Friday, August 27, 2010

AntiSpy Safeguard

AntiSpy Safeguard is in the FakeRean family of rogue security products. VIPRE detects it as Trojan.Win32.Generic.pak!cobra. Like all rogues, it does a fake scan of your computer then tells you it has found malicious code.

(click to enlarge graphic)

It requires you to pay for the fake software before it “cleans” your machine of the fictitious infections.

(click to enlarge graphic)

One way (there may be others) that AntiSpy Safeguard is delivered is through a phony “Microsoft Security Essentials Alert” which is displayed by a Trojan.

Basically, it mimics the idea of VirusTotal, ( ) a site which enables you to see how 40 legitimate security companies identify a sample of malicious code that you submit.

The downloader copies itself into multiple folders under different names. After five to 15 minutes it generates a fake alert pop-up window:

(click to enlarge graphic)

If you click ANY of the four buttons on the scary “Potential threat details” screen, it takes you to a web site that shows you how different anti-malware products allegedly identify the malware that is (not really) on your computer. It includes a long list of legitimate ones, which, oddly enough find no infection on your machine.

However, the display shows that some of them -- all of which are rogues -- have identified malicious files. They have a “free install” button listed next to their names. Clicking on the buttons installs the rogues. (AntiSpy Safeguard is lower on list and not shown).

(click to enlarge graphic)

To Remove AntiSpy Safeguard:

If AntiSpy Safeguard has infected your PC, you should remove it immediately. Click here to use VIPRE to remove AntiSpy Safeguard from your computer now.

No comments:

Post a Comment