware, in the lines of PCcleaner. Antivirus2008 may have been installed by a Trojan. Antivirus2008 might launch fake system alert popups. This Antivirus2008 popup is supposed to scare you into buying the fake antispyware.

Unless you like getting ripped off, don’t download the software the Antivirus2008 popup recommends.

Read more about Antivirus2008 »

Mkrndofl Toolbar Threat Level:

Mkrndofl Toolbar is another Zlob.Trojan/Trojan Zlob toolbar, created to trick you into buying rogue anti-spyware. To sell fake anti-spyware, Mkrndofl Toolbar pops up annoying ads, hijacks your home page, and hopes you’ll click Mkrndofl Toolbar’s buttons for “Remove Popups, Scan Spyware, Security Test, and Spam Protection.” If you have Mkrndofl Toolbar, your search results could be topped with this fake alert:

“Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware…”

Warning: the only thing you’re really infected with is Mkrndofl Toolbar. Unless you like wasting money, don’t buy Mkrndofl Toolbar or the products it’s pimping.

Read more about Mkrndofl Toolbar »

Registry Great v5.0 Threat Level:

Registry Great v5.0 is just another rogue registry repair application. You might have caught Registry Great v5.0 from a Trojan. How do you know if you have Registry Great v5.0? More like how don’t you know: a bajillion of Registry Great v5.0 popups try to trick you into clicking them.

“Registry Great has found a total of 351 critical problems on your PC. Based on your last scan performed, it is highly recommended that you register the full version of Registry Great to completely and immediately clean your computer and repair all these problems. Would you like to register for Registry Great now to remove all these problems?”

Click “CANCEL,” “CANCEL,” “CANCEL,” till your mouse breaks. Otherwise you’ll end up buying the “licensed” version of Registry Great v5.0. What a deal.

RegistryGreat? More like RegistryWorseThanEver.

Read more about Registry Great v5.0 »

System Integrity Scan Wizard Threat Level:

System Integrity Scan Wizard is fake security scan and popup used by rogue anti-spyware, like PC Antispyware 1.4.0148 and PCcleaner. System Integrity Scan Wizard may have been installed by a Trojan. System Integrity Scan Wizard popup is supposed to scare you into buying the fake antispyware. System Integrity Scan Wizard popups may read:

“System Integrity Scan Wizard
Warning: Your computer may have critical errors in Windows registry and file system!”

Unless you like getting ripped off, don’t download the software the System Integrity Scan Wizard popup recommends.

The only “critical error” you have is fake anti-spyware trying to scam you.

Read more about System Integrity Scan Wizard »

SafeHomeSite.com Threat Level:

SafeHomeSite.com is browser hijacker that changes your home page to SafeHomeSite.com. Like its twin PureSafetyHere.com, SafeHomeSite.com sells rogue anti-spyware, such as WinSpyKiller and AntiSpyware Shield. SafeHomeSite.com runs its a fake security scan and launches popups, telling you you’re infected with W32.Myzor.FK@yf. This SafeHomeSite.com popup reads:

Warning! W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer.
Type: Virus
Infection Length: 138,293 bytes
Systems Affected: Windows 95, 98, ME, NT (all versions), 2003, Windows XP (all service packs)
Systems Not Affected: DOS, EPOC, Linux, Macintosh, Novell Netware, OS/2, UNIX
Technical details: Creates files in %Windir%\ directory. By default, this is C:\Windows.
Adds values to registry keys: HKEY_LOCAL_MNACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Scans the hard drive for .exe files and infects any executable files. Searches for passwords/information, which it may send to a remote attacker.
Recomendations [SIC]: Click “OK” to download officially approved security software.
Always keep your patch levels up-to-date.

Always keep a healthy skepticism would be a better recommendation.

You’re not infected with W32.Myzor.FK@yf: you’re infected with SafeHomeSite.com. And the only thing SafeHomeSite.com and its rogue anti-spyware removes is money from your pockets.

So remove SafeHomeSite.com.

Read more about SafeHomeSite.com »