Trojan Virantix Threat Level:

Trojan Virantix is a Trojan that disables your anti-virus software and infect your computer with more malware and spyware, usually by downloading a file from FreeRealityMpegs.com. Trojan Virantix will create a mutex — {393921-e939391-3919139-3d3a738-11} — to make sure it’s always running on your computer. Trojan Virantix may try to scare you into downloading rogue antispyware WinAntivirus with fake security alerts. This Trojan Virantix popup reads:

“Windows Security Alert
Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unathorised access to your files! Click here to download spyware remover …
Your computer is infected!”

or

“Your computer is infected!
Windows has detected spyware infection
It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!”

Trojan Virantix then tries to connect to www.softcashier.com/members/link_____ to download fake antispyware.

Unless identity theft and popups sound like a fun weekend to you, remove Trojan Virantix.

Read more about Trojan Virantix »

PC Police Gold Threat Level:

PC Police Gold is a commercial keylogger that captures copies of your emails, chats, instant messages, and keystrokes typed. PC Police Gold may have been installed for legitimate purposes — i.e., monitoring children’s Internet safety — but PC Police Gold may be catching your username and passwords for accounts, tracking your online conversations, watching which websites you visit, what files you download from peer-to-peer applications, seeing what applications you launch, and more. PC Police Gold may be a severe violation of your security and privacy, putting your financial and personal data at risk.

I suggest removing PC Police Gold immediately, and dumping whoever installed PC Police Gold onto your PC.

Read more about PC Police Gold »

aJust got this nice email today:

  From:  notice@irs.gov
  Subject:  Refund ID:  WBEKTQQLMY
  Date:  February 11, 2008 7:43:10 AM EST
  To:  undisclosed-recipients: ;
  Reply-To:  notice@irs.gov

After the last annual fiscal activity we have determined that you are eligible to receive a tax refund. Please submit the tax refund request and allow us 6-9 days in order to process it.

To access the form for our tax refund calulator [SIC], please copy/paste in your browser the link bellow:

http://www.hashita.co.il/index.htm

Even if this wasn’t an obvious phishing email — see the “undisclosed recipients,” catch that typo, note the link to a non-IRS page? — you should never click on one of these emails and give out your personal information.

If you really think you’ve received a real IRS email about a tax refund — hope is a four-letter word — type in the IRS’s official URL, find their phone number, and call them to check.

Read more about Fake Tax Refund »

ProduKey Threat Level:
ProduKey is freeware that shows your product key and product ID for various software. ProduKey can be installed and used for legitimate reasons, but because ProduKey can collect the information on computers in your local network, ProduKey might also be misused to view information on remote computers.

You know, like you use your car to get to work, but also to do donuts in your neighbor’s lawn. Good vs. bad.

Read more about ProduKey »

Covenant Eyes Threat Level:

Covenant Eyes is commercial spyware that tracks your web browsing activity. If Covenant Eyes is installed on your computer, you’ll see an icon in your system tray, along with a splash screen when you boot up Windows that informs you you’re being watched by Covenant Eyes. Covenant Eyes then emails your “accountability partner” your web browsing history. Covenant Eyes can be legitimately installed on a shared computer to watch a spouse or employee’s activities, but this one’s got a special religious twist: it’s really about keeping you away from porn.

I know. Covenant Eyes is rather unholy.

Though, in theory, you asked someone to install Covenant Eyes, I’d remove Covenant Eyes. Uninstall Covenant Eyes here.

Read more about Covenant Eyes »

3wPlayer Threat Level:

3wPlayer may be a rogue media player that tells you it will play hot videos when it’ll really infect your computer with trojans and other malware. Some of the malware 3wPlayer installs on your PC may disable your anti-virus software. Get rid of 3wPlayer immediately, and save your computer by buying quality porn. DailyAppz.Play3w.com may be 3wPlayer’s official site.

Read more about 3wPlayer »

YahooSpyMon Threat Level:

YahooSpyMon is commercial spyware that may record your conversations on Yahoo! Messenger. Unless you want your wife to know what you did with your friends in Las Vegas, I suggest you remove YahooSpyMon immediately. And then break up with whoever installed YahooSpyMon onto your machine.

Read more about YahooSpyMon »

PC Pandora Threat Level:

PC Pandora is a commercial keylogger that may record every keystroke you make while being “invisible” to your main system by running as a low level system process. PC Pandora may take screenshots of your computer activity at preset intervals and track which programs you run, along with what websites you visit. As PC Pandora may record all your keystrokes as you type, your email and instant messenger conversations may be spied on. PC Pandora may save this information locally so it can be retrieved with a password, or PC Pandora may email this information to whoever installed PC Pandora. Though PC Pandora has to be manually installed, PC Pandora may be a severe violation of your security and privacy, putting your financial and personal data at risk. I suggest you uninstall PC Pandora and dump whoever put PC Pandora on your PC. PC Pandora.com

Read more about PC Pandora »

OnlineStability.com is a website that may be a browser hijacker spawned from Zlob.Trojan. When you’re infected with Zlob.Trojan, Zlob.Trojan may create false security alerts about your PC being in danger, and Zlob.Trojan may then redirect you and change your home page to www.OnlineStability.com. OnlineStability.com may promote rogue anti-spyware software, and may automatically download and install malware such as WinAntiVirus Pro 2006, ErrorSafe, SystemDoctor, and DriveCleaner. OnlineStability.com may also launch numerous popup ads to try to trick you into buying malware.

Read more about OnlineStability.com »

Blogger.com, a popular blogging software and system owned by Internet company Google, may play host to a number of phishing websites.
Some of these phishing sites may include a false pharmacy e-storefront, which may be having traffic driven to it through a mass mailing worm. There may also be numerous spam sites on Blogger.com, [...]

Read more about Blogger.com Prey for Phishing »