Poisoned Google Image Searches

| 15 comments


For last couple of weeks we received quite a bit of reports of images on Google leading to (usually) FakeAV web sites.


Google is doing a relatively good job removing (or at least marking) links leading to malware in normal searches, however, Google’s image search seem to be plagued with malicious links. So how do they do this?

The activities behind the scenes to poison Google’s image search are actually (and unfortunately) relatively simple. The steps in a typical campaign are very similar to those I described in two previous diaries (Down the RogueAV and Blackhat SEO rabbit hole – part 1 at http://isc.sans.edu/diary.html?storyid=9085 and part 2 at http://isc.sans.edu/diary.html?storyid=9103). This is what the attackers do:

Read More......

Remove Fake Tool Security WinXP/Vista/Win7


XP Home Security, Vista Home Security 2011, Win 7 Internet Security are new version of multi -named Rogue Anti-spyware from Braviax family is noticed in the wild. The rogues are named randomly, depending on Operating System, and have always OS version in the name.













Read More......

How to Remove fake MS Removal Tool


Review problem:
MS Removal Tool is a rogue security application that comes up with tons of infections and security threats to make you think that your computer is infected with malicious software. This scareware may report up to 30 infections on your computer which do not even exist. Besides, the scan is a little too fast to be real. It charges about $60 to remove the threats and even claims that your PC will be protected against other malware if you choose to purchase the full version of MS Removal Tool. Of course, you shouldn't pay for this rogue AV. By the way, do not confuse this fake application with the Microsoft Windows Malicious Software Removal Tool which is a perfectly legitimate tool. Cyber-criminals clearly want to gain some credibility with well known names here.



The bad news is that MS Removal Tool blocks malware removal tools and system utilities, Task Manager and other even changes your desktop wallpaper. If you click on any desktop icon you'll get a message that the program is infected and that you should run your anti-virus software.

What is more, it constantly displays fake security warnings saying that your computer is infected with viruses, Trojan horses, spyware and other maliclious software

warning message:





It may modify Windows Hosts file too. If your computer is being infected by the MS Removal Tool, please follow the removal instructions below. Please be advised, if you pay for this phony security software, you will subjected to monetary theft, or in a worst-case example, ID Theft. There is no guarantee that your credit card details aren't going to be sold to other third parties. Do not hesitate to contact us if you need further assistance or you have questions regarding removal of MS Removal Tool. Please leave a comment below. Good luck and be safe online!


----------------------------
Remove instruction
----------------------------
Manual In indonesia


1. restart / turn on your computer and enter to safe mode (F8 mostly). like pidture below:

you can choose safe mode or safe mode with networking, i success just with choose safe mode.

2. search folder and file below and delete:


For Windows XP users:

C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe
C:\Documents and Settings\All Users\Application Data\fHrPqDaZcCg02547\fHrPqDaZcCg02547.exe

For Windows Vista and Windows 7 users:

C:\ProgramData\[SET OF RANDOM CHARACTERS]\[SET OF RANDOM CHARACTERS].exe
C:\ProgramData\fHrPqDaZcCg02547\fHrPqDaZcCg02547.e xe

Registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce "[SET OF RANDOM CHARACTERS]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce "[on the folder registry]" delete such : fHrPqDaZcCg02547 with same value with file or folder that you have just delete on above step.

ON my problem, i solved with just delete folder adn file above.

3. for sure that nothind another virus / worm / trojan / malware infected your computer, download avira antivirus for personal, its free (I'm using this anvirus, so i can recommended), instal, update first, adn then scan your all drive (C: D: E: Flashdisk / External HDD / Removeable storage etc).

If done with no voice / message that sign virus / malware detected, you camputer is clean now. OK the problem solving is done . See you next with another problem solve.

Read More......

MKwingzero Fans Visitor