Virus-WebScanner.com Threat Level:

Virus-WebScanner.com is home to fake anti-spyware XP Antivirus Protection. Virus-WebScanner.com offers a free scan with XP Antivirus Protection.

What a deal.

Only if you download the trial, XP Antivirus Protection tells you you’re infected with spyware that doesn’t exist, and pops up fake security alerts to trick you into buying XP Antivirus Protection for $49.95-$79.95. This Virus-WebScanner.com popup reads:

“The page at http://www.Virus-WebScanner.com says:
ATTENTION! You have not completed the virus scan!
Your PC is still infected with spyware!
Please return to Virus-WebScanner.com and download XP antivirus scanner.”

Despite whatever Virus-WebScanner.com says, if you don’t remember how you got to Virus-WebScanner.com, the only spyware you’re infected with is XP Antivirus Protection. So just remove XP Antivirus Protection, before you throw your PC out the window.

Read more about Virus-WebScanner.com »

Gxvpsafm Toolbar Threat Level:

Gxvpsafm Toolbar is the latest toolbar by everyone’s favorite Trojan, Zlob. Gxvpsafm Toolbar was created to scare you into buying fake anti-spyware. To scam you, Gxvpsafm Toolbar pops up annoying ads, hijacks your home page, and hopes you’ll click Gxvpsafm Toolbar’s buttons for “Remove Popups, Scan Spyware, Security Test, and Spam Protection.”

Obviously, its impossible-to-pronounce name makes it clear — Gxvpsafm Toolbar isn’t exactly about pleasing its customers.

If you have Gxvpsafm Toolbar, your search results could be topped with this fake alert:

“Warning: possible spyware or adware infection! Click here to scan your computer for spyware and adware…”

Warning: the only thing you’re really infected with is Gxvpsafm Toolbar. Unless you like wasting money, don’t buy Gxvpsafm Toolbar or the products it’s pimping.

Read more about Gxvpsafm Toolbar »

SafeBrowseNow.com/xp/ Threat Level:

SafeBrowseNow.com/xp/ is the latest browser hijacker that changes your home page to SafeBrowseNow.com/xp/. Like its twin DoBrowseSecure.com/xp, SafeBrowseNow.com/xp/ promotes fake anti-spyware, like Ultimate Antivirus 2008 and Windows Antivirus 2008. SafeBrowseNow.com/xp/ runs its own fake security scan and popup, telling you you’re infected with W32.Myzor.FK@yf. This SafeBrowseNow.com/xp/ popup reads:

Warning! W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer.
Type: Virus
Infection Length: 138,293 bytes
Systems Affected: Windows 95, 98, ME, NT (all versions), 2003, Windows XP (all service packs)
Systems Not Affected: DOS, EPOC, Linux, Macintosh, Novell Netware, OS/2, UNIX
Technical details: Creates files in %Windir%\ directory. By default, this is C:\Windows.
Adds values to registry keys: HKEY_LOCAL_MNACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Scans the hard drive for .exe files and infects any executable files. Searches for passwords/information, which it may send to a remote attacker.
Recomendations: Click “OK” to download officially approved security software.
Always keep your patch levels up-to-date.

You’re not infected with W32.Myzor.FK@yf: you’re infected with SafeBrowseNow.com/xp/. And the only thing SafeBrowseNow.com/xp/ and its fake anti-spyware removes is money from your pockets.

So get rid of SafeBrowseNow.com/xp/.

Read more about SafeBrowseNow.com/xp/ »

SpywareScanner2008 Threat Level:

SpywareScanner2008 is just more fake anti-spyware. SpywareScanner2008 may have been installed by a Trojan. SpywareScanner2008 might launch fake system alert popups, reading “Warning! Your system might be a risk.” This SpywareScanner2008 popup is supposed to scare you into wanting to buy SpywareScanner2008.

Don’t waste your money — don’t download the software the SpywareScanner2008 popup recommends.

I’ll show you how to get rid of SpywareScanner2008 for free.

Or you could always toss your PC out the window.

Read more about SpywareScanner2008 »

AntiVirXP08 Threat Level:

AntiVirXP08 is more fake anti-spyware. Just a mutation of other scam software, AntiVirXP08 pulls all the same tricks. AntiVirXP08 probably installed itself onto your PC with a Trojan, then AntiVirXP08 launches fake system alert popups. This AntiVirXP08 popup is supposed to scare you into buying AntiVirXP08.

Don’t waste your money — don’t download the software the AntiVirXP08 popup recommends.

I’ll show you how to get rid of AntiVirXP08 for free.

Or you can always throw your computer out the window.

Read more about AntiVirXP08 »

Repair Registry Pro Threat Level:

Repair Registry Pro is more fake registry repair software.

You might have caught Repair Registry Pro from a Trojan. How do you know if you have Repair Registry Pro? More like how don’t you know: fake registry scans and a million Repair Registry Pro popups try to trick you into visiting www.RepairRegistryPro.com to buy the “licensed” version of Repair Registry Pro.

Repair Registry Pro? More like Destroy Registry Pro.

Send some hate email to support@RepairRegistryPro.com.

Read more about Repair Registry Pro »

Spyware.CreditCarder.y Threat Level:

Spyware.CreditCarder.y is a “threat” that appears on the websites and security scans of fake antispyware XP Antivirus Protection, AKA XP Antivirus 2008.

And why is Spyware.CreditCarder.y dangerous? Only because Spyware.CreditCarder.y might scare you into wasting $49.95 on XP Antivirus.

Unless you like getting ripped off, don’t download the software the Spyware.CreditCarder.y popup links to. You’re not really infected with Spyware.CreditCarder.y — you’re infected with scamware that you need to remove.

I’ll show you how to get rid of Spyware.CreditCarder.y and XP Antivirus 2008, for free.

Read more about Spyware.CreditCarder.y »

Trojan Virantix Threat Level:

Trojan Virantix is a Trojan that disables your anti-virus software and infect your computer with more malware and spyware, usually by downloading a file from FreeRealityMpegs.com. Trojan Virantix will create a mutex — {393921-e939391-3919139-3d3a738-11} — to make sure it’s always running on your computer. Trojan Virantix may try to scare you into downloading rogue antispyware WinAntivirus with fake security alerts. This Trojan Virantix popup reads:

“Windows Security Alert
Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unathorised access to your files! Click here to download spyware remover …
Your computer is infected!”

or

“Your computer is infected!
Windows has detected spyware infection
It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!”

Trojan Virantix then tries to connect to www.softcashier.com/members/link_____ to download fake antispyware.

Unless identity theft and popups sound like a fun weekend to you, remove Trojan Virantix.

Read more about Trojan Virantix »

PC Police Gold Threat Level:

PC Police Gold is a commercial keylogger that captures copies of your emails, chats, instant messages, and keystrokes typed. PC Police Gold may have been installed for legitimate purposes — i.e., monitoring children’s Internet safety — but PC Police Gold may be catching your username and passwords for accounts, tracking your online conversations, watching which websites you visit, what files you download from peer-to-peer applications, seeing what applications you launch, and more. PC Police Gold may be a severe violation of your security and privacy, putting your financial and personal data at risk.

I suggest removing PC Police Gold immediately, and dumping whoever installed PC Police Gold onto your PC.

Read more about PC Police Gold »

aJust got this nice email today:

  From:  notice@irs.gov
  Subject:  Refund ID:  WBEKTQQLMY
  Date:  February 11, 2008 7:43:10 AM EST
  To:  undisclosed-recipients: ;
  Reply-To:  notice@irs.gov

After the last annual fiscal activity we have determined that you are eligible to receive a tax refund. Please submit the tax refund request and allow us 6-9 days in order to process it.

To access the form for our tax refund calulator [SIC], please copy/paste in your browser the link bellow:

http://www.hashita.co.il/index.htm

Even if this wasn’t an obvious phishing email — see the “undisclosed recipients,” catch that typo, note the link to a non-IRS page? — you should never click on one of these emails and give out your personal information.

If you really think you’ve received a real IRS email about a tax refund — hope is a four-letter word — type in the IRS’s official URL, find their phone number, and call them to check.

Read more about Fake Tax Refund »