W32.Myzor.FK@yf Threat Level:

W32.Myzor.FK@yf is a fake virus that appears in popups by browser hijackers (think PureSafetyHere.com). W32.Myzor.FK@yf popups are trying to scare you into buying rogue anti-spyware, such as AntiSpyware Shield, XP Antivirus 2008, and WinSpyKiller. This W32.Myzor.FK@yf popup reads:

Warning! W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer.
Type: Virus
Infection Length: 138,293 bytes
Systems Affected: Windows 95, 98, ME, NT (all versions), 2003, Windows XP (all service packs)
Systems Not Affected: DOS, EPOC, Linux, Macintosh, Novell Netware, OS/2, UNIX
Technical details: Creates files in %Windir%\ directory. By default, this is C:\Windows.
Adds values to registry keys: HKEY_LOCAL_MNACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Scans the hard drive for .exe files and infects any executable files. Searches for passwords/information, which it may send to a remote attacker.
Recomendations [SIC]: Click “OK” to download officially approved security software.
Always keep your patch levels up-to-date.

Always keep a healthy skepticism would be a better recommendation.

You’re not infected with W32.Myzor.FK@yf: you’re infected with fake anti-spyware.

Read more about W32.Myzor.FK@yf »

Pvnsmfor Toolbar Threat Level:

Pvnsmfor Toolbar is another toolbar by Trojan Zlob, created to scare you into buying fake anti-spyware To scam you, Pvnsmfor Toolbar pops up annoying ads, hijacks your home page, and hopes you’ll click Pvnsmfor Toolbar’s buttons for “Remove Popups, Scan Spyware, Security Test, and Spam Protection.”

Obviously, its name makes it clear — Pvnsmfor Toolbar isn’t very marketing savvy.

If you have Pvnsmfor Toolbar, your search results could be topped with this fake alert:

“Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware…”

Warning: the only thing you’re really infected with is Pvnsmfor Toolbar. Unless you like wasting money, don’t buy Pvnsmfor Toolbar or the products it’s pimping.

Read more about Pvnsmfor Toolbar »

SafeShortcuts.com Threat Level:

SafeShortcuts.com is another browser hijacker that changes your home page to SafeShortcuts.com. Brought to you by Trojan Zlob, which is more overexposed than Paris Hilton, you probably got infected with SafeShortcuts.com while using a peer-to-peer program. SafeShortcuts.com may pimp rogue anti-spyware, like Antispyware Shield and WinSpyKiller. Thankfully, SafeShortcuts.com’s IP address 85.255.118.210 is already blocked by some Internet service providers.

SafeShortcuts.com? More like GetInfectedWithSpywareShortcuts.com.

Read more about SafeShortcuts.com »

InstantSafePage.com Threat Level:

InstantSafePage.com is another browser hijacker that changes your home page to InstantSafePage.com. Like its twin PureSafetyHere.com, InstantSafePage.com sells rogue anti-spyware, such as AntiSpyware Shield and WinSpyKiller. InstantSafePage.com runs its a fake security scan and launches popups, telling you you’re infected with W32.Myzor.FK@yf. This InstantSafePage.com popup reads:

Warning! W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer.
Type: Virus
Infection Length: 138,293 bytes
Systems Affected: Windows 95, 98, ME, NT (all versions), 2003, Windows XP (all service packs)
Systems Not Affected: DOS, EPOC, Linux, Macintosh, Novell Netware, OS/2, UNIX
Technical details: Creates files in %Windir%\ directory. By default, this is C:\Windows.
Adds values to registry keys: HKEY_LOCAL_MNACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Scans the hard drive for .exe files and infects any executable files. Searches for passwords/information, which it may send to a remote attacker.
Recomendations [SIC]: Click “OK” to download officially approved security software.
Always keep your patch levels up-to-date.

Always keep a healthy skepticism would be a better recommendation.

You’re not infected with W32.Myzor.FK@yf: you’re infected with InstantSafePage.com. And the only thing InstantSafePage.com and its fake anti-spyware removes is money from your pockets.

Read more about InstantSafePage.com »

Mkrndofl Toolbar Threat Level:

Mkrndofl Toolbar is another Zlob.Trojan/Trojan Zlob toolbar, created to trick you into buying rogue anti-spyware. To sell fake anti-spyware, Mkrndofl Toolbar pops up annoying ads, hijacks your home page, and hopes you’ll click Mkrndofl Toolbar’s buttons for “Remove Popups, Scan Spyware, Security Test, and Spam Protection.” If you have Mkrndofl Toolbar, your search results could be topped with this fake alert:

“Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware…”

Warning: the only thing you’re really infected with is Mkrndofl Toolbar. Unless you like wasting money, don’t buy Mkrndofl Toolbar or the products it’s pimping.

Read more about Mkrndofl Toolbar »

SafeHomeSite.com Threat Level:

SafeHomeSite.com is browser hijacker that changes your home page to SafeHomeSite.com. Like its twin PureSafetyHere.com, SafeHomeSite.com sells rogue anti-spyware, such as WinSpyKiller and AntiSpyware Shield. SafeHomeSite.com runs its a fake security scan and launches popups, telling you you’re infected with W32.Myzor.FK@yf. This SafeHomeSite.com popup reads:

Warning! W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer.
Type: Virus
Infection Length: 138,293 bytes
Systems Affected: Windows 95, 98, ME, NT (all versions), 2003, Windows XP (all service packs)
Systems Not Affected: DOS, EPOC, Linux, Macintosh, Novell Netware, OS/2, UNIX
Technical details: Creates files in %Windir%\ directory. By default, this is C:\Windows.
Adds values to registry keys: HKEY_LOCAL_MNACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Scans the hard drive for .exe files and infects any executable files. Searches for passwords/information, which it may send to a remote attacker.
Recomendations [SIC]: Click “OK” to download officially approved security software.
Always keep your patch levels up-to-date.

Always keep a healthy skepticism would be a better recommendation.

You’re not infected with W32.Myzor.FK@yf: you’re infected with SafeHomeSite.com. And the only thing SafeHomeSite.com and its rogue anti-spyware removes is money from your pockets.

So remove SafeHomeSite.com.

Read more about SafeHomeSite.com »

OKCashBackMall Threat Level:

OKCashBackMall is adware that might hijack your browser and redirect it to Jokcashbackmall.com or another related site.

I’m sure OKCashBackMall is just trying to save me money and isn’t trying to steal my personal information or make money off redirecting my clicks.

Oh, yeah, I’m so sure. How considerate of OKCashBackMall to change my browser settings.

Read more about OKCashBackMall »

Wxdbpfvo Toolbar Threat Level:

Wxdbpfvo Toolbar is just another Zlob.Trojan/Trojan Zlob toolbar, created to sell rogue anti-spyware. To pimp fake anti-spyware, Wxdbpfvo Toolbar pops up annoying ads, hijacks your home page, and hopes you’ll click Wxdbpfvo Toolbar’s buttons for “Scan Spyware, Spam Protection, Remove Popups, and Security Test.” If you have Wxdbpfvo Toolbar, your search results could be topped with this fake alert:

“Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware…”

Warning: the only thing you’re really infected with is Wxdbpfvo Toolbar. Unless you like getting ripped off, don’t buy Wxdbpfvo Toolbar or the products it’s pimping.

Read more about Wxdbpfvo Toolbar »

Online-MalwareScanner.com Threat Level:

Online-MalwareScanner.com is home to Malware Bell v.2.3, one of the latest rogue anti-spyware applications. Online-MalwareScanner.com offers a free scan with Malware Bell. What a deal. Only if you download the trial, Malware Bell gives false positives, and pops up fake security alerts to trick you into buying Malware Bell.

Despite whatever Online-MalwareScanner.com says, if you don’t remember how you got to Online-MalwareScanner.com, the only spyware you’re infected with is Malware Bell. Remove Online-MalwareScanner.com — Malware Bell may make you want to throw your PC out the window.

Read more about Online-MalwareScanner.com »

ManageDNS404.com Threat Level:

ManageDNS404.com is a rogue website posing as a “404″ or not found page, just to pimp rogue anti-spyware, like AntiSpyware Shield. ManageDNS404.com links to AntiSpyware Shield’s fake security scan, and tells you you’re infected with spyware. ManageDNS404.com reads:

The page you are looking for is probably blocked by adware/spyware on your PC. Remove it with AntiSpyware Shield software. Click here.
The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
Please try the following:
* Install AntiSpyware Shield software to clean your PC…
* If you would like Windows to try and discover them, click Detect Network Settings…
* Download AntiSpyware Shield to remove spyware and adware threats.

You could also please trying the following: remove ManageDNS404.com.

If you’re getting this page, the only spyware you’re infected with is Antispyware Shield and ManageDNS404.com.

Read more about ManageDNS404.com »